As perguntas do teste sobre as três últimas semanas de aulas incidirão sobre os artigos seguintes. (NB: Toda a matéria dada poderá ser sujeita a avaliação. Esta lista diz respeito apenas à matéria leccionada pelos alunos com base nos artigos propostos.) É recomendada a leitura de todos eles, bem como o estudo dos slides utilizados para as respectivas apresentações (disponíveis num zip associado a esta página).
A - "Virtualization and Trusted Computing"
- Virtualization I
Keith Adams and Ole Agesen. "A Comparison of Software and Hardware Techniques for x86 Virtualization", ASPLOS 2006.
(quem apresentar este artigo deve começar com 1 ou 2 slides a explicar o conceito de virtualização baseada num hipervisor) - Trusted Computing I
Nuno Santos et. al. "Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications", ASPLOS 2014.
(quem apresentar este artigo deve começar com 1 ou 2 slides a explicar o conceito de Trusted Computing) - Trusted Computing III
Andrew Baumann et. al. "Shielding applications from an untrusted cloud with Haven", OSDI 2014.
- It’s recommended that the students read at least the first part of the chapters of the book on these two topics (chapters 15 and 16).
- Paper 3 is about a Trusted Computing technology with a few years called Trustzone, implemented in some ARM processors. Paper 5 is about the Intel SGX technology, still not available commercially.
- The sections about experimental evaluation are not relevant.
B - "Java security environment"
- Stack Inspection
Dan S. Wallach and Edward W. Felten. "Understanding Java Stack Inspection", S&P 1998. - Bytecode verification
Xavier Leroy. "Java Bytecode verification: an overview", CAV 2001. - Java Card
Wojciech Mostowski and Erik Poll. "Malicious Code on Java Card Smartcards: Attacks and Countermeasures", CARDIS 2008.
- It’s recommended that the students read the article used for the Java™ Security Overview, 2015, that gives a context to these topics.
- Language design
Eric Jaeger et. al. "Mind your Language(s) A discussion about languages and security (Long Version)", LangSec S&P 2014. - Secure coding in Java
Secure Coding Guidelines for Java SE, 2014. - Verifying Java programs
Ralf Küsters e. al. "A Hybrid Approach for Proving Noninterference of Java Programs", 2015.