Software & Systems Security Seminar

Time and Location

• Time: Fridays 2:30-3:30pm

• Location: ECSS 3.220

• Instructor: Chung Hwan Kim

Schedule

Week	Date	Topic(s)	Facilitator(s)	Paper(s)
1	1/26	Attack Investigation with Logs	Mary Grace Kozuch	AIRTAG: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts [Security 2023]
2	2/2	System Call Analysis	Minkyung Park	SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers [S&P 2023]
3	2/9	Physical Sensor Attacks	Sudharssan Mohan	A Systematic Study of Physical Sensor Attack Hardness [S&P 2024]
4	2/16	Firmware Compartmentalization	Zelun Kong	EC: Embedded Systems Compartmentalization via Intra-Kernel Isolation [S&P 2023]
5	2/23	Physical Event Verification	Zelun Kong	Evasion Attacks and Defenses on Smart Home Physical Event Verification [NDSS 2023]
6	3/1	Adversarial Driving Maneuvers	Sudharssan Mohan	Discovering Adversarial Driving Maneuvers against Autonomous Vehicles [Security 2023]
7	3/8	Kernel Fuzzing	Minkyung Park	SyzDirect: Directed Greybox Fuzzing for Linux Kernel [CCS 2023]
8	3/15	-	-	No meeting (spring break)
9	3/22	Deterministic Replay Debugging	Md Nazmus Sakib	Engineering Record and Replay for Deployability [ATC 2017]
10	3/29	USB Attacks	Sai Tharun Reddy Mulka	The Impostor Among US(B): Off-Path Injection Attacks on USB Communications [Security 2023]
11	4/5	LiDAR Attacks	CANCELLED	You Can't See Me: Physical Removal Attacks on LiDAR-based Autonomous Vehicles Driving Frameworks [Security 2023]
12	4/12	Web Attack Investigation with Replay	CANCELLED	WEBRR: A Forensic System for Replaying and Investigating Web-Based Attacks in The Modern Web [ATC, 2024] [Security 2024]
13	4/19	USB Fuzzing	Sai Tharun Reddy Mulka	FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks [S&P 2022]
14	4/26	TEE Fuzzing	CANCELLED	TEEzz: Fuzzing Trusted Applications on COTS Android Devices [S&P 2023]

Overview

The Spring 2024 offering of the Software & Systems Security Seminar will cover a variety of security topics, with an eye toward two goals.

• Increase participants' familiarity with recent and important results in the areas of software and systems security research. Attendees will read and discuss papers from recent and imminent top-tier security conferences: e.g., IEEE S&P, USENIX Security, CCS, NDSS, and security-related systems and software engineering conferences, and so on.

• Be a venue for student presentations. This may be a "formal" research presentation--ideally of a student's current work--or it may be an analysis of the research papers chosen for a seminar meeting.

Participation

To participate in the seminar, please get on the seminar mailing list. Use Sympa to subscribe to s3sem.

Potential Papers

Upcoming and recent conference proceedings are good sources of papers for discussion. Below are links to some relevant conference series.

• Security: IEEE S&P, USENIX Security, CCS, NDSS, EuroS&P, ACSAC, ASIACCS, RAID, ESORICS, CODASPY, Black Hat

• Systems: OSDI, SOSP, USENIX ATC, EuroSys, ASPLOS, SOCC, SIGMETRICS, MobiSys, SenSys, FAST, VEE, DSN, ICDCS

• Software Engineering / Compilers: PLDI, ICSE, ESEC/FSE, ASE, POPL, SPLASH/OOPSLA, ECOOP, CGO

• Computer Architecture: ISCA, MICRO

• Workshops: SecDev, BAR, VehicleSec, SpaceSec, SafeThings, CPSIoTSec, HotSec, WOOT

Past Seminars

• Summer 2023