| Date |
Topic |
Reading & Notes (tentative) |
Speaker |
| Week 1, 08/29 |
Course overview |
- How to Read an Engineering Research Paper. William G. Griswold. [Link]
- Writing Technical Papers in CS/EE. Henning Schulzrinne. [Link]
- The Elements of Style. Strunk and White. [Link]
|
Fengwei Zhang
[Slides] |
| Week 2, 09/03 |
No Class |
|
|
| Week 2, 09/05 |
Hardware Isolated Execution Environments |
Assigned:
- SoK: A Study of Using Hardware-assisted Isolated Execution Environments for Security. Fengwei Zhang and Hongwei Zhang. In HASP'16. [Link]
Optional:
- Using Hardware Isolated Execution Environments for Securing Systems, Fengwei Zhang, Ph.D. Thesis. [Link]
|
Fengwei Zhang
[Slides] |
| Week 3, 09/10 |
Transparent Malware Analysis on x86 |
Assigned:
- Using Hardware Features for Increased Debugging Transparency. Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang, and Kun Sun. In S&P'15. [Link]
Optional:
- MalGene: Automatic Extraction of Malware Analysis Evasion Signature. Dhilung Kirat and Giovanni Vigna. In CCS'15. [Link]
|
Fengwei Zhang
[Slides] |
| Week 3, 09/12 |
Transparent Malware Analysis on ARM |
Assigned:
- Ninja: Towards Transparent Tracing and Debugging on ARM. Zhenyu Ning and Fengwei Zhang. In USENIX Security'17. [Link]
Optional:
- Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices. Le Guan, Shijie Jia, Bo Chen, Fengwei Zhang, Bo Luo, Jingqiang Lin, Peng Liu, Xinyu Xing, and Luning Xia. In ACSAC'17. [Link]
- BareDroid: Large-Scale Analysis of Android Apps on Real Devices. Simone Mutti, Yanick Fratantonio, Antonio Bianchi, Luca Invernizzi, Jacopo Corbetta, Dhilung Kirat, Christopher Kruegel, Giovanni Vigna. In ACSAC'15. [Link]
|
Fengwei Zhang
[Slides] |
| Week 4, 09/17 |
Mining Malware |
Assigned:
- An In-depth Look into Drive-by Mining and Its Defense. In CCS'18. [Link]
Optional:
|
Rajshakhar Paul
[Slides] |
| Week 4, 09/19 |
Transportation Security I |
Assigned:
- Green Lights Forever: Analyzing the Security of Traffic Infrastructure. William Beyer, Branden Ghena, Allen Hillaker, Jonathan Pevarnek, and J. Alex Halderman. In WOOT'14. [Link]
Optional:
- Hacking US (and UK, Australia, France, etc.) Traffic Control Systems. Cesar Cerrudo. In IOActive Blog 2014. [Link]
|
Sezana Fahmida
[Slides]
Rajshakhar Paul
[Slides] |
| Week 5, 09/24 |
IoT Security I |
Assigned:
- Fear and Logging in the Internet of Things. Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl Gunter. In NDSS'18. [Link]
Optional:
- Security Analysis of Emerging Smart Home Applications. Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. In S&P'16. [Link]
- FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. In UsenixSecurity'16. [Link]
|
Md Mahbubur
[Slides] |
| Week 5, 09/26 |
BlockChain I |
Assigned:
- RapidChain: Scaling Blockchain via Full Sharding. Mahdi Zamani, Mahnush Movahedi, Mariana Raykova. In CCS'18. [Link]
Optional:
- Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos Papamanthou. In S&P'16. [Link]
- On the Security and Performance of Proof of Work Blockchains. Arthur Gervais, Ghassan O. Karame, Karl Wüst, Vasileios Glykantzis, Hubert Ritzdorf and Srdjan Capkun. In CCS'16. [Link]
- Chainspace: A Sharded Smart Contracts Platform. Mustafa Al-Bassam, Alberto Sonnino, Shehar Bano, Dave Hrycyszyn, and George Danezis. In NDSS'18. [Link]
|
Jinghui Liao
[Slides]
Aaron Zhang
[Slides] |
| Week 6, 10/01 |
Ransomware |
Assigned:
- UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. Amin Kharaz, Sajjad Arshad, Collin Mulliner, William Robertson, and Engin Kirda. In UsenixSecurity'16. [Link]
Optional:
- Redemption: Real-time Protection Against Ransomware at End-Hosts. Amin Kharaz and Engin Kirda. In RAID'17. [Link]
- CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. Nolen Scaife, Henry Carter, Patrick Traynor, and Kevin Butler. In ICDCS'16 [Link]
|
Paul Weliczko
[Slides]
Rajshakhar Paul
[Slides] |
| Week 6, 10/03 |
Transportation Security II |
Project Proposals Due
Assigned:
- Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control. Qi Alfred Chen, Yucheng Yin, Yiheng Feng, Z. Morley Mao, Henry X. Liu. In NDSS'18 [Link]
|
Sezana Fahmida
[Slides] |
| Week 7, 10/07 |
Term Project Proposal |
- Proposal Presentations and Discussion
|
|
| Week 7, 10/10 |
Plausibly Deniable Encryption (PDE) |
Assigned:
- MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices. Bing Chang, Fengwei Zhang, Bo Chen, Yingjiu Li, Wen-Tao Zhu, Yangguang Tian, Zhan Wang, and Albert Ching. In DSN'18. [Link]
Optional:
- DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A. Gondree, and Zachary N. J. Peterson. In NDSS'15. [Link]
- MobiPluto: File System Friendly Deniable Storage for Mobile Devices. Bing Chang, Zhan Wang, Bo Chen, and Fengwei Zhang. In ACSAC'15. [Link]
- Mobiflage: Deniable Storage Encryptionfor Mobile Devices. Adam Skillen and Mohammad Mannan. In NDSS'13 and TDSC'14. [Link]
|
Tanzeer Hossain
[Slides]
Evan Melvin
[Slides] |
| Week 8, 10/15 |
Big Data and Intel SGX I |
Assigned:
- Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel. In OSDI'16. [Link]
Optional:
- SCONE: Secure Linux Containers with Intel SGX. Sergei
Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre
Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran,
Daniel O'Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers,
Rudiger Kapitza, Peter Pietzuch, and Christof Fetzer. In OSDI'16.
