Software & Systems Security Seminar¶
Time and Location¶
Time: Fridays 09:30-10:30am
Location: ECSS 4.214
Instructor: Chung Hwan Kim
Schedule¶
| Week | Date | Topic(s) | Facilitator(s) | Paper(s) |
| 1 | 5/26 | ML-based Security | Chun Hin Cheng | Dos and Don'ts of Machine Learning in Computer Security [Security 2022] |
| 2 | 6/2 | Trusted Bare-metal Embedded Systems | CANCELLED | PISTIS: Trusted Computing Architecture for Low-end Embedded Systems [Security 2022] |
| 3 | 6/9 | Data Race Attacks on Intel SGX | Zelun Kong | Controlled Data Races in Enclaves: Attacks and Detection [Security 2023] |
| 4 | 6/16 | Robot Operating System Security | Zelun Kong | On the (In)Security of Secure ROS2 [CCS 2022] |
| 5 | 6/23 | Autonomous Driving Software Testing | CANCELLED | Doppelganger Test Generation for Revealing Bugs in Autonomous Driving Software [ICSE 2023] |
| 6 | 6/30 | Provenance-based Attack Detection | Takemaru Kodai | DISTDET: A Cost-Effective Distributed Cyber Threat Detection System [Security 2023] |
| 7 | 7/7 | Patch Verification for Drone Control Firmware | Sudharssan Mohan | PatchVerif: Discovering Faulty Patches in Robotic Vehicles [Security 2023] |
| 8 | 7/14 | Evading Provenance-based Attack Detection | Kunal Mukherjee | Evading Provenance-Based ML Detectors with Adversarial System Actions [Security 2023] |
| 9 | 7/21 | Fuzzing for RTOS | Zelun Kong | SFuzz: Slice-based Fuzzing for Real-Time Operating Systems [CCS 2022] |
| 10 | 7/28 | Control Flow Integrity for Embedded Systems | Sudharssan Mohan | Holistic Control-Flow Protection on Real-Time Embedded Systems with Kage [Security 2022] |
| 11 | 8/4 | Domain-specific Language for Drone Firmware Patching | CANCELLED | Reverse Engineering and Retrofitting Robotic Aerial Vehicle Control Firmware using Dispatch [MobiSys 2022] |
| 12 | 8/11 | Fuzzing Robotic Systems | Sudharssan Mohan | RoboFuzz: Fuzzing Robotic Systems over Robot Operating System (ROS) for Finding Correctness Bugs [FSE 2022] |
Overview¶
The Summer 2023 offering of the Software & Systems Security Seminar will cover a variety of security topics, with an eye toward two goals.
Increase participants' familiarity with recent and important results in the areas of software and systems security research. Attendees will read and discuss papers from recent and imminent top-tier security conferences: e.g., IEEE S&P, USENIX Security, CCS, NDSS, and security-related systems and software engineering conferences, and so on.
Be a venue for student presentations. This may be a "formal" research presentation--ideally of a student's current work--or it may be an analysis of the research papers chosen for a seminar meeting.
Participation¶
To participate in the seminar, please get on the seminar mailing list. Use Sympa to subscribe to s3sem.
Potential Papers¶
Upcoming and recent conference proceedings are good sources of papers for discussion. Below are links to some relevant conference series.
Security: IEEE S&P, USENIX Security, CCS, NDSS, EuroS&P, ACSAC, ASIACCS, RAID, ESORICS, CODASPY, Black Hat
Systems: OSDI, SOSP, USENIX ATC, EuroSys, ASPLOS, SOCC, SIGMETRICS, MobiSys, SenSys, FAST, VEE, DSN, ICDCS
Software Engineering / Compilers: PLDI, ICSE, ESEC/FSE, ASE, POPL, SPLASH/OOPSLA, ECOOP, CGO
Workshops: SecDev, BAR, VehicleSec, SpaceSec, SafeThings, CPSIoTSec, HotSec, WOOT