CS851: Malware - Schedule




CS 851	Malware Seminar

Seminar Schedule
For full citations, additional readings and ideas for topics, see http://www.cs.virginia.edu/malware/papers.html.

Date Presenters Topic Readings

7 September Nate Paul Worms: past, present and future
Slides: Seminar Intro and Presentation Spafford, A Failure to Learn from the Past.
Staniford, Paxson and Weaver. How to 0wn the Internet in Your Spare Time.

14 September

Patrick Graydon
Qiuhua Cao
Virus and Anti-Virus
Slides Cohen, Computer Viruses - Theory and Experiments.
Christodorescu and Jha. Testing Malware Detectors. ISSTA 2004.
Kruegel, Robertson, Valeur and Vigna. Static Disassembly of Obfuscated Binaries. USENIX Security 2004.

21 September Ana Nora Sovarel
Joel Winstead Monoculture and Diversity
Slides Geer, et. al. CyberInsecurity: The Cost of Monopoly — How the Dominance of Microsoft's Products Poses a Risk to Security.
Debate: Is an Operating System Monoculture a Threat to Security?
Kc, et. al. Countering Code-Injection Attacks With Instruction-Set Randomization. CCS 2003.
Bhatkar, DuVarney, and Sekar. Address Obfuscation: an Efficient Approach to Combat a Broad Range of Memory Error Exploits. USENIX Security 2003.

28 September
Mini-Proposal Due Leonid Bolotnyy
Anthony Wood
Jing Yang Propagation and Containment
Slides Kephart and White. Directed-Graph Epidemiological Models of Computer Viruses. Oakland 1991.
Moore, Shannon, Voelker and Savage. Internet Quarantine: Requirements for Containing Self-Propagating Code. INFOCOM 2003.
Weaver, Staniford and Paxson. Very Fast Containment of Scanning Worms. USENIX Security 2004.

5 October Dean Bushey
Billy Greenwell
Tony Aiello Vicarious Liability
Slides Standler, Ronald B. Possible Vicarious Liability for Computer Users in the USA?, 17 April 2004.
Standler, Ronald B. Examples of Malicious Computer Programs, 2002.
Coleman, Jules. Theories of Tort Law, Stanford Encyclopedia of Philosophy. 20 Otcober 2003.

12 October
Project Proposals Due Michael Crane
Michael Spiegel
Chris Taylor Cyberwarfare Joshua Green, The Myth of Cyberterrorism. Washington Monthly, November 2002.
Institute for Security Technology Studies at Dartmouth College. Cyber Security of the Electric power industry. December 2002.
Dorothy Denning. Cyberterrorism: Testimony before the Special Oversight Panel on Terrorism Committee on Armed Services U.S. House of Representatives. May 23, 2000.

19 October Matt Elder and Darrell Kienzle, Symantec

26 October Richard Barnes
Mike McNett
Matthew Spear Worm Detection
Slides Bharath Madhusudan and John Lockwood, Design of a System for Real-Time Worm Detection. 12th Annual Proceedings of IEEE Hot Interconnects (HotI-12). Stanford, CA, August, 2004, pp. 77-83.
Stuart E. Schechter, Jaeyeon Jung, and Arthur W. Berger. Fast Detection of Scanning Worm Infections. The Seventh International Symposium on Recent Advances in Intrusion Detection (RAID), September 2004.
Xuan Chen and John Heidemann. Detecting Early Worm Propagation through Packet Matching. Technical Report ISI-TR-2004-585, USC/Information Sciences Institute, February, 2004.
The Therminator!!!

2 November (Election Day) Nguyet Nguyen
Xiang Yin
Zhanxiang Huang Honeypots
Slides Honeynet Project. Know Your Enemy: Honeynets. November 2003.
Honeynet Project. Know Your Enemy: GenII Honeynets. November 2003.
Niels Provos. A Virtual Honeypot Framework. USENIX Security 2004.

8 November, 3:30pm
Note: Monday meeting Chenxi Wang, CMU

16 November Wei Hu
Thao Doan
Liqian Luo
Jinlin Yang Proof-Carrying Code
Slides F. B. Schneider, G. Morrisett, and R. Harper. A language-based approach to security. Lecture Notes in Computer Science, 2001.
George Necula. Proof-Carrying Code. In 24th ACM Symposium on Principles of Programming Languages (POPL), January 1997.

