Foundations of Software Security
USF CIS 6930, Spring 2010
Announcements
Final grades are now posted on Blackboard.
Course materials
Grades
Please use Blackboard to check your grades.
Schedule (filled in as the semester progresses)
| Dates | Topics | Reading |
|---|---|---|
| 01/12 | Introduction and definitions | Class notes |
| 01/14 | Deductive systems | Andrew Appel. Deductive Systems |
| 01/19 | Theory of runtime enforcement | Fred B Schneider. Enforceable Security Policies. TISSEC 2000. |
| 01/21 | Thoery of runtime enforcement | Philip Fong. Access Control by Tracking Shallow Execution History. S&P 2004. |
| 01/26 | Theory of runtime enforcement | Sections 1-3 of: Ligatti and Reddy. A Theory of Runtime Enforcement, with Results. USF Technical Report 2009. |
| 01/28 | Theory of runtime enforcement | Sections 4-7 of: Ligatti and Reddy. A Theory of Runtime Enforcement, with Results. USF Technical Report 2009. |
| 02/02 | Vulnerability trends; Buffer overflows | (1) Christey and Martin.
Vulnerability Type Distributions in CVE. 2007.
(2) Cowan, Pu, Maier, Hinton, Walpole, Bakke, Beattie, Grier, Wagle, and Zhang. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. USENIX Security 1998. |
| 02/04 | Buffer overflows | (1) Aleph One.
Smashing The Stack For Fun And Profit. Phrack 1996.
(2) Shacham, Page, Pfaff, Goh, Modadugu, and Boneh. On the Effectiveness of AddressSpace Randomization. CCS 2004. |
| 02/09 | SQL-code injection | Halfond, Viegas, and Orso. A Classification of SQL Injection Attacks and Prevention Techniques. ISSSE 2006. |
| 02/11 | SQL-code injection | Su and Wassermann. The Essence of Command Injection Attacks in Web Applications. POPL 2006. |
| 02/16 | Cross-site scripting | Vogt, Nentwich, Jovanovic, Kirda, Kruegel, and Vigna. Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. NDSS 2007. |
| 02/18 | Cross-site scripting | Jim, Swamy, and Hicks. Defeating Script Injection Attacks with Browser-Enforced Embedded Policies. WWW 2007. |
| 02/23 | Stack inspection; policy-specification languages | Erlingsson and Schneider. IRM Enforcement of Java Stack Inspection. S&P 2000. |
| 02/25 | Policy composition; policy-specification languages | Sections 1-3 of: Bauer, Ligatti, and Walker. Composing Expressive Run-time Security Policies. TOSEM 2009. |
| 03/02 | Policy-specification tools; usability; access-control policies | Reeder, Bauer, Cranor, Reiter, Vaniea. Effects of Access-Control Policy Conflict-Resolution Methods on Policy-Authoring Usability. CMU Technical Report 2009. |
| 03/04 | SQL-code injections | Bandhakavi, Bisht, Madhusudan, and Venkatakrishnan. CANDID: Preventing SQL Injection Attacks using Dynamic Candidate Evaluations. CCS 2007. |
| 03/16 | SQL-code injections | Halfond, Orso, and Manolios. Using Positive Tainting and Syntax-Aware Evaluation to Counter SQL Injection Attacks. FSE 2006. |
| 03/18 | Taint analysis | Lam, Martin, Livshits, and Whaley. Securing Web Applications with Static and Dynamic Information Flow Tracking PEPM 2008. |
| 03/23 | Taint analysis | Tripp, Pistoia, Fink, Sridharan, and Weisman. TAJ: Effective Taint Analysis of Web Applications PLDI 2009. |
| 03/25 | Control-flow integrity | Sections 1-4 of: Abadi, Budiu, Erlingsson, and Ligatti. Control-flow Integrity: Principles, Implementations, and Applications. TISSEC, 2009. |
| 03/30 | Control-flow integrity | Sections 5-7 of: Abadi, Budiu, Erlingsson, and Ligatti. Control-flow Integrity: Principles, Implementations, and Applications. TISSEC, 2009. |
| 04/01 | Safe C | Jim, Morrisett, Grossman, Hicks, Cheney, Wang. Cyclone: A safe dialect of C. USENIX Annual Technical Conference, 2002. |
| 04/06 | Noninterference and information flow | Geoffrey Smith. Principles of Secure Information Flow Analysis. Malware Detection 2007. |
| 04/08 | Cryptographic protocols | Anderson and Needham. Programming Satan's Computer. Computer Science Today 1995. |
| 04/13 | Hot (memory integrity) attacks | Govindavajhala and Appel. Using Memory Errors to Attack a Virtual Machine. S&P 2003. |
| 04/15 | Cold (boot) attacks | Halderman et al. Lest We Remember: Cold Boot Attacks on Encryption Keys. USENIX Security, 2008. |
| 04/20 | DRM | Halderman and Felten. Lessons from the Sony CD DRM Episode. USENIX Security 2006. |
| 04/22 | Backdoors | Ken Thompson. Reflections on Trusting Trust. CACM 1984. |
| 04/27 | Student presentations | |
| 04/29 | Student presentations |