| Date | Topic | Reading |
| Wed. 8/21 | Getting started | No written synopsis
required. Complete the reading by 8/26: How to Read a Paper, S. Keshav, University of Waterloo, 2013. Writing reviews for systems conferences, Timothy Roscoe, ETH Zurich, 2007. |
| Mon. 8/26 | Background | No reading. |
| Wed. 8/28 | Security protocols | Automated Analysis of Cryptographic Protocols using Murphi, J. C. Mitchell, M. Mitchell, U. Stern, IEEE S&P, 1997. Background (no written synopsis required): An Attack on the Needham-Schroeder Public-Key Authentication Protocol, Gavin Lowe, Information Processing Letters, 1995. |
| Mon. 9/2 | Labor Day | No class. |
| Wed. 9/4 | Project proposals | No reading. |
| Mon. 9/9 | Secure kernels | Specification and verification of the UCLA Unix security kernel, B. Walker, R. Kemmerer, G. Popek, CACM 1980. |
| Wed. 9/11 | Secure kernels | Kit: a Study in Operating System Verification, W. R. Bevier, IEEE Trans. on SW Eng., 1989. |
| Mon. 9/16 | Secure kernels |
Verifying the EROS Confinement Mechanism, J. S. Shapiro, S. Weber, IEEE S&P, 2000.
Further reading: Capsicum: practical capabilities for UNIX. |
| Wed. 9/18 | Secure kernels | seL4:
Formal Verification of an OS Kernel, G. Klein et al., ACM SOSP,
2009.
Presentation by Gernot Heiser: Making Trusted Systems Trustworthy, G. Heiser, Nano-Terra/Artist Summer School 2013. |
| Mon. 9/23 | Secure kernels | Project proposals due. seL4: from General Purpose to a Proof of Information Flow Enforcement, T. Murray, et al., IEEE S&P, 2013. |
| Wed. 9/25 | Hypervisors | Automated Verification of a Small Hypervisor, E. Alkassar, M. A. Hillebrand, W. Paul, E. Petrova, LNCS VSTTE, 2010. |
| Mon. 9/30 | RTOS | Formal
Verification of a Microkernel Used in Dependable Software Systems,
C. Baumann, B. Beckert, H. Blasum, T. Bormer, LNCS SAFECOMP 2009.
Modeling and Security Analysis of a Commercial Real-Time Operating System Kernel, R. J. Richards, LNCS |
| Wed. 10/2 | Mobile OS | Verifying Security Invariants in ExpressOS, H. Mai et al., ASPLOS 2013. |
| Mon. 10/7 | Page tables | Verifying Shadow Page Table Algorithms, E. Alkassar et al.,
FMCAD 2010.
Additional reading (no written synopsis required): Verification with Small and Short Worlds, R. Sinha et al., FMCAD 2012. |
| Wed. 10/9 | Page tables | Scalable Parametric Verification of Secure Systems: How to Verify Reference Monitors without Worrying about Data Structure Size, J. Franklin et al., IEEE SP 2010. |
| Mon. 10/14 | No class | |
| Wed. 10/16 | Model checking SW | Model Checking One Million Lines of C Code, H. Chen, D. Dean, D. Wagner,
NDSS 2004.
Background reading (no written synopsis required): MOPS: An Infrastructure for Examining Security Properties of Software, H. Chen, D. Wagner, CCS 2002. |
| Mon. 10/21 | Model checking SW | Automatically Validating Temproal Safety Properties of Interfaces, T. Ball, S. K. Rajamani, SPIN 2001. |
| Wed. 10/23 | Verified sandbox | Evaluating SFI for a CISC Architecture, S. McCamant, G. Morrisett, USENIX Security 2006.
Background reading (no written synopsis required): Efficient Software-Based Fault Isolation, R. Wahbe, S. Lucco, T. E. Anderson, S. L. Graham, SOSP 1993. |
| Mon. 10/28 | Verified sandbox | RockSalt: Better, Faster, Stronger SFI for the x86, G. Morrisett, et al., PLDI 2012.
Background reading (no written synopsis required): NativeClient: A Sandbox for Portable, Untrusted x86 Native Code, B. Yee, et al., IEEE S&P 2009. |
| Wed. 10/30 | Symbolic execution | Practical, Low-Effort Equivalence Verification of Real Code, D. Ramos, D. Engler, CAV 2011.
Background reading (no written synopsis required): Symbolic Execution and Program Testing, J. King, CACM 1976. Symbolic Execution for Software Testing: Three Decades Later, C. Cadar, K. Sen, CACM 2013. |
| Mon. 11/4 | Symbolic execution | FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution, D. Davidson, B. Moench, S. Jha, T. Ristenpart, USENIX Security 2013. |
| Wed. 11/6 | Web security | Towards a Formal Foundation of Web Security, D. Akhawe, et al., CSF 2010. |
| Mon. 11/11 | Web security | Secure Web Browsing with the OP Web Browser, C. Grier, S. Tang, S. T. King, IEEE S&P 2008. |
| Wed. 11/13 | Web security | Establishing Browser Security Guarantees through Formal Shim Verification, D. Jang, Z. Tatlock, S. Lerner, USENIX Security 2012. |
| Mon. 11/18 | Web security | Verified Security for Browser Extensions, A. Guha, M. Fredrikson, B. Livshits, N. Swamy, IEEE S&P 2011. |
| Wed. 11/20 | Voting | Designing Voting Machines for Verification, N. Sastry, T. Kohno, D. Wagner, USENIX Security 2006. |
| Mon. 11/25 | Models | Extracting Models of Security-Sensitive Operations using String-Enhanced White-Box Exploratoin on Binaries, J. Caballero, S. McCamant, A. Barth, D. Song, TR UC Berkeley 2009.
Background reading (no synopsis required): Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves, A. Barth, J. Caballero, D. Song, IEEE S&P 2009. |
| Wed. 11/27 | Thanksgiving holiday | No class. |
| Mon. 12/2 | Models | Mace: Model-Inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery, C. Y. Cho, et al., USENIX Security 2011. |
| Wed. 12/4 | Presentations | Please fill out the online Carolina Course Evaluation. Bring your laptops to class; we will end early so you can complete the evaluation during class time. |
| Fri. 12/6 | Final project | No class. Final project reports due by 11:59 PM. |