EECS 395/495 Lectures

Course Lecture Plan

Date	Lectures Topics	Speakers & Notes	Reading
Tue 4/2	Class Overview, Intro to Static Analysis I	Yan, Vaibhav
Wed 4/3	Introduction to Static Analysis II	Vaibhav	Materirals by Prof. Ryder from VT http://people.cs.vt.edu/ryder/ACACES07/ACACES1-2up.pdf http://people.cs.vt.edu/ryder/ACACES07/ACACES2-2up.pdf
Mon 4/8	SA1: Browser Extension Vulnerabilities	[VEX.pptx] Xiang	Bandhakavi, Sruthi, et al. "VEX: Vetting browser extensions for security vulnerabilities." Usenix Security. 2010. [video of the authors' talk]
Wed 4/10	SA2: Web App Vulnerabilities	[TAJ.pptx] Yinzhi	Tripp, Omer, et al. "TAJ: effective taint analysis of web applications." ACM Sigplan Notices. Vol. 44. No. 6. ACM, 2009. [Ref]Jovanovic, Nenad, Christopher Kruegel, and Engin Kirda. "Pixy: A static analysis tool for detecting web application vulnerabilities." IEEE Symposium on Security and Privacy, 2006.
Mon 4/15	SA3: Privacy leakage detection on smartphones	[smartphone_leakDetection] Maciek, Josiah	Egele, Manuel, et al. "PiOS: Detecting privacy leaks in iOS applications." Proceedings of the Network and Distributed System Security Symposium. 2011. [Ref] Gibler, Clint, et al. "AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale." Trust and Trustworthy Computing (2012): 291-307.
Wed 4/17	SA4: Android system/app vulnerabilities	[Android_vulDetection] Chao,Jacob	Lu, Long, et al. "CHEX: statically vetting Android apps for component hijacking vulnerabilities." Proceedings of the ACM conference on Computer and communications security. 2012. [Ref] Grace, Michael, et al. "Systematic detection of capability leaks in stock Android smartphones." Proceedings of the Symposium on Network and Distributed System Security. 2012.
Mon 4/22	Intro to Dynamic Analysis	[dynamic_analysis] Vaibhav No paper summary needed	Schwartz, Edward J., Thanassis Avgerinos, and David Brumley. "All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)." IEEE Symposium on Security and Privacy, 2010.
Wed 4/24	DA1: Automatic testing (symbolic execution)	[EXE_KLEE] Max, Andrew	Cadar, Cristian, Daniel Dunbar, and Dawson Engler. "KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs." Proceedings of the USENIX conference on Operating systems design and implementation (OSDI). 2008. [Ref] Cadar, Cristian, et al. "EXE: automatically generating inputs of death." ACM Transactions on Information and System Security (TISSEC) 12.2 (2008): 10.
Mon 4/29	DA2: Privacy leakage	[TaintDroid_XSS_detection] Zhengyang, Peng	Enck, William, et al. "TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones." Proceedings of the USENIX conference on Operating systems design and implementation. 2010. [Ref] Vogt, Philipp, et al. "Cross-site scripting prevention with dynamic data tainting and static analysis." Proceeding of the Network and Distributed System Security Symposium (NDSS). Vol. 42. 2007.
Wed 5/1	DA3: Malware Analysis	Chao,Zhengyang Yan (short presentation on DroidChamelon)	Yin, Heng, et al. Panorama: capturing system-wide information flow for malware detection and analysis, Proceedings of the ACM conference on Computer and communications security. 2007.
Fri 5/3	Midterm project presentation (Mon 5/6 class moved here)
Wed 5/8	Guest Lecture on Contracts	Prof. Robby Findler No paper summary needed
Mon 5/13	DA4 Guest Lecture	Prof. Venkat of UIC
Wed 5/15	DA5: Automatic exploit and signature generation	[autoSigGen&Mayhem] Andrew, Peng	Cha, Sang Kil, et al. "Unleashing mayhem on binary code." Security and Privacy (SP), 2012 IEEE Symposium on. IEEE, 2012. [Ref] Towards Automatic Generation of Vulnerability-Based Signatures, by David Brumley, et al, in the Proceedings of the 2006 IEEE Symposium on Security and Privacy.
Mon 5/20	Miscellaneous Language-based approaches M1: Language based information flow	Vaibhav	Liu, Jed, et al. "Fabric: A platform for secure distributed computation and storage." Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles. ACM, 2009. Original talk slides and video are here. [Ref] Myers, Andrew C., and Barbara Liskov. "Complete, safe information flow with decentralized labels.", Proceedings of IEEE Symposium on Security and Privacy, 1998.
Wed 5/22	M2: Aspect Oriented Programming	[Conscript] Maciek, Josiah	Meyerovich, Leo A., and Benjamin Livshits. "Conscript: Specifying and enforcing fine-grained security policies for javascript in the browser." , IEEE Symposium on Security and Privacy (SP), 2010.
Mon 5/27	No class due to Memorial Day.
Wed 5/29	M3: Proof-carry Code	Max, Jacob	George Necula and Peter Lee, Safe Kernel Extensions Without Run-Time Checking (First paper on proof-carrying code), Proceedings of the OSDI 1996 (best paper award). A good introduction slides for PCC is here. More in-depth slides are here.
Fri 5/31

Notes: You may find the brochure useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.