The schedule is tentative and subject to change (e.g., if we want to dig deeper into a specific topic).
Updates:Date | Topic | Readings | Notes |
---|---|---|---|
08/24 | Introduction | ||
08/26 | Introduction Security Threats |
2, 8, 28, 29 | 2, 28, and 29 are suggested (May refer to them over time) |
08/31 | Security Threats | 10, 26 | |
09/02 | Principles | 1 | |
09/07 | Operating Systems | 5 | (Due) Project Team |
09/09 | Operating Systems | 3, 4 | |
09/14 | Virtual Machines | 19, 30 | |
09/16 | Trusted Hardware - Introduction | 6 | Sections 3 and 4 |
09/21 | Trusted Hardware - TPMs | 7, 11 | |
09/23 | Project Pre-Proposal Presentations Trusted Hardware - TEEs (Intel SGX) |
6 | Sections [5, 5.4) and [5.6, 5.8] |
09/28 | Trusted Hardware - TEEs (Intel SGX) | 6 | Sections [5, 5.4) and [5.6, 5.8] |
09/30 | Trusted Hardware - TEEs (Intel SGX) | 6 | (Due) Project Proposal |
10/05 | No Class | ||
10/07 | Trusted Hardware - HW vs SW | 12, 13 | |
10/12 | Trusted Hardware - TEE Abstractions | 14 | |
10/14 | Trusted Hardware - Unmodified Apps | 15, 16 | (Due) Midterm Exam |
10/19 | Trusted Hardware - Untrusted Compute | 17 | |
10/21 | Trusted Hardware - Applications | 18, 20 | |
10/26 | Trusted Hardware - Applications | 25 | |
10/28 | Memory Protections | 27, 31 | (Due) Project Status Report #31 is optional |
11/02 | Runtime Protections | 9, 24 | |
11/04 | Languages | 23 | |
11/09 | Languages - Verification | 21 | |
11/11 | Languages - Verification | 22 | |
11/16 | Languages - Verification | 5, 12 | Revisiting papers |
11/18 | Project Presentations | ||
11/23 | Project Presentations | (Due) Project Writeup |
# | Paper |
---|---|
1 | The Protection of Information in Computer Systems |
2 | How to Read a Paper |
3 | Light-Weight Contexts: An OS Abstraction for Safety and Performance |
4 | Efficiently Mitigating Transient Execution Attacks using the Unmapped Speculation Contract |
5 | seL4: Formal Verification of an OS Kernel |
6 | Intel SGX Explained |
7 | Bootstrapping Trust in Commodity Computers |
8 | The Security Mindset |
9 | TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones |
10 | Spectre Attacks: Exploiting Speculative Execution |
11 | TrInc: Small Trusted Hardware for Large Distributed Systems |
12 | Komodo: Using verification to disentangle secure-enclave hardware from software |
13 | Sanctum: Minimal Hardware Extensions for Strong Software Isolation |
14 | Keystone: An Open Framework for Architecting Trusted Execution Environments |
15 | Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX |
16 | TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone |
17 | Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data |
18 | SeCloak: ARM Trustzone-based Mobile Peripheral Control |
19 | Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems |
20 | SchrodinText: Strong Protection of Sensitive Textual Content of Mobile Applications |
21 | Dafny: An Automatic Program Verifier for Functional Correctness |
22 | Noninterference specifications for secure systems |
23 | RedLeaf: Isolation and Communication in a Safe Operating System |
24 | Control-Flow Integrity Principles, Implementations, and Applications |
25 | Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts |
26 | The Matter of Heartbleed |
27 | ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK) |
28 | The Task of the Referee |
29 | How (and How Not) to Write a Good Systems Paper |
30 | Protecting Cloud Virtual Machines from Hypervisor and Host Operating System Exploits |
31 | Mondrian Memory Protection |