README.md

Papers related on Secure Software Systems

List of legendary papers related to secure software systems

Num	Date	Keyword	Paper	Review post(in Korean)
0	2016.10.19	Intro	Reflections on trusting trust, 1984	소프트웨어 신뢰성에 대한 재고찰
1	2017.02.14	Intro	WYSINWYX: What You See Is Not What You eXecute, 2005	당신의 눈에 보이는 코드가 그대로 실행될 거라고 착각하지 말라!
2	2018.03.16	Buffer Overflows	Buffer overflows: Attacks and defenses for the vulnerability of the decade, 2000	버퍼 오버플로우 취약점에 대한 공격기법 및 대응책에 관한 동향연구
3	2019.02.23	Malware	Understanding Linux Malware, 2018	리눅스 악성코드 연구 동향
4	2019.03.03	Binary Analysis	B2R2: Building an Efficient Front-End for Binary Analysis, 2019	B2R2 바이너리 분석 도구 및 논문 리뷰
5	2019.03.09	Fuzzing	Fuzzing: Art, Science, and Engineering, 2019	Fuzzing: Art, Science, and Engineering 논문 리뷰
6	2020.11.22	ROP	The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86), 2007	ARM32 에서의 Return Oriented Programming
7	2020.12.09	JOP	Return-oriented programming without returns, 2010	ARM32 에서의 Jump Oriented Programming
8	2021.01.22	Format String	Exploiting Format String Vulnerabilities, 2001	ARM32 에서의 Format String Vulnerability
9	2021.03.25	Heap	ArcHeap: Automatic Techniques to Systematically Discover New Heap Exploitation Primitives, 2020	ArcHeap 논문 리뷰
10	2021.05.20	Fuzzing	AFL++: Combining Incremental Steps of Fuzzing Research, 2020	AFL++ 논문 리뷰
11	2021.06.03	SROP	Framing Signals—A Return to Portable Shellcode, 2014	SROP 논문 리뷰
12	2022.12.14	Classic Attacks	Sok: eternal war in memory, 2013	Eternal War in Memory 논문 리뷰
13	2022.12.21	Fuzzing	LibAFL: A Framework to Build Modular and Reusable Fuzzers, 2022	LibAFL 논문 리뷰
14	2022.12.22	BROP	Hacking Blind, 2014	BROP 논문 리뷰
15	2022.12.23	Fuzzing	Fuzzle: Making a Puzzle for Fuzzers, 2022	Fuzzle 논문 리뷰
16	2023.01.09	Binary Analysis	SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis, 2016	angr 논문 리뷰
17	2023.12.29	Hardware Security	Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors, 2014	Rowhammer 논문 리뷰
18	2024.01.03	Intger Overflow	Understanding Integer Overflow in C/C++, 2012	Integer Overflow 논문 리뷰
19	2024.02.07	Privacy	A Study on the Constitutional Source and Scope of the Right to Control Personal Information, 2018	개인정보자기결정권의 헌법상 근거
20	2024.02.21	Symbolic Execution	Symbolic Execution for Software Testing: Three Decades Later, 2013	기호실행 연구 동향 2013
21	2024.04.02	ARM PAC	PAC it up: Towards Pointer Integrity using ARM Pointer Authentication, 2019	PAC it up

Backlog

Priority	Keyword	Title
0	Auto Exploit	Q: Exploit Hardening Made Easy, 2011
0	Auto Exploit	AEG: Automatic Exploit Generation, 2011
0	DSE	EXE: Automatically Generating Inputs of Death, 2006
0	DSE	KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs, 2008
0	DSE	Selective Symbolic Execution, 2009
0	DSE	All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask), 2010
0	DSE	Unleashing Mayhem on Binary Code, 2012
0	Veritesting	Enhancing Symbolic Execution with Veritesting, 2014
0	IR	Testing Intermediate Representations for Binary Analysis, 2017
0	Fuzzing	Grey-box Concolic Testing on Binary Code, 2019
0	Symbolic-assisted fuzzing	DART: Directed Automated Random Testing, 2005
0	Symbolic-assisted fuzzing	SAGE: Whitebox Fuzzing for Security Testing, 2012
0	Symbolic-assisted fuzzing	Program-Adaptive Mutational Fuzzing, 2015
0	Symbolic-assisted fuzzing	Driller: Augmenting Fuzzing Through Selective Symbolic Execution, 2016
0	Symbolic-assisted fuzzing	QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing, 2018
0	Reversing	TIE: Principled Reverse Engineering of Types in Binary Programs, 2011
0	JIT-ROP	Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization, 2013
0	Binary Analysis	QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries, 2023
0	ARM PAC	Demystifying Pointer Authentication on Apple M1, 2023

Reference

• ECE732: Secure Software Systems, Carnegie Mellon University
• 18487: Introduction to Computer Security, Carnegie Mellon University
• IS-561: Binary Code Analysis and Secure Software Systems, KAIST
• CS-492E: Introduction to Software Security, KAIST
• CS155: Computer and Network Security, Stanford University
• CS260: Binary Analysis for Computer Security