Readings

Paper Review Guidelines

Write a 400 word critical response and comments to each required paper. Please use the provided review form. Detailed comments should focus on the following:

  1. What motivates the work or why the problem is worth solving?
  2. What is the state-of-the-art or why we need a new solution?
  3. What are the technical challenges or why the solution is not trivial?
  4. What are the key insight or novelty of the proposed solution?
  5. What are the limitations of the paper? Write the criticisms.
  6. Any improvements or related ideas that you can suggest?

Your most important task is to demonstrate that you’ve read the paper and thought carefully about the topic. No copy and paste of the original paper text!

Paper reviews are due before the class. The review for each paper will be graded and returned back with a check-, check, or check+.

Reading List

Most papers should be publicly accessible. If any links are broken, please search for them. If any of them require paid subscription, you can access them for free when connecting on campus. For off-campus access, try UCR VPN.

MondayTuesday WednesdayThursday Friday
Mar 29
LEC 1: Introduction.

Assigned: Project Selection and Paper Presentation

Paper: An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries.

First day of class		 Mar 30 Mar 31
LEC 2: Binary Instrumentation

Assigned: Lab1 - Shadow Stack

Paper: Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation and Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation.

Review Form		 Apr 1 Apr 2
Apr 5
LEC 3: Function Identification

Paper: Recognizing Functions in Binaries with Neural Networks and Function Interface Analysis: A Principled Approach for Function Recognition in COTS Binaries.

Review Form		 Apr 6 Apr 7
LEC 4: Pointer Recovery

Paper: Reassembleable Disassembling and Ramblr: Making Reassembly Great Again.

Review Form		 Apr 8 Apr 9
Apr 12
LEC 5: Logical Programming for RE

Paper: Datalog Disassembly and Using Logic Programming to Recover C++ Classes and Methods from Compiled Executables.

Review Form		 Apr 13 Apr 14
LEC 6: Dynamic Taint Analysis

Paper: Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software and TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones.

Review Form		 Apr 15 Apr 16
Apr 19
LEC 7: Call-Graph Construction

Assigned: Lab2 - Call Graph Analysis

Paper: Where Does It Go? Refining Indirect-call Targets with Multi-layer Type Analysis and Enforcing Unique Code Target Property for Control-Flow Integrity.

Review Form		 Apr 20 Apr 21
LEC 8: C++ Security

Paper: Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications and Hextype: Efficient Detection of Type Confusion Errors for C++.

Review Form		 Apr 22 Apr 23
Apr 26
LEC 9: Spatial Memory Safety

Paper: CCured: Type-Safe Retrofitting of Legacy Software and SoftBound: Highly Compatible and Complete Spatial Memory Safety for C.

Review Form		 Apr 27 Apr 28
LEC 10: Temporal Memory Safety

Paper: UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages and MarkUs: Drop-in use-after-free prevention for low-level languages.

Review Form		 Apr 29 Apr 30
May 3
LEC 11: Leveraging Hardware Support

Paper: libmpk: Software Abstraction for Intel Memory Protection Keys (Intel MPK) and PTAuth: Temporal Memory Safety via Robust Points-to Authentication

Review Form		 May 4 May 5
LEC 12: Symbolic Execution

Assigned: Lab3 - Exploit Generation

Paper: Symbolic Execution for Software Testing: Three Decades Later and Systematic Comparison of Symbolic Execution Systems: Intermediate Representation and its Generation.

Review Form		 May 6 May 7
May 10
LEC 13: Exploit Generation

Paper: AEG: Automatic Exploit Generation and FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities.

Review Form		 May 11 May 12
LEC 14: Grey-box Fuzzing

Paper: FuzzFactory: Domain-Specific Fuzzing with Waypoints and IJON: Exploring Deep State Spaces via Fuzzing.

Review Form		 May 13 May 14
May 17
LEC 15: Data Races

Paper: Krace: Data Race Fuzzing for Kernel File Systems and ExpRace: Exploiting Kernel Races through Raising Interrupts

Review Form		 May 18 May 19
LEC 16: Harness Generation

Assigned: Lab4 - Fuzzing

Paper: FUDGE: Fuzz Driver Generation at Scale and FuzzGen: Automatic Fuzzer Generation.

Review Form		 May 20 May 21
May 24
LEC 17: Sanitizers

Paper: SAVIOR: Towards Bug-Driven Hybrid Testing and RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization.

Review Form		 May 25 May 26
LEC 18: Code Search

Paper: Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection and Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs.

Review Form		 May 27 May 28
May 31
Memorial Day		 Jun 1 Jun 2
LEC 19: Project Presentation
 Jun 3 Jun 4
Last day of classes