| Date |
Topic |
Reading & Notes (tentative) |
Speaker |
| Week 1, 09/02 |
Course overview |
- How to Read an Engineering Research Paper. William G. Griswold. [Link]
- Writing Technical Papers in CS/EE. Henning Schulzrinne. [Link]
- The Elements of Style. Strunk and White. [Link]
|
Fengwei Zhang [Slides] |
| Week 2, 09/07 |
No Class |
|
|
| Week 2, 09/09 |
Isolated Execution Environments |
Assigned:
- Using Hardware Isolated Execution Environments for Securing Systems, Fengwei Zhang, Ph.D. Thesis. [Link]
|
Fengwei Zhang [Slides] |
| Week 3, 09/14 |
Memory Attacks and Introspection |
Assigned:
- SPECTRE: A Dependable Introspection Framework via System Management Mode. Fengwei Zhang, Kevin Leach, Kun Sun, and Angelos Stavrou. In DSN'13. [Link]
Optional:
- HyperShell: A Practical Hypervisor Layer Guest OS Shell for Automated In-VM Management. Yangchun Fu, Junyuan Zeng, and Zhiqiang Lin. In Usenix ATC'14. [Link]
|
Fengwei Zhang [Slides] |
| Week 3, 09/16 |
Transparent Malware Analysis I |
Assigned:
- Using Hardware Features for Increased Debugging Transparency. Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang, and Kun Sun. In S&P'15. [Link]
Optional:
- MalGene: Automatic Extraction of Malware Analysis Evasion Signature. Dhilung Kirat and Giovanni Vigna. In CCS'15. [Link]
|
Fengwei Zhang [Slides] |
| Week 4, 09/21 |
Transparent Malware Analysis II |
Assigned:
- Evading Android Runtime Analysis via Sandbox Detection. Timothy Vidas and Nicolas Christin. In AsiaCCS'14. [Link]
Optional:
- Morpheus: Automatically Generating Heuristics to Detect Android Emulators. Yiming Jing, Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu. In ACSAC'14. [Link]
|
Hitakshi Annayya [Slides] |
| Week 4, 09/23 |
Denial of Service (DoS) Attack |
Assigned:
- Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants). Aleksandar Kuzmanovic and Edward W. Knightly. In ACM SIGCOMM'03. [Link]
Optional:
- Practical Study of a Defense Against Low-Rate TCP-Targeted DoS Attack. Petros Efstathopoulos. In ICITST'09. [Link]
- Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics. Yang Xiang, Ke Li, and Wanlei Zhou. In TIFS'11. [Link]
|
Fengwei Zhang [Slides] |
| Week 5, 09/28 |
Car Hacking I |
Assigned:
- Remote Exploitation of an Unaltered Passenger Vehicle. Charlie Miller and Chris Valasek. In BlackHat USA'15. [Link]
|
Hitakshi Annayya [Slides] |
| Week 5, 09/30 |
Car Hacking II |
Assigned:
- Comprehensive Experimental Analyses of Automotive Attack Surfaces. Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno. In UsenixSecurity'11. [Link]
|
Lucas Andrew Copi [Slides] |
| Week 6, 10/05 |
OS Security |
Project Proposals Due
Assigned:
- ret2dir: Rethinking Kernel Isolation. Vasileios P. Kemerlis, Michalis Polychronakis, and Angelos D. Keromytis. In UsenixSecurity'14. [Link]
|
Lucas Andrew Copi [Slides] |
| Week 6, 10/07 |
Term Project Proposal |
- Proposal Presentations and Discussion
|
Fengwei Zhang [Slides] |
| Week 7, 10/12 |
Password Management |
Assigned:
- Password Managers: Attacks and Defenses. David Silver, Suman Jana, Dan Boneh, Eric Chen and Collin Jackson. In UsenixSecurity'14. [Link]
|
Sai Tej Kancharla [Slides] |
| Week 7, 10/14 |
Memory Forensic |
Assigned:
- DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse. Brendan Saltaformaggio, Zhongshu Gu, Xiangyu Zhang, and Dongyan Xu. In UsenixSecurity'14. [Link]
Optional:
- GUITAR: Piecing Together Android App GUIs from Memory Images. Brendan Saltaformaggio, Rohit Bhatia, Zhongshu Gu, Xiangyu Zhang, Dongyan Xu. In CCS'15 [Link]
|
Sharani Sankaran [Slides] |
| Week 8, 10/19 |
iOS Security |
Assigned:
- On the Feasibility of Large-Scale Infections of iOS Devices. Tielei Wang, Yeongjin Jang, Yizheng Chen, Pak-Ho Chung, Billy Lau, and Wenke Lee. In UsenixSecurity'14. [Link]
Optional:
- Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS X and iOS. Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, Xiaojing Liao, Shi-Min Hu, and Xinhui Han. In CCS'15 [Link]
- iRiS: Vetting Private API Abuse in iOS Applications Zhui Deng, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu. In CCS'15 [Link]
|
Sai Tej Kancharla [Slides] |
| Week 8, 10/21 |
Android Security I |
Revised Proposals Due
Assigned:
