The three classes consists in the presentation of the following papers (in this order):
A - "Virtualization and Trusted Computing"
Presentation dates: Alameda - 1 December. Tagus - 3 or 4 December.
- Virtualization I
Keith Adams and Ole Agesen. "A Comparison of Software and Hardware Techniques for x86 Virtualization", ASPLOS 2006.
(quem apresentar este artigo deve começar com 1 ou 2 slides a explicar o conceito de virtualização baseada num hipervisor) - Virtualization II
Tal Garfinkel et. al. "Terra: A Virtual Machine-Based Platform for Trusted Computing", SOSP 2003. - Trusted Computing I
Nuno Santos et. al. "Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications", ASPLOS 2014.
(quem apresentar este artigo deve começar com 1 ou 2 slides a explicar o conceito de Trusted Computing) - Trusted Computing II
Xinyang Ge et. al. "SPROBES - Enforcing Kernel Code Integrity on the TrustZone Architecture", MOST 2014. - Trusted Computing III
Andrew Baumann et. al. "Shielding applications from an untrusted cloud with Haven", OSDI 2014.
- It’s recommended that the students read at least the first part of the chapters of the book on these two topics (chapters 15 and 16) before starting to read the papers.
- Papers 3 and 4 are about a Trusted Computing technology with a few years called Trustzone, implemented in some ARM processors. Paper 5 is about the Intel SGX technology, still not available commercially.
B - "Java security environment"
Presentation dates: Alameda - 8 December. Tagus - 10 or 11 December.
- Java Security Overview
Java™ Security Overview, 2015 - Stack Inspection
Dan S. Wallach and Edward W. Felten. "Understanding Java Stack Inspection", S&P 1998. - Bytecode verification
Xavier Leroy. "Java Bytecode verification: an overview", CAV 2001. - Java Card
Wojciech Mostowski and Erik Poll. "Malicious Code on Java Card Smartcards: Attacks and Countermeasures", CARDIS 2008. - Class Initialization
Willard Rafnsson et. al. "Securing Class Initialization in Java-like Languages", TDSC 2012.
C - "Secure programming in Java"
Presentation dates: Alameda - 15 December. Tagus - 17 or 18 December.
- Language design
Eric Jaeger et. al. "Mind your Language(s) A discussion about languages and security (Long Version)", LangSec S&P 2014. - Secure coding in Java
Secure Coding Guidelines for Java SE, 2014. - Jif (http://www.cs.cornell.edu/jif/)
Andrew C. Myers. "JFlow: Practical Mostly-Static Information Flow Control", POPL 1999. - Paragon (http://www.cse.chalmers.se/research/group/paragon/)
Niklas Broberg et. al. "Paragon for Practical Programming with Information-Flow Control", APLAS 2013. - Verifying Java programs
Ralf Küsters e. al. "A Hybrid Approach for Proving Noninterference of Java Programs", 2015.