CIS 6614 - Advanced Software Systems Security, Fall 2024

Overview

This page provides information on some of the resources available for students in CIS 6614.

This page is organized as follows:

• UCF Library Resources
• Web and Social Media Resources
• Threat Modeling Tools
• Professional Societies
  • ACM
  • IEEE Computer Society
  • USENIX
• Other Resources
  • Conferences
  • Journals
  • Online Resources

Return to top

UCF Library Resources

The UCF Library has a general guide to the literature in Computer Science, which is found at:

• guides.ucf.edu/cs.

Return to top

Web and Social Media Resources

Some useful web resources related to this course are:

• Krebs on Security, which features "in-depth security news and investigation."
• The Hacker News.
• Threat Post.
• Naked Security by Sophos.
• Schneier on Security by Bruce Schneier.

See also the list of Top Security Blogs and Websites by Michelle Moore of UCSD.

Return to top

Threat Modeling Tools

The following tools may be useful for threat modeling:

• OWASP Threat Dragon
• Microsoft Threat Modeling Tool
• Threagile
• Radare2
• Lindun Go, a free tool for investing privacy threats.

See also the Threat Modeling Manifesto.

The following YouTube videos might be useful as well:

• Lightning Demo - Threatmodel Tool Demos by Steven Wierckx and Mike Goodwin - 16 Jun 2020
• How to do Real World Threat Modeling from CyberSecurityTV
• 1. Introduction, Threat Models from MIT OpenCourseWare's 6.858 Computer Systems Security class
• OWASP Based Threat Modelling: Creating A Feedback Model In An Agile Environment - Chaitanya Bhatt
• PASTA Threat Modeling for Cybersecurity, OWASP All Chapters 2020 Presentation

Return to top

Professional Societies

There are two main professional societies in computing, the Association for Computing Machinery (ACM) and the Institute for Electrical and Electronics Engineers (IEEE). The UCF Library gives access to all publications of these professional societies. Both the ACM and IEEE Computer Society have student memberships and student chapters at UCF.

Another important resource for publications and conferences in security is USENIX, which makes several publications available. USENIX also has student memberships.

Another professional society is the (ISC)², which is "an international, nonprofit membership association for information security leaders." The (ISC)² focuses on cybersecurity and has certifications.

ACM

The ACM has several resources for members, including a learning center.

The ACM also has various special interest groups (SIGs) that focus on particular areas of computing. Some SIGs that are relevant for this course include:

• SIGCHI, which focuses on "computer-human interaction." This SIG has a "shared understanding that designing useful and usable technology is an interdisciplinary process, and when done properly it has the power to transform persons' lives."
• SIGSAC, which focuses on "information and system security, encompassing security technologies, secure systems, security applications, and security policies."

IEEE Computer Society

The IEEE contains the Computer Society, which "advances the theory, practice, and application of computer and information-processing science and technology, as well as the professional standing of its members." Its educational resources relevant to this course include:

• The IEEE Computer Society has a Technical Committee on Security and Privacy, which organizes a Secure Development Conference.
• IEEE Security & Privacy magazine.
• Tech News, which features "Relevant news, analysis, and blogs to keep you best informed, based on world-class research and thought leadership." You can subscribe to the Computing Edge newsletter there.

USENIX

USENIX makes several publications available. USENIX also has student memberships.

Return to top

Other Resources

Conferences

The following are considered the top academic conferences in Computer Security:

• The IEEE Symposium on Security and Privacy (also known as "Oakland").
• The ACM Conference on Computer and Communications Security (CCS).
• The USENIX Security Symposia.
• TheNetwork and Distributed System Security (NDSS) Symposium, which may be less relevant for this course than the ones above.

The following conferences are also relevant to this course (and perhaps more focused on topics relevant to the course):

• The IEEE/ACM International Conference on Software Engineering (ICSE).
• The ACM Annual Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE).
• The Annual Computer Security Applications Conference (ACSAC).
• The Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).
• The SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA).
• The USENIX Symposium on Usable Privacy and Security (SOUPS).
• The ACM Conference on Data and Application Security and Privacy (CODASPY).

Guofei Gu has a useful list of computer security conferences.

Journals

The following journals give examples of professional writing in security. In most cases access to these is free from the UCF library.

• Digital Threats: Research and Practice
• Computing Systems (from USENIX).
• ACM Journal on Responsible Computing.

Online Resources

The following are some other useful resources.

• All in One is a collection of news items from Hacker News, Reddit, Product Hunt, Slashdot, Designer News, Github Trending, Medium, and Lifehacker.
• Security Sense is a subscription service from tne National Security Institute
• The Open Web Application Security Project (OWASP), which includes the OWASP Top Ten software security risks and resources on Threat Modeling.
• CAPEC: Common Attack Pattern Enumeration and Classification, "a community resource for identifying and understanding attacks"
• 2022 CWE Top 25 Most Dangerous Software Weakensses.
• CVE Details, which gives more information about the Common Weakness Enumeration (CWE) database.
• Mitre's Open Vulnerability and Assessment Language (OVAL) definitions.
• XSS Cheat Sheet.

Return to top

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

Last modified Friday, August 9, 2024.

This web page is for CIS 6614 at the University of Central Florida. The details of this course are subject to change as experience dictates. You will be informed of any changes. Please direct any comments or questions to Gary T. Leavens at Leavens@ucf.edu. Some of the policies and web pages for this course are quoted or adapted from other courses I have taught, in partciular, COP 4020.