Evolutionary Security: Winter 2025: Difference between revisions
Created page with "==Course Outline== Course outline for Evolutionary Security." |
|||
| (37 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
[[EvoSec 2025W: Course Outline|Course outline for Evolutionary Security]]. | [[EvoSec 2025W: Course Outline|Course outline for Evolutionary Security]]. | ||
==Literature Review== | |||
To help you write a literature review or the background of a research paper, read the following: | |||
* Harvey, "What Is a Literature Review?" [https://www.cs.cmu.edu/~missy/WritingaLiteratureReview.doc (DOC)] [https://www.cs.cmu.edu/~missy/Writing_a_Literature_Review.ppt (PPT)] | |||
* [https://www.writing.utoronto.ca/advice/specific-types-of-writing/literature-review Taylor, "The Literature Review: A Few Tips On Conducting It"] | |||
==Class Schedule (Readings & Notes)== | |||
===[[EvoSec 2025W Lecture 1|January 7, 2025]]=== | |||
Introduction | |||
===[[EvoSec 2025W Lecture 2|January 9, 2025]]=== | |||
Introduction to Trust | |||
===[[EvoSec 2025W Lecture 3|January 14, 2025]]=== | |||
Computational Trust | |||
* [https://homeostasis.scs.carleton.ca/~soma/evosec/readings/marsh1994-formalising-trust.pdf Marsh, "Formalising Trust as a Computational Concept."] (Chapters 1 & 3) | |||
===[[EvoSec 2025W Lecture 4|January 16, 2025]]=== | |||
Biological Trust | |||
* [https://homeostasis.scs.carleton.ca/~soma/evosec/readings/bateson1998-trust.pdf Bateson, "The Biological Evolution of Cooperation and Trust."] (1988) | |||
* [https://homeostasis.scs.carleton.ca/~soma/evosec/readings/michod2001-multicellularity.pdf Michod & Roze, "Cooperation and conflict in the evolution of multicellularity."] (2001) | |||
===[[EvoSec 2025W Lecture 5|January 21, 2025]]=== | |||
OceanStore & BOINC | |||
* [https://homeostasis.scs.carleton.ca/~soma/distos/fall2008/oceanstore-sigplan.pdf John Kubiatowicz et al., "OceanStore: An Architecture for Global-Scale Persistent Storage" (SIGPLAN 2000)] | |||
* [https://homeostasis.scs.carleton.ca/~soma/distos/fall2008/fast2003-pond.pdf Sean Rhea et al., "Pond: the OceanStore Prototype" (FAST 2003)] | |||
* [https://homeostasis.scs.carleton.ca/~soma/distos/fall2008/anderson-boinc.pdf Anderson, "BOINC: A System for Public-Resource Computing and Storage" (Grid Computing 2004)] | |||
===[[EvoSec 2025W Lecture 6|January 23, 2025]]=== | |||
Chubby & GFS | |||
* [https://www.usenix.org/legacy/events/osdi06/tech/burrows.html Burrows, The Chubby Lock Service for Loosely-Coupled Distributed Systems (OSDI 2006)] | |||
* [https://research.google.com/archive/gfs-sosp2003.pdf Sanjay Ghemawat et al., "The Google File System" (SOSP 2003)] | |||
===[[EvoSec 2025W Lecture 7|January 28, 2025]]=== | |||
Symbiosis | |||
* [https://homeostasis.scs.carleton.ca/~soma/evosec/readings/margulis1971-sciam.pdf Margulis, Symbiosis and Evolution (Scientific American 1971)] | |||
===[[EvoSec 2025W Lecture 8|January 30, 2025]]=== | |||
Tierra | |||
* Tom Ray, Tierra (1992): [https://homeostasis.scs.carleton.ca/~soma/adapsec/readings/tierra-92-08-042.pdf Pixelated but with Figures], [https://homeostasis.scs.carleton.ca/~soma/biosec/readings/tierra.pdf Clearer Text] | |||
===[[EvoSec 2025W Lecture 9|February 4, 2025]]=== | |||
====Readings==== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/neti-hotsec2012.pdf Neti, "Software diversity: Security, Entropy, and Game Theory." (HotSec 2012)] | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/mansourzadeh-asia2024.pdf Mansourzadeh, "A Fragility Metric for Software Diversity." (ASIA 2024)] | |||
====Discussion Questions==== | |||
* What is the basic model behind both of these systems? Hint: focus on the figures! | |||
* What aspect(s) of security are these models capturing? What are they missing? | |||
===[[EvoSec 2025W Lecture 10|February 6, 2025]]=== | |||
====Readings==== | |||
* [https://people.scs.carleton.ca/~soma/biosec/readings/forrest-diverse.pdf Forrest, "Building Diverse Computer Systems." (HotOS 1997)] | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/mansourzadeh-nspw2024.pdf Mansourzadeh, "Towards Foundational Security Metrics." (NSPW 2024)] | |||
====Discussion Questions==== | |||
