ComS 610-HR: Seminar on Static and Dynamic Verification Techniques

Security Properties of Software Systems

Schedule

Discussion 1: Aug 25 and Sep 1

Burrows, Abadi and Needham, "A Logic of Authentication", In ACM Transactions on Computer Systems 8, 1 (February 1990), 18-36. Link

Discussion Leaders: Nalin and NarasimhaRao

Discussion 3: Sept 8

Schneider, "Enforceable Security Policies", In ACM Transactions on Information and Systems Security, February 2000, 30-50. Link

Discussion Leaders: Youssef and Bhuvaneswari

Discussion 2: Sept 15

Lowe, G. and Roscoe, B. 1997. Using CSP to Detect Errors in the TMN Protocol. IEEE Trans. Softw. Eng. 23, 10 (Oct. 1997), 659-669. Link

Discussion Leaders: Rakesh and Mahantesh

Discussion 4: Sept 22

Chen and Wagner, "MOPS: an Infrastructure for Examining Security Properties of Software", CCS'02, November 2002. Link

Discussion Leaders: Josh and Jinsook

Discussion 5: Sept 29

Class cancelled.

Discussion 6: Oct 6

Ganapathy, V., Seshia, S. A., Jha, S., Reps, T. W., and Bryant, R. E. 2005. Automatic discovery of API-level exploits. In Proceedings of the 27th international Conference on Software Engineering (St. Louis, MO, USA, May 15 - 21, 2005). ICSE '05. ACM Press, New York, NY, 312-321. Link

Discussion Leaders: Rob and Fang

Discussion 7: Oct 13

Zhang, T., Zhuang, X., and Pande, S. 2005. Building Intrusion-Tolerant Secure Software. In Proceedings of the international Symposium on Code Generation and Optimization (March 20 - 23, 2005). Code Generation and Optimization. IEEE Computer Society, Washington, DC, 255-266. Link

Discussion Leaders: Harish and Ankur

Discussion 8: Oct 20

Christodorescu, M., Jha, S., Seshia, S. A., Song, D., and Bryant, R. E. 2005. Semantics-Aware Malware Detection. In Proceedings of the 2005 IEEE Symposium on Security and Privacy (May 08 - 11, 2005). SP. IEEE Computer Society, Washington, DC, 32-46. Link

Discussion Leader: Neeraj and Lexin

Discussion 9: Oct 27

Christodorescu, M. and Jha, S. 2004. Testing malware detectors. In Proceedings of the 2004 ACM SIGSOFT international Symposium on Software Testing and Analysis (Boston, Massachusetts, USA, July 11 - 14, 2004). ISSTA '04. ACM Press, New York, NY, 34-44. Link

Discussion Leader: Nalin and Rakesh

Discussion 10: Nov 3

R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Usenix Security, 2004. Link

Discussion Leader: Hridesh and Mahantesh

Discussion 11: Nov 10

Wagner, D. and Dean, D. 2001. Intrusion Detection via Static Analysis. In Proceedings of the 2001 IEEE Symposium on Security and Privacy (May 14 - 16, 2001). SP. IEEE Computer Society, Washington, DC, 156. Link

Discussion Leader: Ankur and Fang

Discussion 12: Nov 17

Leroy, X. 2001. Java Bytecode Verification: An Overview. In Proceedings of the 13th international Conference on Computer Aided Verification (July 18 - 22, 2001). G. Berry, H. Comon, and A. Finkel, Eds. Lecture Notes In Computer Science, vol. 2102. Springer-Verlag, London, 265-285. Link

Discussion Leader: Rob and NarasimhaRao

Discussion 13: Dec 1

Catherine Meadows. Formal methods for cryptographic protocol analysis: emerging issues and trends. IEEE Journal on Selected Areas in Communications, 21(1):44--54, January 2003. Link

Discussion Leader: Youssef and Jinsook

Discussion 14: Dec 8

Yang, J., Sar, C., Twohey, P., Cadar, C., and Engler, D. 2006. Automatically Generating Malicious Disks using Symbolic Execution. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06) - Volume 00 (May 21 - 24, 2006). SP. IEEE Computer Society, Washington, DC, 243-257. Link

Discussion Leader: Josh and Harish

Survey Papers Due: Dec 11

Buffer Papers

M. Christodorescu and S. Jha. Static Analysis of Executables to Detect Malicious Patterns. In Proceedings of the 12th USENIX Security Symposium, pages 169--186, August 2003. Link

Discussion Leader: TBD

Barth, A., Datta, A., Mitchell, J. C., and Nissenbaum, H. 2006. Privacy and Contextual Integrity: Framework and Applications. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06) - Volume 00 (May 21 - 24, 2006). SP. IEEE Computer Society, Washington, DC, 184-198. Link

Discussion Leader: TBD