ECEN 5008-0004/CSCI 7000-0010 (Fall 2017): Advanced Computer and Networked System Security

Schedule

The outline will be updated. Please check out the readings one week before the date and read them before class.

We will be using HotCRP to submit reading responses for the papers indicated. Link to sign up will come some.

Lecture Date Topics Papers (read before class) Notes/Resources
1 Tues 08/29 Introduction Keshav: How To Read a Paper,
Symantec Internet Security Threat Report (2017)
Microsoft Security Intelligence Report (2017)
2 Thur 08/31 Software Exploits Smashing the Stack
Heap Sprays to Sandbox Escapes
no write up
3 Tues 09/05 Network Protocol Exploits Security Problems in the TCP/IP Protocol Suite no write up.
4 Thurs 09/07 Making the attack / Fuzzing Exploiting Embedded Devices
Study of UNIX Utilities
No write up, read both papers.
5 Tues 09/12 Defending the Attack Intel Driven Defense
Active Security [HotNets2013]
No write up, read both papers.
6 Thurs 09/14 Protection: Network ETHANE [SIGCOMM07]
Bro [SEC98] )
7 Tues 09/19 Protection: Network
Protection: SW Systems
APLOMB [SIGCOMM12]
N-Variant Systems [SEC06])
8 Thur 09/21 Protection: SW Systems
ROP
Unikernels [ASPLOS 2013]
ROP[CCS 2007]
(As optional suppliment, longer and updated version, and presentations, found here)
9 Tues 09/26 Protection: SW Systems
ROP
Introspection[NDSS03]
kBouncer[SEC13]
10 Thur 09/28 Trusted Hardware OpenSGX [NDSS16]
fTPM [SEC16]
11 Tues 10/03 Trusted HW
Network Monitoring
No readings -- will post on slack two drafts.
12 Thur 10/05 Embedded Car Hacking [IEEE S&P 2010]
IMDShield [SIGCOMM 2011]
13 Tues 10/10 Embedded
Untrusted Env
Mirai [SEC17]
Accountable VMs [OSDI 2010]
14 Thur 10/12 Untrusted Env
Crypto Currency
SPORC [OSDI 2010]
Bitcoin [TechReport]
(optional, for more background: Bitcoin's Academic Pedigree)
15 Tues 10/17 Crypto Currency Smart Contracts Lab [TechReport15]
Hijacking Bitcoin [IEEE S&P 2017]
16 Thur 10/19 Protecting: Data CryptDB [SOSP11]
Vanish [SEC09]
17 Tues 10/24 Protecting: Data
Contained Execution
CLAMP [IEEE S&P 09]
GQ [IMC 2011]
18 Thur 10/26 Side channels Hey you, get off my cloud [CCS09]
Web App Side Channel [IEEE S&P 2010]
19 Tues 10/31 Protecting: Network (considerations) DELTA [NDSS 2017]
Virtual Firewall [NDSS 2017]
20 Thur 11/02 (un)trusted Hardware Malicious Hardware [IEEE S&P 2010]
ROP SGX [SEC17]
21 Tues 11/07 Privacy Tor [SEC04]
Web Tracking [NSDI 12]
22 Thur 11/09 Privacy Tracker History [SEC 2016]
Price of Free [NDSS 2016]
23 Tues 11/14 Usability Johnny Can't Encrypt [USENIX Sec 1999]
Real Passwords [CCS 2013]
24 Thur 11/16 Info Flow Tracking HiStar [OSDI 2006]
Taint Droid [OSDI 2010]
- Tues 11/21 FALL BREAK
- Thur 11/23 FALL BREAK
25 Tues 11/28 Software Verification Driller [NDSS 2016]
seL4 [SOSP 2009]
26 Thur 11/30 SPAM Click Trajectories [IEEE S&P 2011]
SNARE [SEC 09]
27 Tues 12/05 e-crime Pay per install [USENIX Sec 2011]
Leaked Webmail Credentials [IMC 16]
28 Thur 12/07 SPAM NO CLASS - WORK ON PROJECTS
29 Tues 12/12 PRESENTATIONS PRESENTATIONS
30 Thur 12/14 PRESENTATIONS PRESENTATIONS