Software & Systems Security Seminar

Time and Location

• Time: Fridays 11:30am-12:30pm

• Location: ECSS 3.220

• Instructor: Chung Hwan Kim

Schedule

Week	Date	Topic(s)	Facilitator(s)	Paper(s)
1	5/24	USB Power Fuzzing	Sai Tharun Reddy Mulka	Fuzz The Power: Dual-role State Guided Black-box Fuzzing for USB Power Delivery [USENIX Security 2023]
2	5/31	USB Driver Fuzzing	Md Nazmus Sakib	ReUSB: Replay-Guided USB Driver Fuzzing [USENIX Security 2023]
3	6/7	Directed Fuzzing	Minkyung Park	Titan: Efficient Multi-target Directed Greybox Fuzzing [S&P 2024]
4	6/14	Distributed Systems Fuzzing	Md Nazmus Sakib	Greybox Fuzzing of Distributed Systems [CCS 2023]
5	6/21	Static Analysis for Security	CANCELLED	"False negative - that one is going to kill you." - Understanding Industry Perspectives of Static Analysis based Security Testing [S&P 2024]
6	6/28	AV Sensor Attack Detection	Sudharssan Mohan	AVMON: Securing Autonomous Vehicles by Learning Control Invariants and Residual Prediction [VehicleSec 2024]
7	7/5	-	-	No meeting
8	7/12	Side Channel Attacks on DNN	Minkyung Park	Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures [USENIX Security 2020]
9	7/19	AV Tracking Protocol Reverse Engineering	Sudharssan Mohan	Drone Security and the Mysterious Case of DJI's DroneID [NDSS 2023]
10	7/26	Automated Root Cause Analysis	Zelun Kong	BENZENE: A Practical Root Cause Analysis System with an Under-Constrained State Mutation [S&P 2024]
11	8/2	Voltage-based Automotive Security	Sai Tharun Reddy Mulka	Evading Voltage-Based Intrusion Detection on Automotive CAN [NDSS 2021]
12	8/9	Bluetooth Security	Sai Tharun Reddy Mulka	SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth [S&P 2024]

Overview

The Summer 2024 offering of the Software & Systems Security Seminar will cover a variety of security topics, with an eye toward two goals.

• Increase participants' familiarity with recent and important results in the areas of software and systems security research. Attendees will read and discuss papers from recent and imminent top-tier security conferences: e.g., IEEE S&P, USENIX Security, CCS, NDSS, and security-related systems and software engineering conferences, and so on.

• Be a venue for student presentations. This may be a "formal" research presentation--ideally of a student's current work--or it may be an analysis of the research papers chosen for a seminar meeting.

Participation

To participate in the seminar, please get on the seminar mailing list. Use Sympa to subscribe to s3sem.

Potential Papers

Upcoming and recent conference proceedings are good sources of papers for discussion. Below are links to some relevant conference series.

• Security: IEEE S&P, USENIX Security, CCS, NDSS, EuroS&P, ACSAC, ASIACCS, RAID, ESORICS, CODASPY, Black Hat

• Systems: OSDI, SOSP, USENIX ATC, EuroSys, ASPLOS, SOCC, SIGMETRICS, MobiSys, SenSys, FAST, VEE, DSN, ICDCS

• Software Engineering / Compilers: PLDI, ICSE, ESEC/FSE, ASE, POPL, SPLASH/OOPSLA, ECOOP, CGO

• Computer Architecture: ISCA, MICRO

• Workshops: SecDev, BAR, VehicleSec, SpaceSec, SafeThings, CPSIoTSec, HotSec, WOOT

Past Seminars

• Spring 2024