Secure Software Systems
This reading group will discuss and present papers in the areas of secure software assurance, including software development process
models, methods, and tools for engineering secure software systems, and system
support for dependable software.
Time: Friday 1:30pm -- 3:00pm
Place: SB 4.01.20, CS conference room
Presentation/discussion schedule
| Date | Papers | Presenter | comments |
| Feb. 24, 2006 | Introduction to software engineering and security | Dr. Jianwei Niu and Mark Reith | Slides |
| Mar. 3 | Application of Lightweight Formal Methods to Software Security, by D. Gilliam and J. Powell and M. Bishop, Proceedings of the IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2005) |
Dr. Carola Wenk |
|
| Mar. 10 | End-to-End availability Policies and Noninterference , by L. Zheng and A. Myers, Proceedings of the 18th IEEE Computer Security Foundation Workshop, pages 272-286, 2005 | .
Dr. Jeffery von Ronne |
|
| Mar. 24 | End-to-End availability Policies and Noninterference , by L. Zheng and A. Myers, Proceedings of the 18th IEEE Computer Security Foundation Workshop, pages 272-286, 2005 | .
Dr. Jeffery von Ronne |
|
| Mar. 31 |
Engineering
Security Requirements, by Donald G. Firesmith, Journal of Object Technology, 2003 |
Areej Al-Bataineh |
|
| Apr. 7 |
Verification and Change-Impact Analysis of Access-Control Policies,
by Kathi Fisler and Shriram Krishnamurthi and Leo A. Meyerovich and Michael C. Tshchantz, Proceedings of the 27th international conference on Software engineering (ICSE), 2005 |
Dr. Qing Yi |
|
| Apr. 14 |
Sound methods
and effective tools for model-based security engineering with UML,
by Jan Jürjens, 27th international conference on Software engineering (ICSE), 2005 |
Dr. Dan Lo |
|
| Apr. 28 | The Flask Security Architecture: System Support for Diverse Security Policies, by R. Spencer and S. Smalley and P. Loscocco and M. Hibler and D. Andersen and J. Lepreau, Proceedings of the 8th USENIX Security Symposium, 1999 |
Dr. Dakai Zhu |
|
| May 5 | Model Driven Security, by David Basin and Martin Buchheit and Jürgen Doser and Bernhard Hollunder and Torsten Lodderstedt, Technical Report, ETH Zurich, 2004 |
Mark Reith |
|
| May 12 | Reasoning about confidentiality at requirements engineering time , by Renaud De Landtsheer and Axel van Lamsweerde, Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE-13), 2005 |
Dr. Jianwei Niu |
More papers to be read/discussed:
Papers for background reading
Software engineering for security: a roadmap, Premkumar T. Devanbu and Stuart G. Stubblebine, Proceedings of the International conference on software engineering (ICSE), 2000
Basic Concepts and Taxonomy of Dependable and Secure Computing, A. Avizienis and J.-C. Laprie and B. Randell and C. Landwehr, IEEE Trans. on Dependable and Secure Computing, vol.1, no.1, 2004
The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments, P. Loscocco and S.D. Smalley and P.A. Muckelbauer and R.C. Taylor and S.J. Turner and J.F. Farrell, Proceedings of the NISSC, 1998
If you have difficulties to obtain any of the above papers, please send email to Dr. Jianwei Niu (niu AT cs . utsa . edu)
Organizers: Dr. Jianwei Niu, Dr. Qing Yi and Dr. Dakai Zhu