Reading materials related to the Lectures
Papers for Second
presentstions (Week of April 17)
Day 1
1. Model-based Risk Assessment to Improve Enterprise Security (Leonora)
2. Model-Based Validation of an Intrusion-Tolerant Information System (Andrew)
3. Model-Based Design and Analysis of Permission-Based Security (Lyndsi)
4. Model Checking An Entire Linux Distribution for Security Violations (Long)
Day 2
1. Formal Verification of Business Workflows and Role Based Access Control Systems (Gang)
2. Model-checking Driven Security Testing of Web-based Applications (Sundeep)
3. Towards Security Vulnerability Detection by Source Code Model Checking (Peng)
4.
Model-Based Collaborative Filtering as a
Defense Against Profile Injection Attacks (Lei)
Papers for
First presentstions
Day
1 – March 1
[1]
Exterminator: Automatically Correcting Memory Errors with
High Probability
[2]
Preventing Race Condition Attacks on File-Systems
[3]
SQL DOM: Compile Time Checking of Dynamic SQL Statements
[4]
A Lightweight Buffer Overflow Protection Mechanism with
Failure-Oblivious Capability
Day
2 – March 3
[5] Modular Checking for Buffer Overflows in the Large
[6]
Automatic Creation of SQL Injection and Cross-Site
Scripting Attacks
[7]
SQLProb: A Proxy-based
Architecture towards Preventing SQL Injection Attacks
[8]
Scalable Network-based Buffer Overflow Attack Detection
For
each paper:
·
Main presenter: send the presentation
for quick review to me by 12 noon on the day before the presentation.
·
Each person will provide anonymous
reviews to each presenter.
·
Participate in Q&A and discussion
Each
person will be given a score based on the presentation, participation, and peer
review feedback.
Links for Cloud Computer materials
[1] "Above the
Clouds: A Berkeley View of Cloud Computing"; http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf
[2] "What’s New About Cloud Computing Security?"; http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.pdf
[3] "Security and Privacy Challenges in Cloud
Computing Environments";.
[4] More info: http://www.thecloudtutorial.com
Sources and related sites for Lectures (Start of Semester)
On SDLC/Methodologies
Week 1: No Classes
Week 2: Lecture 1 (Jan 11)
Article: Secure Software Development Life Cycle Processes
Website: SSE-CMM
Web Site: CMMI
Article: CMM vs. CMMI
Week 3: Lecture 2 (To be updated)
Article: The Trustworthy Computing Security Development Lifecycle
Article: Correctness By Construction
Web site: Agile Alliance
Article: The Agile Manifesto; Agile Software Development
Website: XP programming site
Nice survey: Agile Software Development Methods
Besnosov articel: Secure Agile SD
...
Article: Software Security by Gary McGraw; Other Gary McGraw's Security Articles
Article: Why Software Fails?