CSE597A/Fall 2008 - Course Calendar

Operating Systems Security - Ch 1 and 2 (see ANGEL Lessons)

Effective Blame for Information-Flow Violations. David H. King (Penn State), Trent Jaeger (Penn State), Somesh Jha (University of Wisconsin), and Sanjit A. Seshia (UC Berkeley), in Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2008.

Dave King

Operating Systems Security - Ch 3 and 4 (see ANGEL Lessons)

Operating Systems Security - Ch 5 (see ANGEL Lessons)

Also, read: Toward Automated Information-Flow Integrity Verification for Security-Critical Applications. Umesh Shankar (UC Berkeley), Trent Jaeger (IBM Research), and Reiner Sailer (IBM Research). in Proceedings of the 2006 ISOC Network and Distributed Systems Symposium, 2006.

Bouncer: Securing Software by Blocking Bad Input. Manuel Costa (Microsoft Research), Miguel Castro (Microsoft Research), Lidong Zhou (Microsoft Research), Lintao Zhang (Microsoft Research), and Marcus Peinado (Microsoft), in Proceedings of the 21st Symposium on Operating Systems Principles, 2007.

Decoupling dynamic program analysis from execution in virtual environments. Jim Chow (VMware), Tal Garfinkel (VMware), and Peter M. Chen (University of Michigan), in Proceedings of the 2008 USENIX Annual Technical Conference, 2008.

Configuration Debugging as Search: Finding the Needle in the Haystack. Andrew Whitaker, Richard S. Cox, and Steven D. Gribble (University of Washington), in Proceedings of the 6th Symposium on Operating Systems Design and Implementation, 2004.

Vx32: Lightweight User-level Sandboxing on the x86. Bryan Ford and Russ Cox (MIT), in Proceedings of the 2008 USENIX Annual Technical Conference, 2008.

Operating Systems Security - Ch 6 and 9 (see ANGEL Lessons)

Information Flow Control For Standard OS Abstractions. Maxwell Krohn (MIT), Alexander Yip (MIT), Micah Brodsky (MIT), Natan Cliffer (MIT), M. Frans Kaashoek (MIT), Eddie Kohler (UCLA), and Robert Morris (MIT), in Proceedings of the 21st Symposium on Operating Systems Principles, 2007.

Also, read: Labels and Event Processes in the Asbestos Operating System. Steve Vandebogart, Petros Efstathopoulos, and Eddie Kohler (UCLA), Maxwell Krohn, Cliff Frey, David Ziegler, Frans Kaashoek, and Robert Morris (MIT), and David Mazieres (Stanford). in ACM Transactions on Computer Systems, 25(4):11:1-43, December 2007.

Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable. Richard Ta-Min, Lionel Litty, and David Lie (University of Toronto), in Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 2006.

N-Variant Systems: Secretless Framework for Security through Diversity. Benjamin Cox, David Evans, Adrian Filipi, Jonathan Rowanhill, Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser (University of Virginia), in Proceedings of the 16th USENIX Security Symposium, August 2006.

XFI: Software Guards for System Address Spaces. Ulfar Erlingsson (MSR), Martin Abadi (MSR, UC Santa Cruz), Michael Vrable (UCSD), Mihai Budiu (MSR), and George Necula (UC Berkeley), in Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 2006.

From Uncertainty to Belief: Inferring the Specification Within. Ted Kremenek (Stanford), Paul Twohey (Stanford), Godmar Back (Virginia Tech), Andrew Ng (Stanford), Dawson Engler (Stanford), in Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 2006.

Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis. Heng Yin (CMU), Dawn Song (CMU and UC Berkeley), Manuel Egele (TU Vienna), Christopher Kruegel (TU Vienna), and Engin Kirda (TU Vienna), in Proceedings of the 15th ACM Conference on Computer and Communications Security, October 2007.

An Analysis of Browser Domain-Isolation Bugs and A Light-Weight Transparent Defense Mechanism. Shuo Chen, David Ross, and Yi-Min Wang (MSR), in Proceedings of the 15th ACM Conference on Computer and Communications Security, October 2007.

Secure web browsing with the OP web browser. Chris Grier, Shuo Tang, and Samuel T. King (UIUC), in Proceedings of the 2008 IEEE Symposium on Security and Privacy, 2008.

Spectator: Detection and Containment of JavaScript Worms. Benjamin Livshits and Weidong Cui (MSR), in Proceedings of the 2008 USENIX Annual Technical Conference, 2008.

SubVirt: Implementing malware with virtual machines. Samuel T. King (UIUC), Peter M. Chen (University of Michigan), Yi-Min Wang (MSR), Chad Verbowski (MSR), Helen J. Wang (MSR), Jacob R. Lorch (MSR), in Proceedings of the 2006 IEEE Symposium on Security and Privacy, 2006.

Also read: When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments. Tal Garfinkel and Mendel Rosenblum (Stanford and VMware), in Proceedings of the 10th Workshop on Hot Topics in Operating Systems, 2005.

Operating Systems Security - Ch 11 (see ANGEL Lessons)

Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems. Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger (VMware), Dan Boneh (Stanford), Jeffrey Dwoskin (Princeton), and Dan R.K. Ports (MIT), in Proceedings of the 2008 Conference on Architectural Support for Programming Languages and Operating Systems, 2008.

Remus: High Availability via Asynchronous Virtual Machine Replication. Brendan Cully, Geoffrey Lefebvre, Dutch Meyer, Mike Feeley, Norm Hutchinson, and Andrew Warfield (University of British Columbia) in Proceedings of the 6th Symposium on Networked Systems Design and Implementation, 2008.

How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution. Jonathan M. McCune (CMU), Bryan Parno (CMU), Adrian Perrig (CMU), Michael K. Reiter (UNC), and Arvind Seshadri (CMU), in Proceedings of the 2008 Conference on Architectural Support for Programming Languages and Operating Systems, 2008.

Bootstrapping Trust in a "Trusted" Platform. Bryan Parno (CMU). in Proceedings of the 3rd Workshop on Hot Topics in Security, 2008.

PeerReview: Practical Accountability for Distributed Systems. Andreas Haeberlen, Petr Kouznetsov, and Peter Druschel (Rice University and Max Planck Institute for Software Systems), in Proceedings of the 21st Symposium on Operating Systems Principles, 2007.

Also read, Dynamo: Amazon's Highly Available Key-value Store. Giuseppe DeCandia, Deniz Hastorun, Madan Jampani, Gunavardhan Kakulapati, Avinash Lakshman, Alex Pilchin, Swaminathan Sivasubramanian, Peter Vosshall and Werner Vogels (Amazon.com), in Proceedings of the 21st Symposium on Operating Systems Principles, 2007.

Securing Distributed Systems with Information Flow Control. Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazieres (Stanford), in Proceedings of the 6th Symposium on Networked Systems Design and Implementation, 2008.

Bigtable: A Distributed Storage System for Structured Data. Fay Chang, Jeffrey Dean, Sanjay Ghemawat, Wilson C. Hsieh, Deborah A. Wallach Mike Burrows, Tushar Chandra, Andrew Fikes, and Robert E. Gruber (Google), in Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 2006.

SafeStore: A Durable and Practical Storage System. Ramakrishna Kotla, Lorenzo Alvisi, and Mike Dahlin (UT Austin), in Proceedings of the 2007 USENIX Annual Technical Conference, 2007.