CSE597A/Fall 2008 - Course Calendar

Below is the calendar for this semester course. This is the preliminary schedule, which may need to be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Date Topic Assignments Due Readings (read before class) Slides
8/25/08 Introduction lecture 1
8/29/08 OS Security Enforcement

Operating Systems Security - Ch 1 and 2 (see ANGEL Lessons)

lecture 2
9/1/08 No class (Labor Day)
9/5/08 Program Security Enforcement

Effective Blame for Information-Flow Violations. David H. King (Penn State), Trent Jaeger (Penn State), Somesh Jha (University of Wisconsin), and Sanjit A. Seshia (UC Berkeley), in Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2008.

Dave King

9/8/08 Enforcement in Practice

Operating Systems Security - Ch 3 and 4 (see ANGEL Lessons)

lecture 3
9/12/08 Security Goals

Operating Systems Security - Ch 5 (see ANGEL Lessons)

Also, read: Toward Automated Information-Flow Integrity Verification for Security-Critical Applications. Umesh Shankar (UC Berkeley), Trent Jaeger (IBM Research), and Reiner Sailer (IBM Research). in Proceedings of the 2006 ISOC Network and Distributed Systems Symposium, 2006.

lecture 4
9/15/08 Security Challenge: Inputs Prof. Jaeger

Bouncer: Securing Software by Blocking Bad Input. Manuel Costa (Microsoft Research), Miguel Castro (Microsoft Research), Lidong Zhou (Microsoft Research), Lintao Zhang (Microsoft Research), and Marcus Peinado (Microsoft), in Proceedings of the 21st Symposium on Operating Systems Principles, 2007.

lecture 5
9/19/08 Security Challenge: Runtime Sandra Rueda

Decoupling dynamic program analysis from execution in virtual environments. Jim Chow (VMware), Tal Garfinkel (VMware), and Peter M. Chen (University of Michigan), in Proceedings of the 2008 USENIX Annual Technical Conference, 2008.

Sandra
9/22/08 Security Challenge: Configuration Divya Muthukumaran

Configuration Debugging as Search: Finding the Needle in the Haystack. Andrew Whitaker, Richard S. Cox, and Steven D. Gribble (University of Washington), in Proceedings of the 6th Symposium on Operating Systems Design and Implementation, 2004.

Divya
9/26/08 Security Challenge: Confinement Ashwin Chaugule

Vx32: Lightweight User-level Sandboxing on the x86. Bryan Ford and Russ Cox (MIT), in Proceedings of the 2008 USENIX Annual Technical Conference, 2008.

Ashwin
9/29/08 MAC OS Systems

Operating Systems Security - Ch 6 and 9 (see ANGEL Lessons)

lecture 6
10/3/08 MAC OS Systems - SELinux Dhivarkar Mani

Information Flow Control For Standard OS Abstractions. Maxwell Krohn (MIT), Alexander Yip (MIT), Micah Brodsky (MIT), Natan Cliffer (MIT), M. Frans Kaashoek (MIT), Eddie Kohler (UCLA), and Robert Morris (MIT), in Proceedings of the 21st Symposium on Operating Systems Principles, 2007.

Also, read: Labels and Event Processes in the Asbestos Operating System. Steve Vandebogart, Petros Efstathopoulos, and Eddie Kohler (UCLA), Maxwell Krohn, Cliff Frey, David Ziegler, Frans Kaashoek, and Robert Morris (MIT), and David Mazieres (Stanford). in ACM Transactions on Computer Systems, 25(4):11:1-43, December 2007.

Mani
10/6/08 OS and Program Hayawardh Vijayakumar

Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable. Richard Ta-Min, Lionel Litty, and David Lie (University of Toronto), in Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 2006.

Haya
10/10/08 Program Security - Variants Stephen McLaughlin

N-Variant Systems: Secretless Framework for Security through Diversity. Benjamin Cox, David Evans, Adrian Filipi, Jonathan Rowanhill, Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser (University of Virginia), in Proceedings of the 16th USENIX Security Symposium, August 2006.

Steve
10/13/08 Program Security - Fault Isolation Ashwin Chaugule

XFI: Software Guards for System Address Spaces. Ulfar Erlingsson (MSR), Martin Abadi (MSR, UC Santa Cruz), Michael Vrable (UCSD), Mihai Budiu (MSR), and George Necula (UC Berkeley), in Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 2006.

10/17/08 Program Security - Specifications Stephen McLaughlin

From Uncertainty to Belief: Inferring the Specification Within. Ted Kremenek (Stanford), Paul Twohey (Stanford), Godmar Back (Virginia Tech), Andrew Ng (Stanford), Dawson Engler (Stanford), in Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 2006.

Steve
10/20/08 Program Security - More Malware Actions Dhivarkar Mani

Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis. Heng Yin (CMU), Dawn Song (CMU and UC Berkeley), Manuel Egele (TU Vienna), Christopher Kruegel (TU Vienna), and Engin Kirda (TU Vienna), in Proceedings of the 15th ACM Conference on Computer and Communications Security, October 2007.

