18732 Reading List
- Jan 19: Martin Luther King day, no class!
- Jan 21:
The Stack For Fun And Profit, Aleph One.
Attacks and Defenses for the Vulnerability of the Decade, Crispin
Cowan, et al.
- Jan 26:
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities,
by David Wagner and Drew Dean
Buffer Overrun Detection using Linear Programming and Static Analysis,
by Vinod Ganapathy, Somesh Jha, David Chandler, David Melski and David Vitek.
Detection of Input-Related Security Faults, by Eric Larson and Todd
- Jan 28:
Format String Vulnerabilities, team teso.
Format String Vulnerabilities With Type Qualifiers, by Shankar, Talwar,
- Feb 2:
Automated Generation and Analysis of Attack Graphs, Oleg Sheyner, Somesh
Jha, and Jeannette M. Wing,
- Feb 4:
An Infrastructure for Examining Security Properties of Software, by
Hao Chen and David Wagner
Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems
Code, by Dawson Engler, David Yu Chen, Seth Hallem,
Andy Chou, and Benjamin Chelf
Checking System Rules Using System-Specific,
Programmer-Written Compiler Extensions, by Dawson
Engler, Benjamin Chelf, Andy Chou, and Seth Hallem
- Feb 9:
Code, by George Necula and Peter Lee.
Extended Static Checking for Java, by Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata.
- Feb 11:
Robustness Testing of the Microsoft Win32 API
Software -- No More Excuses
Fault injection techniques and
tools, by M-C. Hsueh et al.
- Feb 16: President's day, no class!
- Feb 18:
Retrofitting of Legacy Code. George C. Necula, Scott McPeak, Westley
CCured in the
Real World. Condit et. al.
- Feb 23:
bounds checking for arrays and pointers in C programs, by
R. Jones and P. Kelly.
A Practical Dynamic Buffer Overflow Detector, by
O. Ruwase and M. Lam.
- Feb 25: Guest Lecture (Chris Long)
Why Johnny Can't Encrypt: A Usability
Evaluation of PGP, Whitten and Tygar
Trusted Paths for Browsers, Ye and Smith
- March 1:
Software Security Checklist for the Software Life Cycle, by D. Gilliam, T. Wolfe, J. Sherif, and M. Bishop.
from HotJava to Netscape, Dean, Felten, Wallach [pdf]
- March 3: prepare tool demo, no class (out of town)
- March 8: Spring break, no class!
- March 10: Spring break, no class!
- March 15: Tool Demo
- March 17: midterm (in class, closed book)
Part II: Secure OS
- March 22:
protection of information in computer systems, Saltzer and Schroeder.
(Skip, or skim, Section II.)
- March 24:
note on the confinement problem, Lampson.
Software-Based Fault Isolation
- March 29:
environment for untrusted helper applications: confining the wily
hacker, Ian Goldberg, David Wagner, et al.
Efficient Context-Sensitive Intrusion Detection, by J.T. Giffin, S. Jha, and B.P. Miller.
Code: A Practical Approach for Safe Execution of Untrusted Applications,by
R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar and Dan DuVarney
- March 31: Guest Lecture (Sagar Chaki)
Modular Verification of Software Components in C by Sagar Chaki et al.
Automatically Validating Temporal Safety Properties of Interfaces by Thomas Ball and Sriram Rajamani
- Apr 5:
Containment Mechanism for Executing Untrusted Code
- Apr 7:
for Race Conditions in File Accesses, by M. Bishop and M. Dilger.
Kernel Protection From Temporary File Race Vulnerabilities, by
Crispin Cowan et. al.
Detection and Prevention of Race Conditions in File Accesses, by
Eugene Tsyrklevich and Bennet Yee
- Apr 12:
security policies, Fred B. Schneider
of Security Policies: A Retrospective, Erlingsson and Schneider
- Apr 14: Scenario Graphs and Attack Graphs (NSH 3305, 10am,
- Apr 19:
Terra: A Virtual-Machine Based
Platform for Trusted Computing, by
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, Dan Boneh
Xen and the Art of Virtualization ,
by Paul Barham et al.
- Apr 21:
Computer Virus-Antivirus Coevolution
Static Analysis of Executables to Detect Malicious Patterns, by M. Christodorescu and S. Jha.
- Apr 26:
Collberg, Thomborson, Software Watermarking: Models and Dynamic Embeddings
- Apr 28: Project presentation & Demo (II)