Seminar Announcement

Course Description: The CRA Conference on Grand Research Challenges in Information Security & Assurance identified eliminating epidemic-style attacks (viruses, worms, email spam) within 10 years as one of four key research challenges for the computer security community. This seminar will seek to answer whether or not this goal is achievable and if it is, what approaches are most likely to succeed.

Particular topics of interest include: malicious code, software vulnerabilities and exploits, models of malware propagation, computing monocultures and automated diversity.

Expectations: Participants in the one-unit version of the seminar are expected to read research papers, participate in discussions, and present one or two topics during the semester. Participants in the three-unit version of the seminar will also be expect to conduct a publication-quality research project which will include a short written proposal, a presentation, and a report.

Before the first course, all participants should read these two papers:

Eugene Spafford. A Failure to Learn from the Past. Annual Computer Security Applications Conference, 2003.

Stuart Staniford, Vern Paxson and Nicholas Weaver. How to 0wn the Internet in Your Spare Time. USENIX Security Symposium 2002.

Meetings: The first meeting will be 4-6pm Tuesday, September 7 in Olsson 228E. We will decide on regular meeting times at that meeting.

University of Virginia Department of Computer Science CS 851: Malware Seminar

evans@cs.virginia.edu