| Date | Topic | Reading |
| Tues. 8/19 | Intro | None. |
| Thurs. 8/21 | USENIX Security Conference | No class. |
| Tues. 8/26 | Propositional Logic | None. |
| Thurs. 8/28 | Predicate Logic | None. |
| Tues. 9/2 | Temporal Logic | None. |
| Thurs. 9/4 | Temporal Logic | No written synopsis
required. How to Read a Paper, S. Keshav, University of Waterloo, 2013. Writing reviews for systems conferences, Timothy Roscoe, ETH Zurich, 2007. |
| Tues. 9/9 | Security Protocols | Automated
Analysis of Cryptographic Protocols using Murphi, J. C. Mitchell,
M. Mitchell, U. Stern, IEEE S&P, 1997. Background reading (no written synopsis required): An Attack on the Needham-Schroeder Public-Key Authentication Protocol, Gavin Lowe, Information Processing Letters, 1995. |
| Thurs. 9/11 | Security Protocols | ASPIER: An Automated Framework for Verifying Security Protocol Implementations, S. Chaki, A. Datta, IEEE CSF, 2009. |
| Tues. 9/16 | Secure Kernels | Design and Verification of Secure Systems, J. Rushby, ACM SOSP, 1981. |
| Thurs. 9/18 | Secure Kernels |
Verifying the EROS Confinement Mechanism, J. S. Shapiro, S. Weber, IEEE S&P, 2000.
Further reading: Capsicum: practical capabilities for UNIX. |
| Tues. 9/23 | Individual Group Meetings | No reading. |
| Thurs. 9/25 | Guest Lecture by Robby Cochran |
"Verification of Client Behavior in Distributed Applications" Background (no written synopsis required): Server-side Verification of Client Behavior in Online Games, D. Bethea, R.A. Cochran, M.K. Reiter, TISSEC 2011. |
| Tues. 9/30 | Secure Kernels | seL4:
Formal Verification of an OS Kernel, G. Klein et al., ACM SOSP,
2009.
Presentation by Gernot Heiser: Making Trusted Systems Trustworthy, G. Heiser, Nano-Terra/Artist Summer School 2013. |
| Thurs. 10/2 | Secure Kernels | seL4: from General Purpose to a Proof of Information Flow Enforcement, T. Murray, et al., IEEE S&P, 2013. |
| Tues. 10/7 | Hypervisors | Project proposals due. Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework, A.Vasudevan, et al., IEEE S&P, 2013. |
| Thurs. 10/9 | Mobile OS | Verifying Security Invariants in ExpressOS, H. Mai et al., ASPLOS, 2013. |
| Tues. 10/14 | SW Model Checking | Model Checking One Million Lines of C Code, H. Chen, D. Dean, D. Wagner,
NDSS, 2004.
Background reading (no written synopsis required): MOPS: An Infrastructure for Examining Security Properties of Software, H. Chen, D. Wagner, CCS, 2002. |
| Thurs. 10/16 | Fall Break | No class. |
| Tues. 10/21 | SW Model Checking | Scalable Parametric Verification of Secure Systems: How to Verify Reference Monitors without Worrying about Data Structure Size, J. Franklin et al., IEEE S&P, 2010. |
| Thurs. 10/23 | SW Model Checking | Verification with Small and Short Worlds, R. Sinha, et al. FMCAD, 2012. |
| Tues. 10/28 | SW Model Checking | Automatically Validating Temproal Safety Properties of Interfaces, T. Ball, S. K. Rajamani, SPIN, 2001. |
| Thurs. 10/30 | Verified sandbox | Evaluating SFI for a CISC Architecture, S. McCamant, G. Morrisett, USENIX Security, 2006.
Background reading (no written synopsis required): Efficient Software-Based Fault Isolation, R. Wahbe, S. Lucco, T. E. Anderson, S. L. Graham, SOSP, 1993. |
| Tues. 11/4 | Symbolic Execution | Unleashing Mayhem on Binary Code, S. Cha, et al., IEEE S&P, 2012. |
| Thurs. 11/6 | Symbolic execution | FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution, D. Davidson, B. Moench, S. Jha, T. Ristenpart, USENIX Security, 2013. |
| Tues. 11/11 | Web Security | Towards a Formal Foundation of Web Security, D. Akhawe, et al., IEEE CSF, 2010. |
| Thurs. 11/13 | Web Security | Discovering Concrete Attacks on Website Authorization by Formal Analysis, C. Bansal, K. Bhargavan, S. Maffeis, IEEE CSF, 2012. |
| Tues. 11/18 | Privacy | Privacy and Contextual Integrity: Framework and Applications, A. Barth, et al., IEEE S&P, 2006. |
| Thurs. 11/20 | Privacy | Monitoring security policies with metric first-order temporal logic, D. Basin, F. Klaedtke, S. Muller, ACM SACMAT, 2010. |
| Tues. 11/25 | Models | Extracting Models of Security-Sensitive Operations using String-Enhanced White-Box Exploratoin on Binaries, J. Caballero, S. McCamant, A. Barth, D. Song, TR UC Berkeley, 2009.
Background reading (no synopsis required): Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves, A. Barth, J. Caballero, D. Song, IEEE S&P, 2009. |
| Thurs. 11/27 | Thanksgiving | No class. |
| Tues. 12/2 | Presentations | Please fill out the online Carolina Course Evaluation. Bring your laptops to class; we will end early so you can complete the evaluation during class time. |
| Thurs. 12/4 | Reading Day | No class. |
| Thurs. 12/11 | Final project | No class. Final project reports due by 11:59 PM. |