As perguntas do teste sobre as três últimas semanas de aulas incidirão sobre os artigos seguintes. (NB: Toda a matéria dada poderá ser sujeita a avaliação.  Esta lista diz respeito apenas à matéria leccionada pelos alunos com base nos artigos propostos.) É recomendada a leitura de todos eles, bem como o estudo dos slides utilizados para as respectivas apresentações (disponíveis num zip associado a esta página).


A - "Virtualization and Trusted Computing"

  1. Virtualization I
    Keith Adams and Ole Agesen. "A Comparison of Software and Hardware Techniques for x86 Virtualization", ASPLOS 2006.
    (quem apresentar este artigo deve começar com 1 ou 2 slides a explicar o conceito de virtualização baseada num hipervisor)
  2. Trusted Computing I
    Nuno Santos et. al. "Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications", ASPLOS 2014.
    (quem apresentar este artigo deve começar com 1 ou 2 slides a explicar o conceito de Trusted Computing)
  3. Trusted Computing III
    Andrew Baumann et. al. "Shielding applications from an untrusted cloud with Haven", OSDI 2014.
Note: 
  • It’s recommended that the students read at least the first part of the chapters of the book on these two topics (chapters 15 and 16).
  • Paper 3 is about a Trusted Computing technology with a few years called Trustzone, implemented in some ARM processors. Paper 5 is about the Intel SGX technology, still not available commercially.
  • The sections about experimental evaluation are not relevant.

B - "Java security environment"

  1. Stack Inspection
    Dan S. Wallach and Edward W. Felten. "Understanding Java Stack Inspection", S&P 1998.
  2. Bytecode verification
    Xavier Leroy. "Java Bytecode verification: an overview", CAV 2001.
  3. Java Card
    Wojciech Mostowski and Erik Poll. "Malicious Code on Java Card Smartcards: Attacks and Countermeasures", CARDIS 2008.
Note: 
C - "Secure programming in Java"

  1. Language design
    Eric Jaeger et. al.  "Mind your Language(s) A discussion about languages and security (Long Version)",  LangSec S&P 2014.
  2. Secure coding in Java
    Secure Coding Guidelines for Java SE, 2014.
  3. Verifying Java programs
    Ralf Küsters e. al. "A Hybrid Approach for Proving Noninterference of Java Programs", 2015.