ECEN 5013/CSCI 7000-0009: Advanced Computer and Networked System Security

Schedule

The outline will be updated. Please check out the readings one week before the date and read them before class.

We will be using HotCRP to submit reading responses for the papers indicated. Please sign up as soon as possible. Thanks to Matt Monaco for setting it up.

Lecture Date Topics Papers (read before class) Notes/Resources
1 Wed 08/27 Introduction Keshav: How To Read a Paper,
Symantec Internet Security Threat Report
2 Fri 08/29 Software Exploits Smashing the Stack
Heap Sprays to Sandbox Escapes
no write up
3 Wed 09/03 Network Protocol Exploits Security Problems in the TCP/IP Protocol Suite no write up.
4 Fri 09/05 Making the attack / Fuzzing Exploiting Embedded Devices
Study of UNIX Utilities
No write up, read both papers.
5 Wed 09/10 Defending the Attack Intel Driven Defense
Active Security [HotNets2013]
No write up, read both papers.
6 Fri 09/12 Side channels Hey you, get off my cloud [CCS09]
(student: Smart Meters [CCS12])
write up due Thur. 11:59pm
7 Wed 09/17 Side channels HomeAlone[IEEE S&P2011]
(student: FPGA Bitstream[CCS2011])
Write up due Thurs 11:59pm
8 Fri 09/19 ROP and leaked info ROP[CCS 2007]
(As optional suppliment, longer and updated version, and presentations, found here)
(student: AmazonIA[CCS11])
No writeup, but read ROP paper.
9 Wed 09/24 Protection: System Software N-Variant Systems [SEC06]
(student: Unikernels [ASPLOS 2013])
write up due Tues 11:59pm
10 Fri 09/26 Protection: Network Bro [USENIX Sec 1998]
(student: Evading IDS [USENIX Sec 2001])
write up due Thur 11:59pm
11 Wed 10/01 Software-Defined Networking Ethane [SIGCOMM07]
(student: AvantGuard [CCS13])
write up due Tues 11:59pm
12 Fri 10/03 Contained Execution GQ [IMC 2011]
(student: Vigilante [SOSP 2005])
write up due Thurs 11:59pm
13 Wed 10/08 Information Flow Tracking HiStar [OSDI 2006]
(student: Taint Droid [OSDI 2010])
write up due Tues 11:59pm
14 Fri 10/10 Embedded Car Hacking [IEEE S&P 2010]
(student: WattsUpDoc [HealthTech2013])
write up due Thur 11:59pm
15 Wed 10/15 Embedded (student: IMDShield [SIGCOMM 2011])
(student: Embedded Web[USENIX SEC 2011])
write up due Thurs 11:59pm
16 Fri 10/17 Industrial Control Systems (optional) SmartGrid Security Survey [COMNET 2013])
(student: Exploiting GOOSE[Globecomm 2012],
optionally suppliment GOOSE paper with SDECN [SmartGridComm 2013])
No write up, at least skim the survey paper.
17 Wed 10/22 Virtualization/Cloud Introspection [NDSS 2003]
(student: Accountable VMs [OSDI 2010])
write up due Tues 11:59pm
18 Fri 10/24 Virtualization/Cloud (student: NoHype [CCS 2011])
(student: SPORC [OSDI 2010])
write up due Tues 11:59pm
19 Wed 10/29 Web OWASP top 10 2013
OWASP Mobile Top 10 Draft
Each student prepare 5 minute overview of 1 of the top 10 (to be assigned on Piazza).
20 Fri 10/31 Usability (student: Control-Alt-Hack [CCS2013])
(student: Johnny Can't Encrypt [USENIX Sec 1999])
write up due Thurs 11:59pm
21 Wed 11/05 Privacy (student: Tarzan [CCS 2002])
(student: Pseudonyms [SIGCOMM 2013])
write up of paper listed for Reading due Thurs 11:59pm
22 Fri 11/07 Privacy APIP [SIGCOMM 2014]
(student: CryptDB [SOSP 2011])
write up due Sun 11:59pm
- Wed 11/12 CANCELED SNOW
23 Fri 11/14 Hardware Malicious Hardware [IEEE S&P 2010]
(student: Flicker [EuroSys 2008])
write up due Thur 11:59pm
24 Wed 11/19 e-crime Pay per install [USENIX Sec 2011]
(student: Exploit as a Service [CCS 2012])
write up due Tues 11:59pm
- Fri 11/21 NO CLASS WORK ON PROJECTS!
- Wed 11/26 FALL BREAK
- Fri 11/28 FALL BREAK
25 Wed 12/03 e-crime (student: Click Trajectories [IEEE S&P 2011])
(student: BitCoin [TechReport])
write up due Tues 11:59pm
26 Fri 12/05 Trust/Reputation (student: TrInc[NSDI09])
(student: Reputation for DNS[USENIX Sec 10])
Write up due Thur 11:59pm.
27 Wed 12/10 Project Presentations
28 Fri 12/12 Project Presentations