Evolutionary Security: Winter 2025

Course Outline

Course outline for Evolutionary Security.

Literature Review

To help you write a literature review or the background of a research paper, read the following:

• Harvey, "What Is a Literature Review?" (DOC) (PPT)
• Taylor, "The Literature Review: A Few Tips On Conducting It"

Class Schedule (Readings & Notes)

January 7, 2025

Introduction

January 9, 2025

Introduction to Trust

January 14, 2025

Computational Trust

• Marsh, "Formalising Trust as a Computational Concept." (Chapters 1 & 3)

January 16, 2025

Biological Trust

• Bateson, "The Biological Evolution of Cooperation and Trust." (1988)
• Michod & Roze, "Cooperation and conflict in the evolution of multicellularity." (2001)

January 21, 2025

OceanStore & BOINC

• John Kubiatowicz et al., "OceanStore: An Architecture for Global-Scale Persistent Storage" (SIGPLAN 2000)
• Sean Rhea et al., "Pond: the OceanStore Prototype" (FAST 2003)
• Anderson, "BOINC: A System for Public-Resource Computing and Storage" (Grid Computing 2004)

January 23, 2025

Chubby & GFS

• Burrows, The Chubby Lock Service for Loosely-Coupled Distributed Systems (OSDI 2006)
• Sanjay Ghemawat et al., "The Google File System" (SOSP 2003)

January 28, 2025

Symbiosis

• Margulis, Symbiosis and Evolution (Scientific American 1971)

January 30, 2025

Tierra

• Tom Ray, Tierra (1992): Pixelated but with Figures, Clearer Text

February 4, 2025

Readings

• Neti, "Software diversity: Security, Entropy, and Game Theory." (HotSec 2012)
• Mansourzadeh, "A Fragility Metric for Software Diversity." (ASIA 2024)

Discussion Questions

• What is the basic model behind both of these systems? Hint: focus on the figures!
• What aspect(s) of security are these models capturing? What are they missing?

February 6, 2025

Readings

• Forrest, "Building Diverse Computer Systems." (HotOS 1997)
• Mansourzadeh, "Towards Foundational Security Metrics." (NSPW 2024)

Discussion Questions

• What security problems does the Forrest paper address? What problems does it not address?
• How plausible/realistic is the model in Mansourzadeh's paper?
• To what degree do the strategies described in the Forrest paper impact the KOSM and DESM metrics described in Mansourzadeh's paper?

February 11, 2025

Readings

• Forrest, "A Sense of Self for Unix Processes." (IEEE SP 1996)
• Forrest, "The Evolution of System-call Monitoring." (ACSAC 2008)

Discussion Questions

• What is "sequence-based system call monitoring"?
• How did system-call monitoring "evolve"? Specifically, to what extent did its "fitness" improve?

February 13, 2025

Project elevator pitches (presentations in class)