Evolutionary Security: Winter 2025: Difference between revisions
| (6 intermediate revisions by the same user not shown) | |||
| Line 55: | Line 55: | ||
===[[EvoSec 2025W Lecture 9|February 4, 2025]]=== | ===[[EvoSec 2025W Lecture 9|February 4, 2025]]=== | ||
====Readings==== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/neti-hotsec2012.pdf Neti, "Software diversity: Security, Entropy, and Game Theory." (HotSec 2012)] | * [https://homeostasis.scs.carleton.ca/~soma/pubs/neti-hotsec2012.pdf Neti, "Software diversity: Security, Entropy, and Game Theory." (HotSec 2012)] | ||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/mansourzadeh-asia2024.pdf Mansourzadeh, "A Fragility Metric for Software Diversity." (ASIA 2024)] | * [https://homeostasis.scs.carleton.ca/~soma/pubs/mansourzadeh-asia2024.pdf Mansourzadeh, "A Fragility Metric for Software Diversity." (ASIA 2024)] | ||
====Discussion Questions==== | |||
* What is the basic model behind both of these systems? Hint: focus on the figures! | * What is the basic model behind both of these systems? Hint: focus on the figures! | ||
* What aspect(s) of security are these models capturing? What are they missing? | * What aspect(s) of security are these models capturing? What are they missing? | ||
| Line 64: | Line 65: | ||
===[[EvoSec 2025W Lecture 10|February 6, 2025]]=== | ===[[EvoSec 2025W Lecture 10|February 6, 2025]]=== | ||
====Readings==== | |||
* [https://people.scs.carleton.ca/~soma/biosec/readings/forrest-diverse.pdf Forrest, "Building Diverse Computer Systems." (HotOS 1997)] | * [https://people.scs.carleton.ca/~soma/biosec/readings/forrest-diverse.pdf Forrest, "Building Diverse Computer Systems." (HotOS 1997)] | ||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/mansourzadeh-nspw2024.pdf Mansourzadeh, "Towards Foundational Security Metrics." (NSPW 2024)] | * [https://homeostasis.scs.carleton.ca/~soma/pubs/mansourzadeh-nspw2024.pdf Mansourzadeh, "Towards Foundational Security Metrics." (NSPW 2024)] | ||
====Discussion Questions==== | |||
* What security problems does the Forrest paper address? What problems does it not address? | * What security problems does the Forrest paper address? What problems does it not address? | ||
* How plausible/realistic is the model in Mansourzadeh's paper? | * How plausible/realistic is the model in Mansourzadeh's paper? | ||
* To what degree do the strategies described in the Forrest paper impact the KOSM and DESM metrics described in Mansourzadeh's paper? | * To what degree do the strategies described in the Forrest paper impact the KOSM and DESM metrics described in Mansourzadeh's paper? | ||
===[[EvoSec 2025W Lecture 11|February 11, 2025]]=== | |||
====Readings==== | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/forrest-ieeesp96.pdf Forrest, "A Sense of Self for Unix Processes." (IEEE SP 1996)] | |||
* [https://homeostasis.scs.carleton.ca/~soma/pubs/forrest-acsac2008.pdf Forrest, "The Evolution of System-call Monitoring." (ACSAC 2008)] | |||
====Discussion Questions==== | |||
* What is "sequence-based system call monitoring"? | |||
* How did system-call monitoring "evolve"? Specifically, to what extent did its "fitness" improve? | |||
===[[EvoSec 2025W Lecture 12|February 13, 2025]]=== | |||
Project elevator pitches (presentations in class) | |||
Latest revision as of 03:29, 31 January 2025
Course Outline
Course outline for Evolutionary Security.
Literature Review
To help you write a literature review or the background of a research paper, read the following:
- Harvey, "What Is a Literature Review?" (DOC) (PPT)
- Taylor, "The Literature Review: A Few Tips On Conducting It"
Class Schedule (Readings & Notes)
January 7, 2025
Introduction
January 9, 2025
Introduction to Trust
January 14, 2025
Computational Trust
- Marsh, "Formalising Trust as a Computational Concept." (Chapters 1 & 3)
January 16, 2025
Biological Trust
- Bateson, "The Biological Evolution of Cooperation and Trust." (1988)
- Michod & Roze, "Cooperation and conflict in the evolution of multicellularity." (2001)
January 21, 2025
OceanStore & BOINC
- John Kubiatowicz et al., "OceanStore: An Architecture for Global-Scale Persistent Storage" (SIGPLAN 2000)
- Sean Rhea et al., "Pond: the OceanStore Prototype" (FAST 2003)
- Anderson, "BOINC: A System for Public-Resource Computing and Storage" (Grid Computing 2004)
January 23, 2025
Chubby & GFS
- Burrows, The Chubby Lock Service for Loosely-Coupled Distributed Systems (OSDI 2006)
- Sanjay Ghemawat et al., "The Google File System" (SOSP 2003)
January 28, 2025
Symbiosis
January 30, 2025
Tierra
- Tom Ray, Tierra (1992): Pixelated but with Figures, Clearer Text
February 4, 2025
Readings
- Neti, "Software diversity: Security, Entropy, and Game Theory." (HotSec 2012)
- Mansourzadeh, "A Fragility Metric for Software Diversity." (ASIA 2024)
Discussion Questions
- What is the basic model behind both of these systems? Hint: focus on the figures!
- What aspect(s) of security are these models capturing? What are they missing?
February 6, 2025
Readings
- Forrest, "Building Diverse Computer Systems." (HotOS 1997)
- Mansourzadeh, "Towards Foundational Security Metrics." (NSPW 2024)
Discussion Questions
- What security problems does the Forrest paper address? What problems does it not address?
- How plausible/realistic is the model in Mansourzadeh's paper?
- To what degree do the strategies described in the Forrest paper impact the KOSM and DESM metrics described in Mansourzadeh's paper?
February 11, 2025
Readings
- Forrest, "A Sense of Self for Unix Processes." (IEEE SP 1996)
- Forrest, "The Evolution of System-call Monitoring." (ACSAC 2008)
Discussion Questions
- What is "sequence-based system call monitoring"?
- How did system-call monitoring "evolve"? Specifically, to what extent did its "fitness" improve?
February 13, 2025
Project elevator pitches (presentations in class)