- April 5th
Topic: Authentication
(Faculty Candidate Paper)
Presenters: Ratul Mahajan
"Efficient and Secure Source Authentication for Multicast",
Adrian Perrig, Ran Canetti, Dawn Song, and Doug Tygar.
In Proc. Network and Distributed System Security Symposium (NDSS), Feb. 2001.
(Another
faculty candidate paper
by Dawn Song and Adrian Perrig
will be read in 590NL on April 10th.)
- April 12th
Topic: Overview and the Language-Based Approach to Security
Presenters: Andy Whitaker
"Attacking Malicious Code - A Report to the Infosec Research Council",
Gary McGraw and Greg Morrisett.
In IEEE Software 17(5), Sep./Oct. 2000, pp.33-41.
(backup
link)
"A Case for Language-Based Protection", Chris Hawblitzel and Thorsten von Eicken.
Technical Report 98-1670, Cornell University, Mar. 1998.
(This paper was a direct response to
"Operating System Protection for Fine-Grained Programs", Trent Jaeger, Jochen Liedtke, Nayeem Islam.
In Proc. 7th USENIX Security Symposium, Jan. 1998.)
- April 19th
Topic: Java / .NET Security
Presenters: Marianne Shaw
"Extensible Security Architectures for Java",
Dan S. Wallach, Dirk Balfanz, Drew Dean, and Edward W. Felten.
In Proc. 16th Symposium on Operating Systems Principles (SOSP), Oct. 1997.
(Additional reading:
"An Overview of Security in the .NET Framework",
Damien Watkins, Sebastian Lange.
In MSDN Magazine, Jan. 2002.)
- April 26th
Topic: The Stack Inspection Mechanism
Presenters: Andy Collins
"Understanding Java Stack Inspection", Dan S. Wallach and Edward W. Felten.
In Proc. IEEE Symposium on Security and Privacy, May 1998.
- May 3rd
Topic: Enforceable Security and Security Automata
Presenters: Sushant Jain
"Enforceable Security Policies", Fred B. Schneider.
In ACM Transactions on Information and System Security 3(1), pp.30-50, Feb. 2000.
"IRM Enforcement of Java Stack Inspection",
Úlfar Erlingsson and Fred B. Schneider.
In Proc. IEEE Symposium on Security and Privacy, May 2000.
- May 10th
Topic: Static Enforcement of Security Policies
Presenters: Sorin Lerner
"A Type System for Expressive Security Policies", David Walker.
In Proc. 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), Jan. 2000.
- May 17th
Topic: Delegation of Authority
Presenters: Valentin Razmov
"The Confused Deputy", Norman Hardy.
In Operating Systems Review 22(4), pp.36-38, Oct. 1988.
(plus the author's subsequent reflections)
"Authentication in the Taos Operating System",
Edward Wobber, Martín Abadi, Michael Burrows, and Butler Lampson.
In ACM Transactions on Computer Systems 12(1), pp.3-32, Feb. 1994.
- May 24th
Topic: Separation of Policy, Mechanism, and Functionality
Presenters: Rick Cox
"The Flask Security Architecture: System Support for Diverse Security Policies",
Ray Spencer, Stephen Smalley, Peter Loscocco, Mike Hibler, David Andersen, Jay Lepreau.
In Proc. 8th USENIX Security Symposium, Aug. 1999.
"Separating Access Control Policy, Enforcement and Functionality in Extensible Systems",
Robert Grimm, Brian Bershad.
In ACM Transactions on Computer Systems 19(1), pp.36-70, Feb. 2001.
- May 31st
Topic: Information Flow
Presenters: Andrew Schwerin
"A Lattice Model of Secure Information Flow", Dorothy Denning.
In Communications of the ACM 19(5), May 1976.
- June 7th
Topic: Aged Codgers Reflect
Presenters: Krishna Gummadi
"Computer Security in the Real World", Butler W. Lampson.
Invited Lecture, In Proc. 16th Annual Computer Security Applications Conference (ACSAC), Dec. 2000.
"Reflections on Trusting Trust", Ken Thompson.
ACM Turing Award Lecture, In Communications of the ACM 27(8), Aug. 1984.