Adaptive Security (Fall 2020): Difference between revisions

From Soma-notes
 
(27 intermediate revisions by the same user not shown)
Line 8: Line 8:


Your research journal is due by 9 PM the night before class.  If you need more time please message me (on Teams) that you are running late.  Entries are graded out of 4.  Make sure to date stamp your entries.  You may have multiple entries between classes; I will look at all entries since the last class.
Your research journal is due by 9 PM the night before class.  If you need more time please message me (on Teams) that you are running late.  Entries are graded out of 4.  Make sure to date stamp your entries.  You may have multiple entries between classes; I will look at all entries since the last class.
For instructions on reviewing papers, see [[Adaptive Security 2020F: Paper Review Instructions|here]].
==Literature Review==
To help you write a literature review or the background of a research paper, read the following:
* Harvey, "What Is a Literature Review?" [http://www.cs.cmu.edu/~missy/WritingaLiteratureReview.doc (DOC)] [http://www.cs.cmu.edu/~missy/Writing_a_Literature_Review.ppt (PPT)]
* [http://www.writing.utoronto.ca/advice/specific-types-of-writing/literature-review Taylor, "The Literature Review: A Few Tips On Conducting It"]


==Class Schedule==
==Class Schedule==
Line 26: Line 34:


* Tom Ray, Tierra (1992): [https://homeostasis.scs.carleton.ca/~soma/adapsec/readings/tierra-92-08-042.pdf Pixelated but with Figures], [https://homeostasis.scs.carleton.ca/~soma/biosec/readings/tierra.pdf Clearer Text]
* Tom Ray, Tierra (1992): [https://homeostasis.scs.carleton.ca/~soma/adapsec/readings/tierra-92-08-042.pdf Pixelated but with Figures], [https://homeostasis.scs.carleton.ca/~soma/biosec/readings/tierra.pdf Clearer Text]
* [[Adaptive Security 2020F: Choosing a Project|Choosing a Project]]


===September 22, 2020===
===September 22, 2020===
Line 54: Line 63:
===October 8, 2020===
===October 8, 2020===


* [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/wagner-mimicry.pdf Wagner, "Mimicry attacks on host-based intrusion detection systems."] (CCS 2002)
* [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/wagner-mimicry.pdf Wagner & Soto, "Mimicry attacks on host-based intrusion detection systems."] (CCS 2002)
* [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/wagner-static.pdf Wagner, "Intrusion detection via static analysis."] (Oakland 2001)
* [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/wagner-static.pdf Wagner & Dean, "Intrusion detection via static analysis."] (Oakland 2001)
* [https://homeostasis.scs.carleton.ca/~soma/pubs/forrest-acsac2008.pdf Forrest, "The Evolution of System-call Monitoring."] (ACSAC 2008)
* [https://homeostasis.scs.carleton.ca/~soma/pubs/forrest-acsac2008.pdf Forrest, "The Evolution of System-call Monitoring."] (ACSAC 2008)
===October 13, 15, & 20, 2020===
Review two papers per class following [[Adaptive Security 2020F: Paper Review Instructions|this template]].  Post your reviews on the Readings Wiki on Teams (in the Readings channel).
===October 22, 2020===
* [https://homeostasis.scs.carleton.ca/~soma/pubs/findlay-ccsw2020.pdf Findlay, "bpfbox: Simple Precise Process Confinement in eBPF."] (CCSW 2020)
* [https://homeostasis.scs.carleton.ca/~soma/adapsec/readings/chao2003-infoimmune.pdf Chao, "Information Immune Systems."] (Genetic Programming and Evolvable Machines, 2003)
===November 3, 2020===
Look at the papers in the [https://www.usenix.org/legacy/events/sec2000/tech.html USENIX Security 2000] and [https://www.usenix.org/legacy/events/sec10/tech/ USENIX Security 2010] as compared to the papers in [https://www.usenix.org/conference/usenixsecurity20/technical-sessions USENIX Security 2020].
* How have the kinds of papers changed over the years?
* How has the ratio of attack to defence papers changed?
* Has the "practicality" of papers changed?
===November 17, 2020===
* [https://homeostasis.scs.carleton.ca/~soma/adapsec/readings/carver2016.pdf Carver, "Establishing a baseline for measuring advancement in the science of security: an analysis of the 2015 IEEE security & privacy proceedings."] (HotSoS 2016)
* [https://homeostasis.scs.carleton.ca/~soma/adapsec/readings/burcham2017.pdf Burcham, "Characterizing scientific reporting in security literature: An analysis of ACM CCS and IEEE S&P papers."] (HotSoS 2017)
===November 19, 2020===
* [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/tan-why6.pdf Tan & Maxion, "'Why 6?': Defining the Operational Limits of stide, an Anomaly-Based Intrusion Detector."] (Oakland 2002)
* [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/sekar-automaton.pdf Sekar,"A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors."] (Oakland 2001)
===November 24, 2020===
* [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/lippmann-raid00.pdf Lippmann et al., Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation for Detecting Network Intruders in Real-Time.] (RAID 2000)
* [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/mchugh-darpa.pdf McHugh, Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory.] (ACM TISSEC 2000)
* [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/axelsson-base-rate.pdf Axelsson, The Base-Rate Fallacy and the Difficulty of Intrusion Detection.] (ACM TISSEC 2000)
* [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/mahoney-darpa.pdf Mahoney & Chan, An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection.] (RAID 2003)
* [https://homeostasis.scs.carleton.ca/~soma/pubs/brown-cisda2009.pdf Brown, "Analysis of the 1999 DARPA/Lincoln Laboratory IDS Evaluation Data with NetADHICT."] (CISDA 2009)
===November 26, 2020===
* [https://homeostasis.scs.carleton.ca/~soma/adapsec/readings/pu88.pdf Pu, Massalin, & Ioannidis, "The Synthesis Kernel."] (Computing Systems 1988)
===December 1, 2020===
* [https://homeostasis.scs.carleton.ca/~soma/adapsec/readings/Brooks-AIM-864.pdf Brooks, "A Robust Layered Control System For A Mobile Robot."] (MIT 1985)
* [https://homeostasis.scs.carleton.ca/~soma/adapsec/readings/brooks1991-representation.pdf Brooks, "Intelligence Without Representation."] (AI 1991)
* [https://homeostasis.scs.carleton.ca/~soma/adapsec/readings/brooks-sab1991.pdf Brooks, "Challenges for complete creature architectures."] (SAB 1991)
===December 3, 2020===


