Evolutionary Security: Winter 2025: Difference between revisions

From Soma-notes
 
(5 intermediate revisions by the same user not shown)
Line 59: Line 59:
* [https://homeostasis.scs.carleton.ca/~soma/pubs/mansourzadeh-asia2024.pdf Mansourzadeh, "A Fragility Metric for Software Diversity." (ASIA 2024)]
* [https://homeostasis.scs.carleton.ca/~soma/pubs/mansourzadeh-asia2024.pdf Mansourzadeh, "A Fragility Metric for Software Diversity." (ASIA 2024)]


====Questions====
====Discussion Questions====
* What is the basic model behind both of these systems? Hint: focus on the figures!
* What is the basic model behind both of these systems? Hint: focus on the figures!
* What aspect(s) of security are these models capturing? What are they missing?
* What aspect(s) of security are these models capturing? What are they missing?
Line 65: Line 65:
===[[EvoSec 2025W Lecture 10|February 6, 2025]]===
===[[EvoSec 2025W Lecture 10|February 6, 2025]]===


====Readings====
* [https://people.scs.carleton.ca/~soma/biosec/readings/forrest-diverse.pdf Forrest, "Building Diverse Computer Systems." (HotOS 1997)]
* [https://people.scs.carleton.ca/~soma/biosec/readings/forrest-diverse.pdf Forrest, "Building Diverse Computer Systems." (HotOS 1997)]
* [https://homeostasis.scs.carleton.ca/~soma/pubs/mansourzadeh-nspw2024.pdf Mansourzadeh, "Towards Foundational Security Metrics." (NSPW 2024)]
* [https://homeostasis.scs.carleton.ca/~soma/pubs/mansourzadeh-nspw2024.pdf Mansourzadeh, "Towards Foundational Security Metrics." (NSPW 2024)]


'''Questions:'''
====Discussion Questions====
* What security problems does the Forrest paper address? What problems does it not address?
* What security problems does the Forrest paper address? What problems does it not address?
* How plausible/realistic is the model in Mansourzadeh's paper?
* How plausible/realistic is the model in Mansourzadeh's paper?
* To what degree do the strategies described in the Forrest paper impact the KOSM and DESM metrics described in Mansourzadeh's paper?
* To what degree do the strategies described in the Forrest paper impact the KOSM and DESM metrics described in Mansourzadeh's paper?
===[[EvoSec 2025W Lecture 11|February 11, 2025]]===
====Readings====
* [https://homeostasis.scs.carleton.ca/~soma/pubs/forrest-ieeesp96.pdf Forrest, "A Sense of Self for Unix Processes." (IEEE SP 1996)]
* [https://homeostasis.scs.carleton.ca/~soma/pubs/forrest-acsac2008.pdf Forrest, "The Evolution of System-call Monitoring." (ACSAC 2008)]
====Discussion Questions====
* What is "sequence-based system call monitoring"?
* How did system-call monitoring "evolve"? Specifically, to what extent did its "fitness" improve?
===[[EvoSec 2025W Lecture 12|February 13, 2025]]===
Project elevator pitches (presentations in class)

Latest revision as of 03:29, 31 January 2025

Course Outline

Course outline for Evolutionary Security.

Literature Review

To help you write a literature review or the background of a research paper, read the following:

Class Schedule (Readings & Notes)

January 7, 2025

Introduction

January 9, 2025

Introduction to Trust

January 14, 2025

Computational Trust

January 16, 2025

Biological Trust

January 21, 2025

OceanStore & BOINC

January 23, 2025

Chubby & GFS

January 28, 2025

Symbiosis

January 30, 2025

Tierra

February 4, 2025

Readings

Discussion Questions

  • What is the basic model behind both of these systems? Hint: focus on the figures!
  • What aspect(s) of security are these models capturing? What are they missing?

February 6, 2025

Readings

Discussion Questions

  • What security problems does the Forrest paper address? What problems does it not address?
  • How plausible/realistic is the model in Mansourzadeh's paper?
  • To what degree do the strategies described in the Forrest paper impact the KOSM and DESM metrics described in Mansourzadeh's paper?

February 11, 2025

Readings

Discussion Questions

  • What is "sequence-based system call monitoring"?
  • How did system-call monitoring "evolve"? Specifically, to what extent did its "fitness" improve?

February 13, 2025

Project elevator pitches (presentations in class)