- Leave Me Alone: App-level Protection Against Runtime Information Gathering on Android. Nan Zhang, Kan Yuan, Muhammad Naveed, Xiaoyong Zhou, and XiaoFeng Wang. In S&P'15. [Link]
Optional:
- Effective Real-time Android Application Auditing. Mingyuan Xia, Lu Gong, Yuanhao Lv, Zhengwei Qi, Xue Liu. In S&P'15. [Link]
|
Hitakshi Annayya [Slides] |
| Week 9, 10/26 |
Android Security II |
Assigned:
- What the App is That? Deception and Countermeasures in the Android User Interface. Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel and Giovanni Vigna. In S&P'15. [Link]
Optional:
- Android Permissions Remystified: A Field Study on Contextual Integrity. Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David Wagner, Konstantin Beznosov. In UsenixSecurity'15. [Link]
|
Lucas Andrew Copi [Slides] |
| Week 10, 10/28 |
Authentication and Trust |
Assigned:
- TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens. He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing. In CCS'15. [Link]
Optional:
- Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound. Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, and Srdjan Capkun. In UsenixSecurity'15. [Link]
|
Fengwei Zhang [Slides] |
| Week 10, 11/02 |
ROP Attack |
- The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). Hovav Shacham. In CCS'07. [Link]
|
Ahmad Moghimi [Slides] |
| Week 10, 11/04 |
Plausibly Deniable Encryption (PDE) |
Assigned:
- DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A. Gondree, and Zachary N. J. Peterson. In NDSS'15. [Link]
Optional:
- MobiPluto: File System Friendly Deniable Storage for Mobile Devices. Bing Chang, Zhan Wang, Bo Chen, and Fengwei Zhang. In ACSAC'15. [Link]
- Mobiflage: Deniable Storage Encryptionfor Mobile Devices. Adam Skillen and Mohammad Mannan. In NDSS'13 and TDSC'14. [Link]
|
Fengwei Zhang [Slides] |
| Week 11, 11/09 |
TrustZone on ARM |
Assigned:
- TrustICE: Hardware-assisted Isolated Computing Environments on Mobile Devices. He Sun, Kun Sun, Yuewu Wang, Jiwu Jing, and Haining Wang. In DSN'15. [Link]
Optional:
- Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World. Ahmed Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, and Wenbo Shen. In CCS'14. [Link]
|
Zhenyu Ning [Slides] |
| Week 11, 11/11 |
Semantic Gap Problem |
Assigned:
- SoK: Introspections on Trust and the Semantic Gap. Bhushan Jain, Mirza Basim Baig, Dongli Zhang, Donald E. Porter, and Radu Sion. In S&P'14. [Link]
Optional:
- Hybrid-Bridge: Efficiently Bridging the Semantic-Gap in Virtual Machine Introspection via Decoupled Execution and Training Memoization. Alireza Saberi, Yangchun Fu, and Zhiqiang Lin. In NDSS'14. [Link]
|
Zhenyu Ning [Slides] |
| Week 12, 11/16 |
Password Login |
Assigned:
- TrustLogin: Securing Password-Login on Commodity Operating Systems. Fengwei Zhang, Kevin Leach, Haining Wang, and Angelos Stavrou. In AsiaCCS'15. [Link]
|
Fengwei Zhang [Slides] |
| Week 12, 11/18 |
Firmware Security |
Assigned:
- A Large-Scale Analysis of the Security of Embedded Firmwares. Andrei Costin, Jonas Zaddach, Aurelien Francillon, and Davide Balzarotti. In UsenixSecurity'14. [Link]
Optional:
- Thunderstrike: EFI firmware bootkits for Apple MacBooks. Trammell Hudson. In 31C3. [Link]
|
Zhenyu Ning [Slides] |
| Week 13, 11/23 |
Term Project Discussion |
- Working Class for Term Project (Q & A)
|
Fengwei Zhang [Slides] |
| Week 13, 11/25 |
No Class |
|
|
| Week 14, 11/30 |
Moving Target Defense |
Assigned:
- Survey of Cyber Moving Targets. H. Okhravi, M.A. Rabe, T.J. Mayberry, W.G. Leonard, T.R. Hobson, D. Bigelow, W.W. Streilein. Technical Report, MIT Lincoln Laboratory, 2013. [Link]
|
Sharani Sankaran [Slides] |
| Week 14, 12/02 |
Web Security |
Assigned:
- ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities. Michael Weissbacher, William Robertson, Engin Kirda, Christopher Kruegel and Giovanni Vigna. In UsenixSecurity'15. [Link]
|
Sai Tej Kancharla [Slides] |
| Week 15, 12/07 |
Privacy in Pharmacogenetics |
Assigned:
- Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing. Matthew Fredrikson, Eric Lantz, Somesh Jha, Simon Lin, David Page and Thomas Ristenpart. In UsenixSecurity'14. [Link]
|
Sharani Sankaran [Slides] |
| Week 15, 12/09 |
Term Project Presentations |
|
|
| Week 16, 12/14 |
Term Project Presentations |
Project Final Reports Due
|
|