23 November Project Presentations

30 November Project Presentations

Date	Presenters	Topic	Readings
7 September	Nate Paul	Worms: past, present and future Slides: Seminar Intro and Presentation	Spafford, A Failure to Learn from the Past. Staniford, Paxson and Weaver. How to 0wn the Internet in Your Spare Time.
14 September	Patrick Graydon Qiuhua Cao	Virus and Anti-Virus Slides	Cohen, Computer Viruses - Theory and Experiments. Christodorescu and Jha. Testing Malware Detectors. ISSTA 2004. Kruegel, Robertson, Valeur and Vigna. Static Disassembly of Obfuscated Binaries. USENIX Security 2004.
21 September	Ana Nora Sovarel Joel Winstead	Monoculture and Diversity Slides	Geer, et. al. CyberInsecurity: The Cost of Monopoly — How the Dominance of Microsoft's Products Poses a Risk to Security. Debate: Is an Operating System Monoculture a Threat to Security? Kc, et. al. Countering Code-Injection Attacks With Instruction-Set Randomization. CCS 2003. Bhatkar, DuVarney, and Sekar. Address Obfuscation: an Efficient Approach to Combat a Broad Range of Memory Error Exploits. USENIX Security 2003.
28 September Mini-Proposal Due	Leonid Bolotnyy Anthony Wood Jing Yang	Propagation and Containment Slides	Kephart and White. Directed-Graph Epidemiological Models of Computer Viruses. Oakland 1991. Moore, Shannon, Voelker and Savage. Internet Quarantine: Requirements for Containing Self-Propagating Code. INFOCOM 2003. Weaver, Staniford and Paxson. Very Fast Containment of Scanning Worms. USENIX Security 2004.
5 October	Dean Bushey Billy Greenwell Tony Aiello	Vicarious Liability Slides	Standler, Ronald B. Possible Vicarious Liability for Computer Users in the USA?, 17 April 2004. Standler, Ronald B. Examples of Malicious Computer Programs, 2002. Coleman, Jules. Theories of Tort Law, Stanford Encyclopedia of Philosophy. 20 Otcober 2003.
12 October Project Proposals Due	Michael Crane Michael Spiegel Chris Taylor	Cyberwarfare	Joshua Green, The Myth of Cyberterrorism. Washington Monthly, November 2002. Institute for Security Technology Studies at Dartmouth College. Cyber Security of the Electric power industry. December 2002. Dorothy Denning. Cyberterrorism: Testimony before the Special Oversight Panel on Terrorism Committee on Armed Services U.S. House of Representatives. May 23, 2000.
19 October	Matt Elder and Darrell Kienzle, Symantec
26 October	Richard Barnes Mike McNett Matthew Spear	Worm Detection Slides	Bharath Madhusudan and John Lockwood, Design of a System for Real-Time Worm Detection. 12th Annual Proceedings of IEEE Hot Interconnects (HotI-12). Stanford, CA, August, 2004, pp. 77-83. Stuart E. Schechter, Jaeyeon Jung, and Arthur W. Berger. Fast Detection of Scanning Worm Infections. The Seventh International Symposium on Recent Advances in Intrusion Detection (RAID), September 2004. Xuan Chen and John Heidemann. Detecting Early Worm Propagation through Packet Matching. Technical Report ISI-TR-2004-585, USC/Information Sciences Institute, February, 2004. The Therminator!!!
2 November (Election Day)	Nguyet Nguyen Xiang Yin Zhanxiang Huang	Honeypots Slides	Honeynet Project. Know Your Enemy: Honeynets. November 2003. Honeynet Project. Know Your Enemy: GenII Honeynets. November 2003. Niels Provos. A Virtual Honeypot Framework. USENIX Security 2004.
8 November, 3:30pm Note: Monday meeting	Chenxi Wang, CMU
16 November	Wei Hu Thao Doan Liqian Luo Jinlin Yang	Proof-Carrying Code Slides	F. B. Schneider, G. Morrisett, and R. Harper. A language-based approach to security. Lecture Notes in Computer Science, 2001. George Necula. Proof-Carrying Code. In 24th ACM Symposium on Principles of Programming Languages (POPL), January 1997.
23 November		Project Presentations
30 November		Project Presentations

University of Virginia
Department of Computer Science
CS 851: Malware Seminar

evans@cs.virginia.edu