* What security problems does the Forrest paper address? What problems does it not address? | |||
* How plausible/realistic is the model in Mansourzadeh's paper? | |||
* To what degree do the strategies described in the Forrest paper impact the KOSM and DESM metrics described in Mansourzadeh's paper? | |||
===[[EvoSec 2025W Lecture 11|February 11, 2025]]=== | |||
====Readings==== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/forrest-ieeesp96.pdf Forrest, "A Sense of Self for Unix Processes." (IEEE SP 1996)] | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/forrest-acsac2008.pdf Forrest, "The Evolution of System-call Monitoring." (ACSAC 2008)] | |||
===February 13, 2025=== | |||
Project elevator pitches (presentations in class) | |||
===[[EvoSec 2025W Lecture 12|February 25, 2025]]=== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/oda-asia-08.pdf Oda, "Content Provider Conflict on the Modern Web." (ASIA 2008)] | |||
===[[EvoSec 2025W Lecture 13|February 27, 2025]]=== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/somayaji-cset2009.pdf Somayaji, "Evaluating Security Products with Clinical Trials." (CSET 2009)] | |||
===[[EvoSec 2025W Lecture 14|March 4, 2025]]=== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/somayaji-nspw2013.pdf Somayaji, "Towards Narrative Authentication: or, against boring authentication." (NSPW 2013)] | |||
'''Early Literature Review due''' | |||
===[[EvoSec 2025W Lecture 15|March 6, 2025]]=== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/obada-usec2017.pdf Obada-Obieh, "“Don’t Break My Heart!”: User Security Strategies for Online Dating." (USEC 2017)] | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/obada-nspw2017.pdf Obada-Obieh, "Can I believe you?: Establishing Trust in Computer Mediated Introductions." (NSPW 2017)] | |||
===[[EvoSec 2025W Lecture 16|March 11, 2025]]=== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/yli-acsac-05.pdf Li, "Securing Email Archives through User Modeling." (ACSAC 2005)] | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/li-catx2013.pdf Li, "Fine-grained Access Control using Email Social Networks." (CATX 2013)] | |||
===[[EvoSec 2025W Lecture 17|March 13, 2025]]=== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/amatrawy-acns-05.pdf Matrawy, "Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management." (ACNS 2005)] | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/inoue-lisa2007.pdf Inoue, "NetADHICT: A Tool for Understanding Network Traffic." (LISA 2007)] | |||
===[[EvoSec 2025W Lecture 18|March 18, 2025]]=== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/dabbour-nspw2020.pdf Dabbour, "Towards In-Band Non-Cryptographic Authentication." (NSPW 2020)] | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/bfoster-gecco-2010.pdf Foster, "Object-Level Recombination of Commodity Applications." (GECCO 2010)] | |||
===[[EvoSec 2025W Lecture 19|March 20, 2025]]=== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/findlay-ccsw2020.pdf Findlay, "bpfbox: Simple Precise Process Confinement with eBPF." (CCSW 2020)] | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/findlay-bpfcontain2021.pdf Findlay, "Bpfcontain: Fixing the soft underbelly of container security." (arXiv 2021)] | |||
===[[EvoSec 2025W Lecture 20|March 25, 2025]]=== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/somayaji-nspw97.pdf Somayaji, "Principles of a Computer Immune System." (NSPW 1997)] | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/nspw-2007-biopanel.pdf Somayaji, "Panel: The Future of Biologically-Inspired Security: Is There Anything Left to Learn?" (NSPW 2008)] | |||
===[[EvoSec 2025W Lecture 21|March 27, 2025]]=== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/burgess-nspw2018.pdf Burgess, "After the BlockCloud Apocalypse." (NSPW 2018)] | |||
===[[EvoSec 2025W Lecture 22|April 1, 2025]]=== | |||
Presentations, Day 1 | |||
===[[EvoSec 2025W Lecture 23|April 3, 2025]]=== | |||
Presentations, Day 2 | |||
===[[EvoSec 2025W Lecture 24|April 8, 2025]]=== | |||
Presentations, Day 3 | |||
Latest revision as of 19:39, 1 March 2025
Course Outline
Course outline for Evolutionary Security.
