Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Readings for Discussion
(do readings before class)
01/08/13 Introduction
Course syllabus. link
01/10/13 Vulnerability Review
Common Vulnerabilities and Exposures link
Common Weakness Enumeration link
Common Weakness Enumeration (Pathname Traversal) link
The Risks Digest link
Security Focus: BugTraq link
01/15/13 System Security Goals
Operating Systems Security - Ch 1 link
Chapter 2: Why Systems Are Not Secure? Morrie Gasser, in Building a Secure Computer System, 1988. link
01/17/13 System Security Principles
VM Install link
Operating Systems Security - Ch 2 link
Computer Security Archives Project. Matt Bishop. link
Protection. Butler Lampson, Proc. 5th Princeton Conf. on Information Sciences and Systems, 1971. link
Reference Monitor Concept. Trent Jaeger, Encyclopedia of Cryptography and Security, 2010. link
01/22/13 Multics
Operating Systems Security, Chapter 3 link
Introduction and Overview of the Multics System. F. J. Corbato and V. A. Vyssotsky, in Proceedings of the Fall Joint Computer Conference, 1965. link
01/24/13 Multics Analysis
Multics Security Evaluation: Vulnerability Analysis. Paul A. Karger and Roger R. Schell, Tech report ESD-TR-74-193, Hanscom AFB. link
Final Report of the Multics Kernel Design Project. Part I, pgs 1-13 Tech Report MIT/LCS/TR-196, Michael Schroeder, David Clark, Jerome Saltzer, D. Wells, MIT, 1977. link
01/29/13 Ordinary Operating Systems
Safe-Open Project link
Operating Systems Security, Chapter 4 link
The inevitability of failure: The flawed assumption of computer security in modern computing environments. P. Loscocco, S. Smalley, P. Muckelbauer, R. Taylor, J. Turner, and J. Farrell. In Proceedings of the 21st National Information Systems Security Conference, October 1998. link
01/31/13 Ordinary Fixes
Defeating Solar Designers Non-executable Stack Patch link
StackGuard: Automatic Adaptive Detection and Prevention of Buffer Overflow Attacks. Crispin Cowan et al., in Proceedings of the 7th USENIX Security Symposium, 1998. link
02/05/13 Secrecy
Operating Systems Security, Chapter 5 link
Lattice-Based Access Control Models. Ravi S. Sandhu, IEEE Computer, 1993. link
A Note on the Confinement Problem. Butler Lampson, Communications of the ACM 16(10), 613-615, Oct. 1973. link
02/07/13 Integrity
A Comparison of Commercial and Military Computer Security Policies. David D. Clark and David R. Wilson. In Proceedings of the 1987 IEEE Symposium on Security and Privacy, 1987. link
02/12/13 Security Kernels
Operating Systems Security, Chapter 5 link
Scomp: A Solution to the Multilevel Security Problem. Lester J. Fraim in IEEE Computer, 1983. link
02/14/13 Security Kernels
Fault Isolation for Device Drivers. Jorrit N. Herder, Herbert Bos, Ben Gras, Philip Homburg, and Andrew S. Tanenbaum, in Proceedings of the 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'09), pgs. 33-42, July 2009. link
seL4: Formal Verification of an OS Kernel. G. Klein et al., in Proceedings of the 22nd ACM Symposium on Operating Systems Principles, 2009. link
02/19/13 Retrofit Commercial
Operating Systems Security, Chapter 7 link
Providing Policy Control Over Object Operations in a Mach Based System, Spencer E. Minear. In Proceedings of the Fifth USENIX UNIX Security Symposium, 1995. link
02/21/13 Linux Security Modules
Runtime verification of authorization hook placement for the Linux Security Modules framework. Antony Edwards, Trent Jaeger, and Xiaolan Zhang. In Proceedings of the 9th ACM Conference on Computer and Communications Security, pages 225-234, 2002. link
02/26/13 SELinux
(Slides) (Slides) (Slides)
Operating Systems Security, Chapter 8 link
Integrating Flexible Support for Security Policies into the Linux Operating System, Peter Loscocco and Stephen Smalley. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, 2001. link
02/28/13 SELinux
Analyzing Integrity Protection in the SELinux Example Policy. Trent Jaeger, Xiaolan Zhang, and Reiner Sailer, in Proceedings of the 12th USENIX Security Symposium, 2003. link
Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems Hong Chen, Ninghui Li and Ziqing Mao In Proceedings of the Network and Distributed System Security Symposium, February 2009. link
03/05/13 Spring Break - No class
