Software & Systems Security Seminar

Time and Location

• Time: Fridays 11am-12pm

• Location: ECSS 3.220

• Instructor: Chung Hwan Kim

Schedule

Week	Date	Topic(s)	Facilitator(s)	Paper(s)
1	8/30	Bluetooth Security	Sai Tharun Reddy Mulka	SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth [S&P 2024]
2	9/6	Fuzzing with LLM	Zelun Kong	Fuzzing BusyBox: Leveraging LLM and Crash Reuse for Embedded Bug Unearthing [USENIX Security 2024]
3	9/13	Cloud Security	Mary Grace Kozuch	Fighting the Fog of War: Automated Incident Detection for Cloud Systems [USENIX ATC 2021]
4	9/20	GPS Spoofing	Sudharssan Mohan	SwarmFuzz: Discovering GPS Spoofing Attacks in Drone Swarms [DSN 2023]
5	9/27	RTOS Fuzzing	Minkyung Park	SFuzz: Slice-based Fuzzing for Real-Time Operating Systems [CCS 2022]
6	10/4	Drone Testing	Sudharssan Mohan	Get Your Cyber-Physical Tests Done! Data-Driven Vulnerability Assessment of Robotic Aerial Vehicle [DSN 2023]
7	10/11	IoT Device Fuzzing	Zelun Kong	LABRADOR: Response Guided Directed Fuzzing for Black-box IoT Devices [S&P 2024]
8	10/18	-	-	No meeting
9	10/25	Sensor Fusion	Sudharssan Mohan	Malicious Attacks against Multi-Sensor Fusion in Autonomous Driving [MobiCom 2024]
10	11/1	Code Analysis with LLM	Zelun Kong	Large Language Models for Code Analysis: Do LLMs Really Do Their Job? [USENIX Security 2024]
11	11/8	IoT Firmware Security	CANCELLED	Unveiling IoT Security in Reality: A Firmware-Centric Journey [USENIX Security 2024]
12	11/15	Robot Fuzzing	Sai Tharun Reddy Mulka	Enhancing ROS System Fuzzing through Callback Tracing [ISSTA 2024]
13	11/22	Firmware Fuzzing	Minkyung Park	Forming Faster Firmware Fuzzers [USENIX Security 2023]

Overview

The Fall 2024 offering of the Software & Systems Security Seminar will cover a variety of security topics, with an eye toward two goals.

• Increase participants' familiarity with recent and important results in the areas of software and systems security research. Attendees will read and discuss papers from recent and imminent top-tier security conferences: e.g., IEEE S&P, USENIX Security, CCS, NDSS, and security-related systems and software engineering conferences, and so on.

• Be a venue for student presentations. This may be a "formal" research presentation--ideally of a student's current work--or it may be an analysis of the research papers chosen for a seminar meeting.

Participation

To participate in the seminar, please get on the seminar mailing list. Use Sympa to subscribe to s3sem.

Potential Papers

Upcoming and recent conference proceedings are good sources of papers for discussion. Below are links to some relevant conference series.

• Security: IEEE S&P, USENIX Security, CCS, NDSS, EuroS&P, ACSAC, ASIACCS, RAID, ESORICS, CODASPY, Black Hat

• Systems: OSDI, SOSP, USENIX ATC, EuroSys, ASPLOS, SOCC, SIGMETRICS, MobiSys, SenSys, FAST, VEE, DSN, ICDCS

• Software Engineering / Compilers: PLDI, ICSE, ESEC/FSE, ASE, POPL, SPLASH/OOPSLA, ECOOP, CGO

• Computer Architecture: ISCA, MICRO

• Workshops: SecDev, BAR, VehicleSec, SpaceSec, SafeThings, CPSIoTSec, WOOT

Past Seminars

• Summer 2024