CS 851 
Malware Seminar

Suggested Papers

This papers are suggested starting points for preparing a presentation on your topic. As presenters, it is your responsibility to identify a final set of papers two weeks before your scheduled presentation and discuss your choices with the seminar organizers. Then, to make sure links to the selected papers are posted on the seminar website at least one week before your presentation.


Eugene Spafford. A Failure to Learn from the Past. Annual Computer Security Applications Conference, 2003.

Stuart Staniford, Vern Paxson and Nicholas Weaver. How to 0wn the Internet in Your Spare Time. USENIX Security Symposium 2002.

Additional Papers:

> Eric Rescorla. Security Holes — Who Cares?. USENIX security 2003.

Avishai Wool. Architecting the Lumeta Firewall Analyzer. USENIX security 2001.

Virus and Anti-Virus

Fred Cohen. Computer Viruses - Theory and Experiments. 1984.

VX Heavens has a good collection of virus papers (more targeted to virus authors than researchers: don't run code from this site!): http://vx.netlux.org/lib/?lang=EN

Christopher Kruegel, William Robertson, Fredrik Valeur and Giovanni Vigna. Static Disassembly of Obfuscated Binaries. USENIX Security 2004.

Mihai Christodorescu, Somesh Jha. Testing Malware Detectors. ISTA 2004.

Andreas Marx. Outbreak Response Times: Putting AV To The Test. Virus Bulletin, February 2004.

Andreas Marx. Retrospective Testing -How Good (sic) Heuristics Really Work (PPT Presentation Slides from Virus Bulletin Conference 2002).

Steve White. Virus Bulletin 2010: A Retrospective. Virus Bulletin Conference, September 2000.

Computing Monoculture

Daniel Geer, Rebecca Bace, Peter Gutmann, Perry Metzger, Charles Pfleeger, John Quartererman and Bruce Schneier. CyberInsecurity: The Cost of Monopoly — How the Dominance of Microsoft's Products Poses a Risk to Security. September 2003.

Debate: Is an Operating System Monoculture a Threat to Security?, USENIX Annual Technical Conference, 2004.
Dan Geer, Chief Scientist, Verdasys, Inc.; Scott Charney, Chief Trustworthy Computing Strategist, Microsoft Corporation
Moderated by Avi Rubin, Johns Hopkins University.
Dan Geer's opening and closing remarks
MP3 recording of debate [97MB]

Diversity Defenses

Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis. Countering Code-Injection Attacks With Instruction-Set Randomization. 10th ACM International Conference on Computer and Communications Security (CCS), pp. 272 - 280. October 2003.

Elena Gabriela Barrantes, David H. Ackley, Stephanie Forrest, Trek S. Palmer, Darko Stefanovic and Dino Dai Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. 10th ACM International Conference on Computer and Communications Security (CCS), pp. 272 - 280. October 2003.

Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar. Address Obfuscation: an Efficient Approach to Combat a Broad Range of Memory Error Exploits. 12th USENIX Security Symposium, pp. 105-120, August 2003.

H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu and D. Boneh. On the Effectiveness of Address Space Randomization. ACM CCS 2004, October 2004.


Peter Szor, Eric Chien. Blended Attacks Exploits, Vulnerabilities and Buffer-overflow Techniques in Computer Viruses. Virus Bulletin Conference 2002.

Hao Chen, Drew Dean and David Wagner. Model Checking One Million Lines of C Code. NDSS 2004.

Virus Propagation and Containment

Jeffrey O. Kephart and Steve R. White. Directed-Graph Epidemiological Models of Computer Viruses. IEEE Security and Privacy, 1991.

David Moore, Colleen Shannon, Geoffrey M. Voelker, Stefan Savage. Internet Quarantine: Requirements for Containing Self-Propagating Code. INFOCOM 2003.

Nicholas Weaver, Stuart Staniford and Vern Paxson. Very Fast Containment of Scanning Worms. USENIX Security 2004.

Yang Wang and Chenxi Wang. Modeling the Effects of Timing Parameters on Virus Propagation. Workshop On Rapid Malcode (WORM), 2003.


William Arbaugh, William Fithen and John McHugh. Windows of Vulnerability: A Case Study Analysis. IEEE Computers, 2000.

Helen J. Wang, Chuanxiong Guo, Daniel R. Simon, and Alf Zugenmaier. Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. SIGCOMM 2004. [Project Page]

Computer Immunology

Anil Somayaji, Steven Hofmeyr and Stephanie Forrest. Principles of a Computer Immune System. 1997 New Security Paradigms Workshop.

Steve R. White, Morton Swimmer, Edward J. Pring, William C. Arnold, David M. Chess, John F. Morar. Anatomy of a Commercial-Grade Immune System. IBM Research White Paper.


Honeynet Project. Know Your Enemy: Honeynets. November 2003.

Niels Provos. A Virtual Honeypot Framework. USENIX Security 2004.


Ross Anderson. Why Information Security is Hard -- An Economic Perspective.

Other papers at: http://www.cl.cam.ac.uk/users/rja14/econsec.html

Workshop on Economics of Information Security


Sotiris Ioannidis and Angelos D. Keromytis and Steven M. Bellovin and Jonathan M. Smith. Implementing a Distributed Firewall. ACM CCS 2000. [PDF]

Avishai Wool. A Quantitative Study of Firewall Configuration Errors. IEEE Computer, June 2004.

Mobile Code

Drew Dean, Edward Felten and Dan Wallach. Java Security: From HotJava to Netscape and Beyond. IEEE Symposium on Security and Privacy (Oakland, California), May 1996. [PDF]

Dan Wallach and Edward Felten. Understanding Java Stack Inspection. IEEE Symposium on Security and Privacy (Oakland, California), May 1998.


Joshua Goodman and Robert Rounthwaite. Stopping Outgoing Spam. ACM Conference on E-Commerce, May 2004.


http://www.antiphishing.org/ — Anti-Phishing Working Group. Proposed Solutions to Address the Threat of Email Spoofing Scams. December 2003.

Neil Chou, Robert Ledesma, Yuka Teraguchi, Dan Boneh and John C. Mitchell. Client-side Defense Against Web-Based Identity Theft. NDSS 2004.

CS 655 University of Virginia
Department of Computer Science
CS 851: Malware Seminar