CS 598
Overview
Schedule
Papers
Assignments
Annotated Bibliography
Papers
[Anderson'72a]
Computer Security Technology Planning Study, Volume 1
[Anderson'72b]
Computer Security Technology Planning Study, Volume 2
[Anderson'80]
Computer Security Threat Modeling and Surveillance
[TSSEC'85]
Trusted Computer System Evaluation Criteria
[TSSEC'88]
A Guide to Understanding Audit in Trusted Systems
[Brown'87]
Guidelines for Audit Log Mechanisms in Secure Computer Systems
[Gligor'87]
Design and Implementation of Secure Xenix
[Seiden'90]
The auditing facility for a VMM security kernel
[Denning'85]
Requirements and Model for IDES A Real Time Intrusion Detection Expert System
[Lunt'88]
Automated Audit Trail Analysis and Intrusion Detection: A Survey
[Sebring'88]
Expert Systems in Intrusion Detection: A Case Study
[Sibert'88]
Auditing in a Distributed System: Secure SunOS Audit Trails
[Bishop'95]
A Standard Audit Trail Format
[Axelsson'98]
An Approach to UNIX Security Logging
[Forrest'96]
A Sense of Self for UNIX Processes
[Tan'02]
"Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector
[Wagner'02]
Mimicry Attacks on Host-Based Intrusion Detection Systems
[King'03]
Backtracking Intrusions
[Muniswamy-Reddy'06]
Provenance-Aware Storage Systems
[Bates'15]
Trustworthy Whole-System Provenance for the Linux Kernel
[Lee'13a]
LogGC: Garbage Collecting Audit Log
[Xu'16]
High Fidelity Data Reduction for Big Data Security Dependency Analysis
[Ma'18]
Kernel-Supported Cost-Effective Audit Logging for Causality Tracking
[Lee'13b]
High Accuracy Attack Provenance via Binary-Based Execution Partitioning
[Ma'17]
MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution Partitioning
[Hassan'20a]
OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-Layer Log Analysis
[Zeng'21]
WATSON: Abstracting Behaviors from Audit Logs via Agregation of Contextual Semantics
[Fang'21]
Back-Propagating System Dependency Impact for Attack Investigation
[Alsaheel'21]
ATLAS: A Sequence-based Learning Approach for Attack Investigation
[Milajerdi'19]
HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows
[Hassan'18]
NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage
[Hassan'20b]
Tactical Provenance Analysis for Endpoint Detection and Response Systems
[Han'20]
UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats
[Han'21]
SIGL: Securing Software Installations Through Deep Graph Learning
[Goyal'23]
Sometimes, You Aren’t What You Do: Mimicry Attacks against Provenance Graph Host Intrusion Detection Systems
[Bellare'97]
Forward Integrity for Secure Audit Logs
[Paccagnella'20a]
CUSTOS: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution
[Paccagnella'20b]
Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks
[Hoang'22]
Faster Yet Safer: Logging System Via Fixed-Key Blockcipher
[Ahmad'22]
HARDLOG: Practical Tamper-Proof System Auditing Using a Novel Audit Device
[Yagemann'21]
Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks