Qualifying Exam Preparation

Sophie Engle • Fall 2006
Department of Computer Science
University of California at Davis

Exam Date

The exam will be held on Tuesday, September 5th, 2006 from 12:00pm - 3:00pm at Kemper Hall room 3083.

Committee

Summary

I plan on continuing and extending the Vulnerability Analysis project. The current project website is located at http://isis.cs.ucdavis.edu/vuln/.

Specifically, some of the tasks I would like to complete are:

  1. Harden our formalisms (including our definitions and classification framework)
  2. Expand our classification grammar to cover more vulnerabilities
  3. Classify a few hundred vulnerabilities
  4. Explore what makes a meaningful characteristic
  5. Explore methods of visualizing several vulnerabilities simultaneously
  6. Explore clustering methods to identify meaningful vulnerability classes

This includes only some of the tasks I am currently looking at. More detailed information will be presented in my qualifying exam paper.

Prior Work

I have already written a couple of papers on our work. The paper "Tree Approach to Vulnerability Classification" describes our general classification scheme, although some changes have been made since its writing. It can be viewed here.

We have also recently submitted a paper to CCS 2006 describing our formalization of a vulnerability and related notions. Our classification work is built on these formalizations. The paper, "A Practical Formalism for Vulnerability Comparison", can be downloaded here.

Exam Materials

My qualifying exam proposal and presentation may be downloaded here.

Proposal:
Low Qualify PDF (for viewing) [ proposal-lo.pdf 800 KB ]
High Qualify PDF (for printing) [ proposal-hi.pdf 10 MB ]
 
Presentation:
Presentation (Main) PPT [ talk-main.ppt 3.5 MB ]
Presentation (Main) PDF [ talk-main.pdf 3.3 MB ]
 
Presentation (Definitions) PPT [ talk-defs.ppt 800 KB ]
Presentation (Definitions) PDF [ talk-defs.pdf 1.3 MB ]