03/07/13 Spring Break - No class
03/12/13 Capability Systems
Operating System Structures to Support Security and Reliable Software. T. Linden. National Bureau of Standards Technical Note 19. 1976. Sections 1-7. link
03/14/13 Capability Systems
Operating Systems Security, Chapter 10 link
A Secure Identity-Based Capability System. Li Gong, 1989 IEEE Symposium Security and Privacy, May 1989. link
03/19/13 Virtual Machine Systems
Operating Systems Security, Chapter 11 link
03/21/13 Virtual Machine Systems
Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems. Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger (VMware), Dan Boneh (Stanford), Jeffrey Dwoskin (Princeton), and Dan R.K. Ports (MIT), in Proceedings of the 2008 Conference on Architectural Support for Programming Languages and Operating Systems, 2008. link
Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable. Richard Ta-Min, Lionel Litty and David Lie, in Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2006). Pages 279-292. November 2006. link
03/26/13 Program Security
(Slides) (Slides)
Take-home Midterm link
Control-flow Integrity. Martin Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti, in Proceedings of the 12th ACM Conference on Computer and Communications Security, 2005. link
Securing software by enforcing data-flow integrity. Miguel Castro, Manuel Costa, and Tim Harris, in Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 2006. link
03/28/13 Program Info Flow
A Decentralized Model for Information Flow Control. Andrew Myers and Barbara Liskov, in Proceedings of the 16th ACM Symposium on Operating Systems Principles, 1997. link
04/02/13 Practical Integrity
(Slides) (Slides)
Usable Mandatory Integrity Protection for Operating Systems. Ninghui Li, Ziqing Mao, and Hong Chen, in Proceedings of the 2007 IEEE Symposium on Security and Privacy, 2007. link
Toward Automated Information-Flow Integrity Verification for Security-Critical Applications. Umesh Shankar, Trent Jaeger, and Reiner Sailer, in Proceedings of the Symposium on Network and Distributed Systems Security, 2006. link
04/04/13 System Information Flow
Information flow control for standard OS abstractions. Maxwell Krohn et al, in Proceedings of the ACM Symposium on Operating Systems Principles, 2007. link
04/09/13 Symbolic Execution
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems. Cristian Cadar, Daniel Dunbar, Dawson Engler, in Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, 2008. link
S2E: A Platform for In-Vivo Multi-Path Analysis of Software Systems. Vitaly Chipounov, Volodymyr Kuznetsov, George Candea. 16th Intl. Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), March 2011. link
04/11/13 Exploit Generation
AEG: Automatic Exploit Generation. Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao and David Brumley, in Proceedings of the 2011 Network and Distributed System Security Symposium, Feb. 2011. link
04/16/13 Trusted Computing
Outbound Authentication for Programmable Secure Coprocessors. Sean W. Smith, International Journal on Information Security, May 2004. link
Flicker: An Execution Infrastructure for TCB Minimization. McCune, Jonathan M., Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki, in Proceedings of the ACM European Conference on Computer Systems (EuroSys'08), 2008. link
04/18/13 Putting It Together
(Slides) (Slides) (Slides)
Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services. Nuno Santos, Rodrigo Rodrigues, Krishna P. Gummadi, Stefan Saroiu, in Proceedings of the 21st USENIX Security Symposium, 2012. link
Unicorn: Two-Factor Attestation for Data Security. Mohammad Mannan, Beom Heyn Kim, Afshar Ganjali and David Lie, in Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011). Pages 17-28. October 2011. link
04/23/13 Putting It Together
Leveraging 'Choice' in Authorization Hook Placement. Divya Muthukumaran, Trent Jaeger, and Vinod Ganapathy. In 19th ACM Conference on Computer and Commumications Security, 2012. link
DIFC Programs by Automatic Instrumentation. William R. Harris, Somesh Jha, and Thomas Reps, in Computer and Communications Security (CCS), 2010. link
04/25/13 Wrapup
05/01/13 Final Exam, 223B, W 4/1/2013, 2:30pm-4:30pm
05/03/13 Final Projects Writeups Due (5:00pm)