| Date | Reading | Presenter |
|---|---|---|
| Thur Jan. 12 |
How
to Read a Paper, S. Keshav, University of Waterloo, 2013. Writing reviews for systems conferences, Timothy Roscoe, ETH Zurich, 2007. |
|
| Properties and Specifications | ||
| Tue Jan. 17 |
Recognizing Safety and Liveness, Alpern and Schneider, Distributed Computing 1987. | C. Deutschbein [notes] |
| Tue Jan. 24 |
Hyperproperties, Clarkson and Schneider, JCS 2010. | L. Barnett [notes] |
| Thur Jan. 26 |
Enforceable Security Properties, Schneider, TISSEC 2000. | M. Brown [notes] |
| Verification Techniques | ||
| Tue Jan. 31 |
Symbolic Execution and Program Testing, King, CACM 1976. | M. Nesfield [notes] |
| Thur Feb. 2 |
The Beginning of Model Checking: A Personal Perspective, Emerson, 2008. | C. Griggs [notes] |
| Information Flow | ||
| Tue Feb. 7 |
Proof of
Separability; A Verification Technique for a Class of Security Kernels,
Rushby, Int'l Symp. on Programming 1982. |
A. Byrnes [notes] |
| Thur Feb. 9 |
Traveling | |
| Tue Feb. 14 |
seL4: Formal Verification of an OS Kernel, Klein et al., SOSP 2009. | A. Wang [notes] |
| Thur Feb. 16 |
Compositional
Information-Flow Security for Interactive Systems, Rafnsson and Sabelfeld, CSF 2014. |
J. Park [notes] |
| Tue Feb. 21 |
Towards
Fully Automatic Logic-Based Information Flow Analysis: An Electronic-Voting
Case Study, Do, Kamburjan, and Wasser, POST 2016. |
A. Byrnes [notes] |
| Software Security | ||
| Thur Feb. 23 |
Due: project proposals Unleashing Mayhem on Binary Code, Cha et al., S&P 2012. |
R. Zhang [notes] |
| Tue Feb. 28 |
Verification with Small and Short Worlds, Sinha et al., FMCAD 2012. | J. Park [notes] |
| Thur Mar. 2 |
RockSalt: Better, Faster, Stronger SFI for the x86, Morrisett et al., PLDI 2012. | M. Brown [notes] |
| Tue Mar. 7 |
Verifying Security Invariants in ExpressOS, Mai et al., ASPLOS 2013. | A. Wang [notes] |
| Thur Mar. 9 |
FIE
on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic
Execution, Davidson et al., USENIX Sec. 2013. |
R. Zhang [notes] |
| Tue Mar. 14 |
Spring Break | |
| Thur Mar. 16 |
Spring Break | |
| Tue Mar. 21 |
Micro-Policies
Formally Verified, Tag-Based Security Monitors, Azevedo de Amorim et al., S&P 2015. |
M. Hackett [notes] |
| Thur Mar. 23 |
A Logic of Programs with Interface-Confined Code, Jia et al., CSF 2015. | F. Li [notes] |
| Privacy | ||
| Tue Mar. 28 |
PriCL:
Creating a Precedent, a Framework for Reasoning about Privacy Case Law, Backes et al., POST 2015. |
C. Deutschbein [notes] |
| Thur Mar. 30 |
A Method for Verifying Privacy-Type Properties:
The Unbounded Case, Hirschi, Baelde and Delaune, S&P 2016. |
L. Barnett [notes] |
| Web and Protocols | ||
| Tue Apr. 4 |
Automated
Analysis of Cryptographic Protocols using Murphi, Mitchell, Mitchell, and Stern, S&P 1997. |
M. Nesfield [notes] |
| Thur Apr. 6 |
Towards a Formal Foundation of Web Security, Akhawe et al., CSF 2010. | C. Griggs [notes] |
| Tue Apr. 11 |
Verification with Small and Short Worlds, Sinha et al., FMCAD 2012. | J. Park [notes] |
| Thur Apr. 13 |
Traveling | |
| Tue Apr. 18 |
Discovering
Concrete Attacks on Website Authorization by Formal Analysis, Bansal, Bhargavan, and Maffeis, CSF 2012. |
F. Li [notes] |
| Thur Apr. 20 |
A Comprehensive Formal Security Analysis of OAuth 2.0, Fett, Kusters, and Schmitz, CCS 2016. | M. Hackett [notes] |
| Presentations | ||
| Tue Apr. 25 |
Groups 1--3 | |
| Thur Apr. 27 |
Groups 4--5 | |