Date	Presenter	Topic
7/19		You Get Where You're Looking for: The Impact of Information Sources on Code Security (Acar et al) More info Abstract: Vulnerabilities in Android code -- including but not limited to insecure data storage, unprotected inter-component communication, broken TLS implementations, and violations of least privilege -- have enabled real-world privacy leaks and motivated research cataloguing their prevalence and impact. Researchers have speculated that appification promotes security problems, as it increasingly allows inexperienced laymen to develop complex and sensitive apps. Anecdotally, Internet resources such as Stack Overflow are blamed for promoting insecure solutions that are naively copy-pasted by inexperienced developers. In this paper, we for the first time systematically analyzed how the use of information resources impacts code security. We first surveyed 295 app developers who have published in the Google Play market concerning how they use resources to solve security-related problems. Based on the survey results, we conducted a lab study with 54 Android developers (students and professionals), in which participants wrote security-and privacy-relevant code under time constraints. The participants were assigned to one of four conditions: free choice of resources, Stack Overflow only, official Android documentation only, or books only. Those participants who were allowed to use only Stack Overflow produced significantly less secure code than those using, the official Android documentation or books, while participants using the official Android documentation produced significantly less functional code than those using Stack Overflow. To assess the quality of Stack Overflow as a resource, we surveyed the 139 threads our participants accessed during the study, finding that only 25% of them were helpful in solving the assigned tasks and only 17% of them contained secure code snippets. In order to obtain ground truth concerning the prevalence of the secure and insecure code our participants wrote in the lab study, we statically analyzed a random sample of 200,000 apps from Google Play, finding that 93.6% of the apps used at least one of the API calls our participants used during our study. We also found that many of the security errors made by our participants also appear in the wild, possibly also originating in the use of Stack Overflow to solve programming problems. Taken together, our results confirm that API documentation is secure but hard to use, while informal documentation such as Stack Overflow is more accessible but often leads to insecurity. Given time constraints and economic pressures, we can expect that Android developers will continue to choose those resources that are easiest to use, therefore, our results firmly establish the need for secure-but-usable documentation.
7/12		No seminar More info
7/5		No seminar More info
6/28		No seminar More info
6/21		No seminar More info
6/14		Comparing the Usability of Cryptographic APIs (Acar et al) More info Abstract: Potentially dangerous cryptography errors are well-documented in many applications. Conventional wisdom suggests that many of these errors are caused by cryptographic Application Programming Interfaces (APIs) that are too complicated, have insecure defaults, or are poorly documented. To address this problem, researchers have created several cryptographic libraries that they claim are more usable; however, none of these libraries have been empirically evaluated for their ability to promote more secure development. This paper is the first to examine both how and why the design and resulting usability of different cryptographic libraries affects the security of code written with them, with the goal of understanding how to build effective future libraries. We conducted a controlled experiment in which 256 Python developers recruited from GitHub attempt common tasks involving symmetric and asymmetric cryptography using one of five different APIs. We examine their resulting code for functional correctness and security, and compare their results to their self-reported sentiment about their assigned library. Our results suggest that while APIs designed for simplicity can provide security benefits—reducing the decision space, as expected, prevents choice of insecure parameters—simplicity is not enough. Poor documentation, missing code examples, and a lack of auxiliary features such as secure key storage, caused even participants assigned to simplified libraries to struggle with both basic functional correctness and security. Surprisingly, the availability of comprehensive documentation and easy-to-use code examples seems to compensate for more complicated APIs in terms of functionally correct results and participant reactions; however, this did not extend to security results. We find it particularly concerning that for about 20% of functionally correct tasks, across libraries, participants believed their code was secure when it was not. Our results suggest that while new cryptographic libraries that want to promote effective security should offer a simple, convenient interface, this is not enough: they should also, and perhaps more importantly, ensure support for a broad range of common tasks and provide accessible documentation with secure, easy-to-use code examples.
6/7		Stack Overflow Considered Harmful? --- The Impact of Copy&Paste on Android Application Security (Fischer et al) More info Abstract: Online programming discussion platforms such as Stack Overflow serve as a rich source of information for software developers. Available information include vibrant discussions and oftentimes ready-to-use code snippets. Previous research identified Stack Overflow as one of the most important information sources developers rely on. Anecdotes report that software developers copy and paste code snippets from those information sources for convenience reasons. Such behavior results in a constant flow of community-provided code snippets into production software. To date, the impact of this behaviour on code security is unknown. We answer this highly important question by quantifying the proliferation of security-related code snippets from Stack Overflow in Android applications available on Google Play. Access to the rich source of information available on Stack Overflow including ready-to-use code snippets provides huge benefits for software developers. However, when it comes to code security there are some caveats to bear in mind: Due to the complex nature of code security, it is very difficult to provide ready-to-use and secure solutions for every problem. Hence, integrating a security-related code snippet from Stack Overflow into production software requires caution and expertise. Unsurprisingly, we observed insecure code snippets being copied into Android applications millions of users install from Google Play every day. To quantitatively evaluate the extent of this observation, we scanned Stack Overflow for code snippets and evaluated their security score using a stochastic gradient descent classifier. In order to identify code reuse in Android applications, we applied state-of-the-art static analysis. Our results are alarming: 15.4% of the 1.3 million Android applications we analyzed, contained security-related code snippets from Stack Overflow. Out of these 97.9% contain at least one insecure code snippet.

