Evolutionary Security: Winter 2025: Difference between revisions

From Soma-notes
← Older edit
 
(20 intermediate revisions by the same user not shown)
Line 21: Line 21:
===[[EvoSec 2025W Lecture 3|January 14, 2025]]===
===[[EvoSec 2025W Lecture 3|January 14, 2025]]===


Computational Trust
* [https://homeostasis.scs.carleton.ca/~soma/evosec/readings/marsh1994-formalising-trust.pdf Marsh, "Formalising Trust as a Computational Concept."] (Chapters 1 & 3)
* [https://homeostasis.scs.carleton.ca/~soma/evosec/readings/marsh1994-formalising-trust.pdf Marsh, "Formalising Trust as a Computational Concept."] (Chapters 1 & 3)


===[[EvoSec 2025W Lecture 4|January 16, 2025]]===
===[[EvoSec 2025W Lecture 4|January 16, 2025]]===


Biological Trust
* [https://homeostasis.scs.carleton.ca/~soma/evosec/readings/bateson1998-trust.pdf Bateson, "The Biological Evolution of Cooperation and Trust."] (1988)
* [https://homeostasis.scs.carleton.ca/~soma/evosec/readings/bateson1998-trust.pdf Bateson, "The Biological Evolution of Cooperation and Trust."] (1988)
* [https://homeostasis.scs.carleton.ca/~soma/evosec/readings/michod2001-multicellularity.pdf Michod & Roze, "Cooperation and conflict in the evolution of multicellularity."] (2001)
* [https://homeostasis.scs.carleton.ca/~soma/evosec/readings/michod2001-multicellularity.pdf Michod & Roze, "Cooperation and conflict in the evolution of multicellularity."] (2001)
Line 40: Line 42:
* [https://www.usenix.org/legacy/events/osdi06/tech/burrows.html Burrows, The Chubby Lock Service for Loosely-Coupled Distributed Systems (OSDI 2006)]
* [https://www.usenix.org/legacy/events/osdi06/tech/burrows.html Burrows, The Chubby Lock Service for Loosely-Coupled Distributed Systems (OSDI 2006)]
* [https://research.google.com/archive/gfs-sosp2003.pdf Sanjay Ghemawat et al., "The Google File System" (SOSP 2003)]
* [https://research.google.com/archive/gfs-sosp2003.pdf Sanjay Ghemawat et al., "The Google File System" (SOSP 2003)]
===[[EvoSec 2025W Lecture 7|January 28, 2025]]===
Symbiosis
* [https://homeostasis.scs.carleton.ca/~soma/evosec/readings/margulis1971-sciam.pdf Margulis, Symbiosis and Evolution (Scientific American 1971)]
===[[EvoSec 2025W Lecture 8|January 30, 2025]]===
Tierra
* Tom Ray, Tierra (1992): [https://homeostasis.scs.carleton.ca/~soma/adapsec/readings/tierra-92-08-042.pdf Pixelated but with Figures], [https://homeostasis.scs.carleton.ca/~soma/biosec/readings/tierra.pdf Clearer Text]
===[[EvoSec 2025W Lecture 9|February 4, 2025]]===
====Readings====
* [https://homeostasis.scs.carleton.ca/~soma/pubs/neti-hotsec2012.pdf Neti, "Software diversity: Security, Entropy, and Game Theory." (HotSec 2012)]
* [https://homeostasis.scs.carleton.ca/~soma/pubs/mansourzadeh-asia2024.pdf Mansourzadeh, "A Fragility Metric for Software Diversity." (ASIA 2024)]
====Discussion Questions====
* What is the basic model behind both of these systems? Hint: focus on the figures!
* What aspect(s) of security are these models capturing? What are they missing?
===[[EvoSec 2025W Lecture 10|February 6, 2025]]===
====Readings====
* [https://people.scs.carleton.ca/~soma/biosec/readings/forrest-diverse.pdf Forrest, "Building Diverse Computer Systems." (HotOS 1997)]
* [https://homeostasis.scs.carleton.ca/~soma/pubs/mansourzadeh-nspw2024.pdf Mansourzadeh, "Towards Foundational Security Metrics." (NSPW 2024)]
====Discussion Questions====
* What security problems does the Forrest paper address? What problems does it not address?
* How plausible/realistic is the model in Mansourzadeh's paper?
* To what degree do the strategies described in the Forrest paper impact the KOSM and DESM metrics described in Mansourzadeh's paper?
===[[EvoSec 2025W Lecture 11|February 11, 2025]]===
====Readings====
* [https://homeostasis.scs.carleton.ca/~soma/pubs/forrest-ieeesp96.pdf Forrest, "A Sense of Self for Unix Processes." (IEEE SP 1996)]
* [https://homeostasis.scs.carleton.ca/~soma/pubs/forrest-acsac2008.pdf Forrest, "The Evolution of System-call Monitoring." (ACSAC 2008)]
====Discussion Questions====
* What is "sequence-based system call monitoring"?
* How did system-call monitoring "evolve"? Specifically, to what extent did its "fitness" improve?
===February 13, 2025===
Project elevator pitches (presentations in class)
===[[EvoSec 2025W Lecture 12|February 25, 2025]]===
* [https://homeostasis.scs.carleton.ca/~soma/pubs/oda-asia-08.pdf Oda, "Content Provider Conflict on the Modern Web." (ASIA 2008)]
===[[EvoSec 2025W Lecture 13|February 27, 2025]]===
* [https://homeostasis.scs.carleton.ca/~soma/pubs/somayaji-cset2009.pdf Somayaji, "Evaluating Security Products with Clinical Trials." (CSET 2009)]
===[[EvoSec 2025W Lecture 14|March 4, 2025]]===
* [https://homeostasis.scs.carleton.ca/~soma/pubs/somayaji-nspw2013.pdf Somayaji, "Towards Narrative Authentication: or, against boring authentication." (NSPW 2013)]
'''Early Literature Review due'''
===[[EvoSec 2025W Lecture 15|March 6, 2025]]===
===[[EvoSec 2025W Lecture 16|March 11, 2025]]===
===[[EvoSec 2025W Lecture 17|March 13, 2025]]===
===[[EvoSec 2025W Lecture 18|March 18, 2025]]===
===[[EvoSec 2025W Lecture 19|March 20, 2025]]===
===[[EvoSec 2025W Lecture 20|March 25, 2025]]===
===[[EvoSec 2025W Lecture 21|March 27, 2025]]===
* [https://homeostasis.scs.carleton.ca/~soma/pubs/burgess-nspw2018.pdf Burgess, "After the BlockCloud Apocalypse." (NSPW 2018)]
===[[EvoSec 2025W Lecture 22|April 1, 2025]]===
Presentations, Day 1
===[[EvoSec 2025W Lecture 23|April 3, 2025]]===
Presentations, Day 2
===[[EvoSec 2025W Lecture 24|April 8, 2025]]===
Presentations, Day 3

