Software & Systems Security Seminar

Time and Location

Schedule

Week Date Topic(s) Facilitator(s) Paper(s)
1 1/26 Attack Investigation with Logs Mary Grace Kozuch AIRTAG: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts [Security 2023]
2 2/2 System Call Analysis Minkyung Park SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers [S&P 2023]
3 2/9 Physical Sensor Attacks Sudharssan Mohan A Systematic Study of Physical Sensor Attack Hardness [S&P 2024]
4 2/16 Firmware Compartmentalization Zelun Kong EC: Embedded Systems Compartmentalization via Intra-Kernel Isolation [S&P 2023]
5 2/23 Physical Event Verification Zelun Kong Evasion Attacks and Defenses on Smart Home Physical Event Verification [NDSS 2023]
6 3/1 Adversarial Driving Maneuvers Sudharssan Mohan Discovering Adversarial Driving Maneuvers against Autonomous Vehicles [Security 2023]
7 3/8 System Call Filtering Minkyung Park SysPart: Automated Temporal System Call Filtering for Binaries [CCS 2023]
8 3/15 - - No meeting (spring break)
9 3/22 Deterministic Replay Debugging Md Nazmus Sakib BugNet: Continuously Recording Program Execution for Deterministic Replay Debugging [ISCA 2005]
10 3/29 USB Attacks Sai Tharun Reddy Mulka The Impostor Among US(B): Off-Path Injection Attacks on USB Communications [Security 2023]
11 4/5 LiDAR Attacks Benjamin Carroll You Can't See Me: Physical Removal Attacks on LiDAR-based Autonomous Vehicles Driving Frameworks [Security 2023]
12 4/12 USB Fuzzing Sai Tharun Reddy Mulka FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks [S&P 2022]
13 4/19 Web Attack Investigation with Replay Md Nazmus Sakib WEBRR: A Forensic System for Replaying and Investigating Web-Based Attacks in The Modern Web [ATC, 2024] [Security 2024]
14 4/26 TEE Fuzzing Veer Shah TEEzz: Fuzzing Trusted Applications on COTS Android Devices [S&P 2023]

Overview

The Spring 2024 offering of the Software & Systems Security Seminar will cover a variety of security topics, with an eye toward two goals.

  • Increase participants' familiarity with recent and important results in the areas of software and systems security research. Attendees will read and discuss papers from recent and imminent top-tier security conferences: e.g., IEEE S&P, USENIX Security, CCS, NDSS, and security-related systems and software engineering conferences, and so on.

  • Be a venue for student presentations. This may be a "formal" research presentation--ideally of a student's current work--or it may be an analysis of the research papers chosen for a seminar meeting.

Participation

To participate in the seminar, please get on the seminar mailing list. Use Sympa to subscribe to s3sem.

Potential Papers

Upcoming and recent conference proceedings are good sources of papers for discussion. Below are links to some relevant conference series.

Past Seminars