Overview

The Fall 2016 offering of CS 7936 will focus on reading and discussing papers that are useful related work for the presenter's security and privacy research.

Class announcements are sent out on security-privacy@cs.utah.edu. You can subscribe at http://mailman.cs.utah.edu/mailman/listinfo/security-privacy.

Credit

Students may enroll for one (1) credit. Although the University lists the course as “variable credit,” the two- and three-credit options are not currently available.

Students enrolled in the seminar are expected to read the papers prior to the seminar. Additionally, students are expected to sign up to lead the discussion on one or more seminar meeting. Leading the disucssion means:

1. Choosing the paper and sending it to tdenning@cs.utah.edu by 6PM Sunday before the seminar meeting;
2. Preparing a 7-10 minute summary of the paper and its pertinent points;
3. Familiarizing yourself enough with the paper to be able to answer questions that may come up;
4. Preparing potential discussion points if the discussion needs prompting.

Reading and Presenting

It can be useful to look up the video of the presentation (if it was at USENIX, the video was recorded and is available online) and/or the slides (which may be available on the presenting author's page).

The following questions (some of which are pulled from Writing for Computer Science) can be useful to keep in mind when reading a paper (although not all questions will apply to all papers):

• What phenomena or properties are being investigated? Why are they of interest? 
• Has the aim of the research been articulated? What are the specific hypotheses and research questions? Are these elements convincingly connected to each other?
• To what extent is the work innovative? How does it differ from past work?
• What are the underlying assumptions? Are they sensible?
• What forms of evidence are used?
• How is the evidence measured? Are the chosen methods of measurement objective, appropriate, and reasonable?
• What compromises or simplifications are inherent in the choice of measure?
• To what extent do the results persuasively confirm the hypothesis? 
• What are the likely weaknesses of or limitations to the approach?
• Which results are the most surprising?
• What is the main contribution of the work?
• Are appropriate conclusions drawn from the results, or are there other possible interpretations?
• Could the results be verified?
• Do the results have applicability to other problems or domains?
• Do the title, abstract, and introduction appropriately set the context for the work?
• Is there anything unusual about the organization of the write-up, and, if so, is there a reason for this organization?
• Are the Tables and Figures clear and useful?
• Are the results of practical applicability, or are they more theoretical in nature?
• What are the main strengths of the paper? What are its weaknesses?
• If you were to cite this paper, what kinds of things might you be citing it for?
• Are there interesting future directions for work that the authors have not discussed?
• Are there particular steps in the methodology or presentation that you would have done differently?
• Are there any methodological decisions that seem to have been motivated by restrictions on time or resources, rather than absolute feasibility?
• Are there any ethical issues associated with the paper, and if so, how were they (or how weren't they) dealt with?