Course Lecture Plan


Lectures Topics

Speakers & Notes


Tue 4/2 Class Overview, Intro to Static Analysis I Yan, Vaibhav

Wed 4/3 Introduction to Static Analysis II
Vaibhav Materirals by Prof. Ryder from VT
Mon 4/8 SA1: Browser Extension Vulnerabilities
Bandhakavi, Sruthi, et al. "VEX: Vetting browser extensions for security vulnerabilities." Usenix Security. 2010. [video of the authors' talk]
Wed 4/10 SA2: Web App Vulnerabilities

Tripp, Omer, et al. "TAJ: effective taint analysis of web applications." ACM Sigplan Notices. Vol. 44. No. 6. ACM, 2009.
[Ref]Jovanovic, Nenad, Christopher Kruegel, and Engin Kirda. "Pixy: A static analysis tool for detecting web application vulnerabilities." IEEE Symposium on Security and Privacy, 2006.

Mon 4/15

SA3: Privacy leakage detection on smartphones

Maciek, Josiah

Egele, Manuel, et al. "PiOS: Detecting privacy leaks in iOS applications." Proceedings of the Network and Distributed System Security Symposium. 2011.
[Ref] Gibler, Clint, et al. "AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale."
Trust and Trustworthy Computing (2012): 291-307.

Wed 4/17

SA4: Android system/app vulnerabilities

Lu, Long, et al. "CHEX: statically vetting Android apps for component hijacking vulnerabilities." Proceedings of the ACM conference on Computer and communications security. 2012.
[Ref] Grace, Michael, et al. "Systematic detection of capability leaks in stock Android smartphones." Proceedings of the Symposium on Network and Distributed System Security. 2012.

Mon 4/22

Intro to Dynamic Analysis

No paper summary needed

Schwartz, Edward J., Thanassis Avgerinos, and David Brumley. "All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)." IEEE Symposium on Security and Privacy, 2010.

Wed 4/24

DA1: Automatic testing (symbolic execution)
Max, Andrew

Cadar, Cristian, Daniel Dunbar, and Dawson Engler. "KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs." Proceedings of the USENIX conference on Operating systems design and implementation (OSDI). 2008.
[Ref] Cadar, Cristian, et al. "EXE: automatically generating inputs of death."
ACM Transactions on Information and System Security (TISSEC) 12.2 (2008): 10.


DA2: Privacy leakage

Zhengyang, Peng

Enck, William, et al. "TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones." Proceedings of the USENIX conference on Operating systems design and implementation. 2010.
[Ref] Vogt, Philipp, et al. "Cross-site scripting prevention with dynamic data tainting and static analysis." Proceeding of the Network and Distributed System Security Symposium (NDSS). Vol. 42. 2007.

Wed 5/1

DA3: Malware Analysis
Yan (short presentation on DroidChamelon)
Yin, Heng, et al. Panorama: capturing system-wide information flow for malware detection and analysis, Proceedings of the ACM conference on Computer and communications security. 2007.

Fri 5/3

Midterm project presentation (Mon 5/6 class moved here)

Wed 5/8

Guest Lecture on Contracts

Prof. Robby Findler
No paper summary needed

Mon 5/13

DA4 Guest Lecture
Prof. Venkat of UIC

Wed 5/15

DA5: Automatic exploit and signature generation

Andrew, Peng
Cha, Sang Kil, et al. "Unleashing mayhem on binary code." Security and Privacy (SP), 2012 IEEE Symposium on. IEEE, 2012.
[Ref] Towards Automatic Generation of Vulnerability-Based Signatures, by David Brumley, et al, in the Proceedings of the 2006 IEEE Symposium on Security and Privacy.

Mon 5/20

Miscellaneous Language-based approaches

M1: Language based information flow
Liu, Jed, et al. "Fabric: A platform for secure distributed computation and storage." Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles. ACM, 2009.   Original talk slides and video are here.
[Ref] Myers, Andrew C., and Barbara Liskov. "Complete, safe information flow with decentralized labels.", Proceedings of IEEE Symposium on Security and Privacy, 1998.

Wed 5/22

M2: Aspect Oriented Programming

Maciek, Josiah
Meyerovich, Leo A., and Benjamin Livshits. "Conscript: Specifying and enforcing fine-grained security policies for javascript in the browser." , IEEE Symposium on Security and Privacy (SP), 2010.
Mon 5/27

No class due to Memorial Day.

Wed 5/29

M3: Proof-carry Code
Max, Jacob George Necula and Peter Lee, Safe Kernel Extensions Without Run-Time Checking (First paper on proof-carrying code), Proceedings of the OSDI 1996 (best paper award).  A good introduction slides for PCC is here. More in-depth slides are here.

Fri 5/31

Notes: You may find the brochure useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.