Latest revision as of 03:51, 23 February 2025

Course Outline

Course outline for Evolutionary Security.

Literature Review

To help you write a literature review or the background of a research paper, read the following:

Class Schedule (Readings & Notes)

January 7, 2025

Introduction

January 9, 2025

Introduction to Trust

January 14, 2025

Computational Trust

January 16, 2025

Biological Trust

January 21, 2025

OceanStore & BOINC

January 23, 2025

Chubby & GFS

January 28, 2025

Symbiosis

January 30, 2025

Tierra

February 4, 2025

Readings

Discussion Questions

  • What is the basic model behind both of these systems? Hint: focus on the figures!
  • What aspect(s) of security are these models capturing? What are they missing?

February 6, 2025

Readings

Discussion Questions

  • What security problems does the Forrest paper address? What problems does it not address?
  • How plausible/realistic is the model in Mansourzadeh's paper?
  • To what degree do the strategies described in the Forrest paper impact the KOSM and DESM metrics described in Mansourzadeh's paper?

February 11, 2025

Readings

Discussion Questions

  • What is "sequence-based system call monitoring"?
  • How did system-call monitoring "evolve"? Specifically, to what extent did its "fitness" improve?

February 13, 2025

Project elevator pitches (presentations in class)

February 25, 2025

February 27, 2025

March 4, 2025

Early Literature Review due

March 6, 2025

March 11, 2025

March 13, 2025

March 18, 2025

March 20, 2025

March 25, 2025

March 27, 2025

April 1, 2025

Presentations, Day 1

April 3, 2025

Presentations, Day 2

April 8, 2025

Presentations, Day 3

Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=Evolutionary_Security:_Winter_2025&oldid=25014"