10/24/08 Web Systems Divya Muthukumaran

An Analysis of Browser Domain-Isolation Bugs and A Light-Weight Transparent Defense Mechanism. Shuo Chen, David Ross, and Yi-Min Wang (MSR), in Proceedings of the 15th ACM Conference on Computer and Communications Security, October 2007.

10/24/08 Mid-term Project Writeup Due 5PM EST, Fr Oct 24
10/27/08 Web Systems - Privilege Separation Guruprasad Jakka

Secure web browsing with the OP web browser. Chris Grier, Shuo Tang, and Samuel T. King (UIUC), in Proceedings of the 2008 IEEE Symposium on Security and Privacy, 2008.

10/31/08 Web Security: Containment

Spectator: Detection and Containment of JavaScript Worms. Benjamin Livshits and Weidong Cui (MSR), in Proceedings of the 2008 USENIX Annual Technical Conference, 2008.

11/3/08 VM Malware Tom Moyer

SubVirt: Implementing malware with virtual machines. Samuel T. King (UIUC), Peter M. Chen (University of Michigan), Yi-Min Wang (MSR), Chad Verbowski (MSR), Helen J. Wang (MSR), Jacob R. Lorch (MSR), in Proceedings of the 2006 IEEE Symposium on Security and Privacy, 2006.

Also read: When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments. Tal Garfinkel and Mendel Rosenblum (Stanford and VMware), in Proceedings of the 10th Workshop on Hot Topics in Operating Systems, 2005.

11/7/08 Virtual Machines

Operating Systems Security - Ch 11 (see ANGEL Lessons)

lecture 7
11/10/08 VM Systems Josh Schiffman

Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems. Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger (VMware), Dan Boneh (Stanford), Jeffrey Dwoskin (Princeton), and Dan R.K. Ports (MIT), in Proceedings of the 2008 Conference on Architectural Support for Programming Languages and Operating Systems, 2008.

11/14/08 VM Systems Hayawardh Vijayakumar

Remus: High Availability via Asynchronous Virtual Machine Replication. Brendan Cully, Geoffrey Lefebvre, Dutch Meyer, Mike Feeley, Norm Hutchinson, and Andrew Warfield (University of British Columbia) in Proceedings of the 6th Symposium on Networked Systems Design and Implementation, 2008.

11/17/08 Trustworthy Computing Josh Schiffman
Project Proposal Due

How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution. Jonathan M. McCune (CMU), Bryan Parno (CMU), Adrian Perrig (CMU), Michael K. Reiter (UNC), and Arvind Seshadri (CMU), in Proceedings of the 2008 Conference on Architectural Support for Programming Languages and Operating Systems, 2008.

11/21/08 Trustworthy Computing Tom Moyer

Bootstrapping Trust in a "Trusted" Platform. Bryan Parno (CMU). in Proceedings of the 3rd Workshop on Hot Topics in Security, 2008.

lecture 8
11/24/08 No class (Thanksgiving holiday)
11/28/08 No class (Thanksgiving holiday)
12/1/08 Distributed Systems Prof. Jaeger

PeerReview: Practical Accountability for Distributed Systems. Andreas Haeberlen, Petr Kouznetsov, and Peter Druschel (Rice University and Max Planck Institute for Software Systems), in Proceedings of the 21st Symposium on Operating Systems Principles, 2007.

Also read, Dynamo: Amazon's Highly Available Key-value Store. Giuseppe DeCandia, Deniz Hastorun, Madan Jampani, Gunavardhan Kakulapati, Avinash Lakshman, Alex Pilchin, Swaminathan Sivasubramanian, Peter Vosshall and Werner Vogels (Amazon.com), in Proceedings of the 21st Symposium on Operating Systems Principles, 2007.

lecture 9
12/5/08 Distributed Systems Sandra Rueda Most Inspirational Papers Due

Securing Distributed Systems with Information Flow Control. Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazieres (Stanford), in Proceedings of the 6th Symposium on Networked Systems Design and Implementation, 2008.

12/8/08 Distributed Storage Guruprasad Jakka

Bigtable: A Distributed Storage System for Structured Data. Fay Chang, Jeffrey Dean, Sanjay Ghemawat, Wilson C. Hsieh, Deborah A. Wallach Mike Burrows, Tushar Chandra, Andrew Fikes, and Robert E. Gruber (Google), in Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 2006.

12/12/08 Distributed Storage

SafeStore: A Durable and Practical Storage System. Ramakrishna Kotla, Lorenzo Alvisi, and Mike Dahlin (UT Austin), in Proceedings of the 2007 USENIX Annual Technical Conference, 2007.

12/17/08 Project Writeup Due 5PM EST, W Dec 17 (No exceptions)

CSE597A - Fall 2008

Last modified: Wed Aug 15 17:59:01 EST 2008