===December 8, 2020===
===December 8, 2020===
Line 70: Line 127:
* '''September 18, 2020:''' Areas of interest
* '''September 18, 2020:''' Areas of interest
* '''September 29, 2020:''' Elevator Pitch
* '''September 29, 2020:''' Elevator Pitch
* '''October 23, 2020:''' Literature Review
* '''November 2, 2020:''' Literature Review
* '''November 17, 2020:''' Tests/Preliminary Work
* '''December 1, 2020:''' Tests/Preliminary Work
* '''December 23, 2020:''' Final Project Report


==Other Readings==
==Other Readings==

Latest revision as of 02:58, 24 November 2020

Course Outline

The outline for the Fall 2020 run of Adaptive Security is available here.

Zoom link info is in cuLearn. If you can't access it, please email anilsomayaji at cunet.carleton.ca!

Research Journal

Your research journal is due by 9 PM the night before class. If you need more time please message me (on Teams) that you are running late. Entries are graded out of 4. Make sure to date stamp your entries. You may have multiple entries between classes; I will look at all entries since the last class.

For instructions on reviewing papers, see here.

Literature Review

To help you write a literature review or the background of a research paper, read the following:

Class Schedule

September 10, 2020

Introduction

September 15, 2020

Adaptive Security 2020F Lecture 3|September 17, 2020

September 22, 2020

September 24, 2020

September 29, 2020

October 1, 2020

October 6, 2020

October 8, 2020

October 13, 15, & 20, 2020

Review two papers per class following this template. Post your reviews on the Readings Wiki on Teams (in the Readings channel).

October 22, 2020

November 3, 2020

Look at the papers in the USENIX Security 2000 and USENIX Security 2010 as compared to the papers in USENIX Security 2020.

  • How have the kinds of papers changed over the years?
  • How has the ratio of attack to defence papers changed?
  • Has the "practicality" of papers changed?

November 17, 2020

November 19, 2020

November 24, 2020

November 26, 2020

December 1, 2020

December 3, 2020

December 8, 2020

Presentations 1

December 10, 2020

Presentations 2

Project Milestones

  • September 18, 2020: Areas of interest
  • September 29, 2020: Elevator Pitch
  • November 2, 2020: Literature Review
  • December 1, 2020: Tests/Preliminary Work
  • December 23, 2020: Final Project Report

Other Readings

Here are some optional readings, most with a more biological bent:


Note that some of the content of this course came from a previous course, Biological Approaches to Computer Security:

The focus of this class will be on designing and building actual defenses so we won't cover many of these readings. However, you may want to take a look at them for inspiration.