Reading materials related to the Lectures

Papers for Second presentstions (Week of April 17)

Day 1

1.       Model-based Risk Assessment to Improve Enterprise Security (Leonora)

2.       Model-Based Validation of an Intrusion-Tolerant Information System (Andrew)

3.       Model-Based Design and Analysis of Permission-Based Security (Lyndsi)

4.       Model Checking An Entire Linux Distribution for Security Violations (Long)

Day 2

1.       Formal Verification of Business Workflows and Role Based Access Control Systems (Gang)

2.       Model-checking Driven Security Testing of Web-based Applications (Sundeep)

3.       Towards Security Vulnerability Detection by Source Code Model Checking (Peng)

4.       Model-Based Collaborative Filtering as a Defense Against Profile Injection Attacks (Lei)


Papers for First presentstions

Day 1 – March 1

[1] Exterminator: Automatically Correcting Memory Errors with High Probability

[2] Preventing Race Condition Attacks on File-Systems

[3] SQL DOM: Compile Time Checking of Dynamic SQL Statements

[4] A Lightweight Buffer Overflow Protection Mechanism with Failure-Oblivious Capability

Day 2 – March 3

[5] Modular Checking for Buffer Overflows in the Large

[6] Automatic Creation of SQL Injection and Cross-Site Scripting Attacks

[7] SQLProb: A Proxy-based Architecture towards Preventing SQL Injection Attacks

[8] Scalable Network-based Buffer Overflow Attack Detection

For each paper:

·         Main presenter: send the presentation for quick review to me by 12 noon on the day before the presentation.

·         Each person will provide anonymous reviews to each presenter.

·         Participate in Q&A and discussion

Each person will be given a score based on the presentation, participation, and peer review feedback.

Links for Cloud Computer materials

[1] "Above the Clouds: A Berkeley View of Cloud Computing";
[2] "What’s New About Cloud Computing Security?";
[3] "Security and Privacy Challenges in Cloud Computing Environments";.
[4] More info:

Sources and related sites for Lectures (Start of Semester)

On SDLC/Methodologies

Week 1: No Classes

Week 2: Lecture 1 (Jan 11)

Article: Secure Software Development Life Cycle Processes

Website: SSE-CMM

Web Site: CMMI

Article: CMM vs. CMMI


Week 3: Lecture 2 (To be updated)

Article: The Trustworthy Computing Security Development Lifecycle

Article: Correctness By Construction

The DoD Software Tech

Web site: Agile Alliance

Article:  The Agile Manifesto; Agile Software Development

Website: XP programming site

Nice survey: Agile Software Development Methods

Besnosov articel: Secure Agile SD


Article: Software Security by Gary McGraw; Other Gary McGraw's Security Articles

Article: Why Software Fails?