CS635
Advanced Fault Tolerant Computing
Readings

Spring 2009

• Introduction (Feb. 19): Discuss your project proposal briefly in the class.  

• Reading assignment (Feb 19, 23): Read the following papers and discuss:

  • J. R. Jones, "Estimating Software Vulnerabilities", IEEE Security & Privacy Magazine, vol. 5,no. 4, July-Aug. 2007, pp. 28 - 32.(Initial: Craig)

  • M. Sahinoglu, "Security meter: a practical decision-tree model to quantify risk," IEEE Security & Privacy, Volume 3, Issue 3, May-June 2005 Page(s):18 - 24 (Initial: Ramadan)

    • M. Sahinoglu, "An Input-Output Measurable Design for the Security Meter Model to Quantify and Manage Software Security Risk," M, IEEE Transactions on Instrumentation and Measurement,Vol: 57, Issue: 6,Date: 2008, pp 1251-1260.

  • Stuart E. Schechter, "Toward Econometric Models of the Security Risk from Remote Attack," IEEE Security and Privacy, vol. 3, no. 1, pp. 40-44, Jan. 2005, doi:10.1109/MSP.2005.30 (Initial: Elmahdi)

  • M. Howard, J. Pincus, and J.M. Wing "Measuring Relative Attack Surfaces ," Chapter 8, in Computer Security in the 21st Century , D.T. Lee, S.P. Shieh, and J.D. Tygar, editors, Springer, March 2005, pp. 109-137. (Initial: Aritra)

  • Qualys, The Laws of Vulnerabilities: Six Axioms for Understanding Risk, 2006 http://www.qualys.com/docs/Laws-Report.pdf (Initial: HyunChul)

    • Terry Ramos, The Laws of Vulnerabilities, RSA 2006 presentation

  • O. H. Alhazmi, Y. K. Malaiya , I. Ray, " Measuring, Analyzing and Predicting Security Vulnerabilities in Software Systems," Computers and Security Journal, Volume 26, Issue 3, May 2007, Pages 219-228.

  • S. Frei, T. Duebendorfer and B. Plattner, "Firefox (In) security update dynamics exposed," SIGCOMM Comput. Commun. Rev. 39, 1 (Dec. 2008), 16-22.

  • S. Frei, M. May, U. Fiedler,and B. Plattner, "Large-scale vulnerability analysis," Proc. 2006 SIGCOMM Workshop on Large-Scale Attack Defense, LSAD '06. ACM, New York, NY, 131-138.