IT Security Reading Group (IT-SRG) - Winter 2011


The IT Security Reading Group (IT-SRG) is a group of UOIT students (graduate and senior undergraduate) and faculty interested in computer security and privacy. We meet for critical review and discussion of current security research papers. This term, we will review selected 2010 papers from USENIX Security, ACM CCS, and IEEE Oakland. See below for the schedule. All interested faculty and students are invited to join by contacting Julie Thorpe (firstname.lastname at uoit.ca).

The IT-SRG provides a venue for faculty and students to review recent work and discuss new ideas for security research, and for students to:

Schedule


*Note that the time and location will be announced through the mailing list (to join, please contact Julie Thorpe).
Date Paper Conference Discussion Lead
Jan. 24 Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords by Weir et al. ACM CCS 2010 Julie Thorpe
Jan. 31 All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution by Schwartz et al. IEEE Oakland 2010 Ricardo Rodriguez Garcia
Feb. 7 The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis by Zhang et al. ACM CCS 2010 Julie Thorpe
Feb. 14 SCiFI - A System for Secure Face Identification by Osadchy et al. IEEE Oakland 2010 Khalil El-Khatib
Feb. 28 VEX: Vetting Browser Extensions for Security Vulnerabilities by Bandhakavi et al. USENIX Security 2010 Julie Thorpe
Mar. 7 State of the Art: Automated Black-Box Web Application Vulnerability Testing by Bau et al. IEEE Oakland 2010 Daniel Da Silva
Mar. 14 TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection by Wang et al. IEEE Oakland 2010 Ricardo Rodriguez Garcia
Mar. 21 Outside the Closed World: On Using Machine Learning For Network Intrusion Detection by Sommer et al. IEEE Oakland 2010 Miguel Vargas Martin
Mar. 28 An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications by Jang et al. ACM CCS 2010 Kyle Ferreira
Apr. 4 On the Incoherencies in Web Browser Access Control Policies by Singh et al. IEEE Oakland 2010 Miguel Vargas Martin
Apr. 11 Toward Automated Detection of Logic Vulnerabilites in Web Applicaitons by Felmetsger et al. USENIX Security 2010 Xiaodong Lin