15829/18839 Reading List
Part I: Networking Security
- Sep 9: optional reading:
Secure
Border Gateway Protocol (Secure-BGP), by Secure Border Gateway
Protocol (Secure-BGP)
- Sep 11:
Detection of Invalid
Routing Announcement in the Internet , by Xiaoliang Zhao, Dan Pei,
Lan Wang, Dan Massey, Allison Mankin, S. Felix Wu, Lixia Zhang
Topology-based detection
of anomalous BGP messages, by C. Kruegel, D. Mutz, W. Robertson, F.
Valeur.
- Sep 16:
The
DoS project's trinoo distributed denial of service attack tool,
by David Dittrich
Analyzing
Distributed Denial of Service Tools: The Shaft Case, by
Sven Dietrich, Neil Long, David Dittrich.
Inferring
Internet Denial-of-Service Activity, by David Moore,
Geoffrey M. Voelker and Stefan Savage.
- Sep 18:
Attacking
DDoS at the Source, by J. Mirkovic, G. Prier and P.
Reiher.
Pi: A Path Identification Mechanism to Defend
against DDoS Attacks, by Avi Yaar, Adrian Perrig, and Dawn Song.
Flash Crowds and Denial of
Service Attacks: Characterization and Implications for CDNs and Web
Sites,
Jaeyeon Jung, Balachander Krishnamurthy, and Michael Rabinovich.
- Sep 23:
Low-Rate
TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice
and Elephants), by Aleksandar Kuzmanovic and Edward W. Knightly.
A
Framework for Classifying Denial of Service Attacks, by Alefiya
Hussain, John Heidemann, and Christos Papadopoulos.
- Sep 25:
Bro: A System
for Detecting Network Intruders in Real-Time, by Vern Paxson.
A Signal
Analysis of Network Traffic Anomalies, by Barford, Paul; Kline,
Jeffery; Plonka, David; Ron, Amos.
- Sep 30:
How
to 0wn the Internet in Your Spare Time, by Stuart Staniford, Vern
Paxson, Nicholas Weaver.
Optional: Modeling
the Spread of Active Worms, by Zesheng Chen, Lixin Gao, Kevin
Kwiat.
- Oct 2:
Optional: Locality , by John
McHugh
Optional: Statistical Approaches to
DDoS Attack Defense and Response
Part II: Secure OS
- Oct 7:
The Flask Security
Architecture: System Support for Diverse Security Policies
The Inevitability of Failure: The
Flawed Assumption of Security in Modern Computing Environments
- Oct 9:
Virtural Machine Monitor
- Oct 14:
Setuid
Demystified
Preventing
Privilege Escalation
- Oct 16:
Efficient
Software-Based Fault Isolation
A
Flexible Containment Mechanism for Executing Untrusted Code
- Oct 21: Midterm
Part III: Secure Coding
- Oct 23:
Optional: High
Coverage Detection of Input-Related Security Faults, by
Eric Larson and Todd Austin.
A
First Step Towards Automated Detection of Buffer Overrun
Vulnerabilities
- Oct 28:
Detecting
Format String Vulnerabilities With Type Qualifiers, by Shankar,
Talwar, Foster, Wagner
Using CQUAL
for Static Analysis of Authorization Hook Placement
- Oct 30:
Proof
Carrying Code, by George Necula and Peter Lee.
Model-Carrying
Code: A Practical Approach for Safe Execution of Untrusted Applications,
R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar and Dan
DuVarney
- Nov 4: out of town, Guest Lecturer (Lujo Bauer)
Enforceable
security policies, Fred B. Schneider
SASI
Enforcement of Security Policies: A Retrospective, Erlingsson and
Schneider
- Nov 6: out of town, Guest Lecturer (Chris Long)
Why Johnny Can't Encrypt: A Usability
Evaluation of PGP, Whitten and Tygar
Trusted Paths for Browsers, Ye and Smith
- Nov 11:
Bugs as Deviant Behavior: A General Approach to Inferring Errors in
Systems Code (postscript)
(PDF)
,
Dawson Engler, David Yu Chen, Seth Hallem, Andy Chou, and Benjamin Chelf
Checking System Rules Using System-Specific, Programmer-Written
Compiler Extensions (postscript) (PDF) ,
Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem
Optional: MOPS:
An Infrastructure for Examining Security Properties of Software, by
Hao Chen and David Wagner
Part IV: Java Security and Other Topics
- Nov 13:
Extensible
security architectures for Java, Wallach, Balfanz, Dean, Felten [html,
pdf]
Using
Memory Errors to Attack a Virtual Machine, by A. Appel and S.
Govindavajhala
- Nov 18: Guest Lecturer (Leendert Van Doorn)
Building
the IBM 4758 Secure Coprocessor, Dyer, Lindemann, Perez, Sailer,
van Doorn, Smith, Weingart
Outbound Authentication for Programmable
Secure Coprocessors, Smith
- Nov 20: Guest Lecturer (Leendert Van Doorn)
Power Analysis Attacks on Modular
Exponentiation in Smartcards, Messerges, Dabbish, Sloan
The EM Side-Channel(s): Attacks and
Assessment Methodologies, Agrawal, Archambeault, Rao
- Nov 25:
Remote timing attacks are practical , by Dan Boneh and David Brumley
Optional: Timing Analysis of Keystrokes and SSH Timing Attacks, by Dawn Song, David Wagner, and Xuqing Tian.
- Nov 27: Thanksgiving!
Last modified: Wed Oct 1
14:25:32 EDT 2003