Literature Review
To help you write a literature review or the background of a research paper, read the following:
- Harvey, "What Is a Literature Review?" (DOC) (PPT)
- Taylor, "The Literature Review: A Few Tips On Conducting It"
Class Schedule (Readings & Notes)
January 7, 2025
Introduction
January 9, 2025
Introduction to Trust
January 14, 2025
Computational Trust
- Marsh, "Formalising Trust as a Computational Concept." (Chapters 1 & 3)
January 16, 2025
Biological Trust
- Bateson, "The Biological Evolution of Cooperation and Trust." (1988)
- Michod & Roze, "Cooperation and conflict in the evolution of multicellularity." (2001)
January 21, 2025
OceanStore & BOINC
- John Kubiatowicz et al., "OceanStore: An Architecture for Global-Scale Persistent Storage" (SIGPLAN 2000)
- Sean Rhea et al., "Pond: the OceanStore Prototype" (FAST 2003)
- Anderson, "BOINC: A System for Public-Resource Computing and Storage" (Grid Computing 2004)
January 23, 2025
Chubby & GFS
- Burrows, The Chubby Lock Service for Loosely-Coupled Distributed Systems (OSDI 2006)
- Sanjay Ghemawat et al., "The Google File System" (SOSP 2003)
January 28, 2025
Symbiosis
January 30, 2025
Tierra
- Tom Ray, Tierra (1992): Pixelated but with Figures, Clearer Text
February 4, 2025
Readings
- Neti, "Software diversity: Security, Entropy, and Game Theory." (HotSec 2012)
- Mansourzadeh, "A Fragility Metric for Software Diversity." (ASIA 2024)
Discussion Questions
- What is the basic model behind both of these systems? Hint: focus on the figures!
- What aspect(s) of security are these models capturing? What are they missing?
February 6, 2025
Readings
- Forrest, "Building Diverse Computer Systems." (HotOS 1997)
- Mansourzadeh, "Towards Foundational Security Metrics." (NSPW 2024)
Discussion Questions
- What security problems does the Forrest paper address? What problems does it not address?
- How plausible/realistic is the model in Mansourzadeh's paper?
- To what degree do the strategies described in the Forrest paper impact the KOSM and DESM metrics described in Mansourzadeh's paper?
February 11, 2025
Readings
- Forrest, "A Sense of Self for Unix Processes." (IEEE SP 1996)
- Forrest, "The Evolution of System-call Monitoring." (ACSAC 2008)
February 13, 2025
Project elevator pitches (presentations in class)
February 25, 2025
February 27, 2025
March 4, 2025
Early Literature Review due
March 6, 2025
- Obada-Obieh, "“Don’t Break My Heart!”: User Security Strategies for Online Dating." (USEC 2017)
- Obada-Obieh, "Can I believe you?: Establishing Trust in Computer Mediated Introductions." (NSPW 2017)
March 11, 2025
- Li, "Securing Email Archives through User Modeling." (ACSAC 2005)
- Li, "Fine-grained Access Control using Email Social Networks." (CATX 2013)
March 13, 2025
- Matrawy, "Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management." (ACNS 2005)
- Inoue, "NetADHICT: A Tool for Understanding Network Traffic." (LISA 2007)
March 18, 2025
- Dabbour, "Towards In-Band Non-Cryptographic Authentication." (NSPW 2020)
- Foster, "Object-Level Recombination of Commodity Applications." (GECCO 2010)
March 20, 2025
- Findlay, "bpfbox: Simple Precise Process Confinement with eBPF." (CCSW 2020)
- Findlay, "Bpfcontain: Fixing the soft underbelly of container security." (arXiv 2021)
March 25, 2025
- Somayaji, "Principles of a Computer Immune System." (NSPW 1997)
- Somayaji, "Panel: The Future of Biologically-Inspired Security: Is There Anything Left to Learn?" (NSPW 2008)
March 27, 2025
April 1, 2025
Presentations, Day 1
April 3, 2025
Presentations, Day 2
April 8, 2025
Presentations, Day 3