[Link]
|
Paul Weliczko |
| Week 8, 10/17 |
Big Data and Intel SGX II |
Assigned:
- VC3: Trustworthy Data Analytics in the Cloud using SGX. Felix Schuster, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. In S&P'15. [Link]
|
Paul Weliczko
Shikha Sikligar
[Slides] |
| Week 9, 10/22 |
Side-channel Attacks I |
Assigned:
- Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. Jo Van Bulck, Frank Piessens, Raoul Strackx (imec-DistriNet, KU Leuven).
Marina Minkin, Mark Silberstein, Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F. Wenisch, Yuval Yarom. In USENIX Security'18 [Link]
Optional:
- Meltdown and Spectre. [Link]
- Foreshadow. [Link]
|
Shikha Sikligar
[Slides]
Tanzeer Hossain
[Slides] |
| Week 10, 10/24 |
Side-channel Attacks II |
Assigned:
- CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management. Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. In USENIX Security'17. [Link]
Optional:
- S$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing-and its Application to AES. Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. In S&P'15. [Link]
|
Aaron Zhang
[Slides]
Alokparna Bandyopadhyay
[Slides] |
| Week 10, 10/29 |
TEE Application |
Assigned:
- DelegaTEE: Brokered Delegation Using Trusted Execution Environments. Sinisa Matetic, Moritz Schneider, Andrew Miller, Ari Juels, Srdjan Capkun. In USENIX Security'18. [Link]
|
Shikha Sikligar
[Slides]
Evan Melvin
[Slides] |
| Week 10, 10/31 |
Fuzzing |
Assigned:
- QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. Insu Yun, Sangho Lee, and Meng Xu, Yeongjin Jang, Taesoo Kim. In USENIX Security'18. [Link]
|
Oskars Dauksts
[Slides]
Naim Cekaj
[Slides]
|
| Week 11, 11/05 |
IoT Security II |
Assigned:
- IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang , and Kehuan Zhang. In NDSS'18. [Link]
|
Md Mahbubur Rahman
[Slides]
Sezana Fahmida
[Slides] |
| Week 11, 11/07 |
Hardware Attacks |
Assigned:
- A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping. Seunghun Han, Wook Shin, Jun-Hyeok Park, and HyoungChun Kim. In USENIX Secuirty'18. [Link]
Optional:
|
Oskars Dauksts
[Slides]
Naim Cekaj
[Slides] |
| Week 12, 11/12 |
Car Hacking I |
Assigned:
- Viden: Attacker Identification on In-Vehicle Networks. Kyong-Tak Cho and Kang G. Shin. In CCS'17. [Link]
Optional:
- Lock It and Still Lose It - On the (In)Security of Automotive Remote Keyless Entry Systems. Flavio D. Garcia, David Oswald, Timo Kasper, and Pierre Pavlidès. In UsenixSecurity'16. [Link]
- Remote Exploitation of an Unaltered Passenger Vehicle. Charlie Miller and Chris Valasek. In BlackHat USA'15. [Link]
|
Md Mahbubur Rahman
[Slides]
Alokparna Bandyopadhyay
[Slides] |
| Week 12, 11/14 |
Inaudible Voice Attacks |
Assigned:
- DolphinAttack: Inaudible Voice Commands. Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. In CCS'17. [Link]
|
Oskars Dauksts
[Slides]
Naim Cekaj
[Slides] |
| Week 13, 11/19 |
Car Hacking II |
Assigned:
- Scission: Signal Characteristic-Based Sender Identification and Intrusion Detection in Automotive Networks. Marcel Kneib, Christopher Huth. In CCS'18. [Link]
Optional:
- Fingerprinting Electronic Control Units for Vehicle Intrusion Detection. Kyong-Tak Cho and Kang G. Shin. In UsenixSecurity'16. [Link]
- Comprehensive Experimental Analyses of Automotive Attack Surfaces. Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno. In UsenixSecurity'11. [Link]
|
Aaron Zhang
[Slides]
Alokparna Bandyopadhyay
[Slides] |
| Week 13, 11/21 |
No Class |
|
|
| Week 14, 11/26 |
Working Class for Term Project |
- Working Class for Term Projects
|
Term Project
[Slides] |
| Week 14, 11/28 |
Moving Target Defense |
Assigned:
- Survey of Cyber Moving Targets. H. Okhravi, M.A. Rabe, T.J. Mayberry, W.G. Leonard, T.R. Hobson, D. Bigelow, W.W. Streilein. Technical Report, MIT Lincoln Laboratory, 2013. [Link]
|
Tanzeer Hossain and Jinghui Liao
[Slides] |
| Week 15, 12/03 |
Blockchain II |
- A Better Method to Analyze Blockchain Consistency. In CCS'18. [Link]
|
Jinghui Liao and Evan Melvin |
| Week 15, 12/05 |
Term Project Presentations |
|
|
| Week 16, 12/10 |
Term Project Presentations |
Project Final Reports Due
Starting at 9:30am; Pizza will be provided
|
|