Course Lecture Plan


Lectures Topics

Speakers & Notes


Mon 3/29

Class overview, overview of Internet security.

Yan [ppt]

Symantec Internet Security Threat Report April 2009.

Wed 3/31

Web 2.0 and its diagnosis



No paper summary needed.

WebProphet: Automating Performance Prediction for Web Services, Zhichun Li, Ming Zhang, Zhaosheng Zhu, Yan Chen, Albert Greenberg and Yi-Min Wang, USENIX/ACM NSDI 2010

Mon 4/5

Diagnosis of distributed systems

Jingnan, Tuo


Automating Network Application Dependency Discovery: Experiences, Limitations, and New Solutions, by Xu Chen, Ming Zhang, Z. Morley Mao, Victor Bahl, OSDI 2008. Reference slides by Ming Zhang is here.

[Ref] X-Trace: A Pervasive Network Tracing Framework, Rodrigo Fonseca, George Porter, Randy Katz, Scott Shenker, Ion Stoica, ACM NSDI 2007. (presentation available in mp3 format).

Wed 4/7

Mobile malcode


Taxonomy of Botnet Threats, Trend Micro White Paper, November 2006.

[Reference]A Survey of Botnet Technology and Defenses, M. Bailey, et al. in the Proc. of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

Mon 4/12

World Wide Web vulnerability analysis

Brett, Tyler [ppt]

Vulnerability Analysis of Web-Based Applications, Marco Cova, Viktoria Felmetsger, Giovanni Vigna, Chapter in ``Test and Analysis of Web Services" Springer, September 2007.

Wed 4/14

WWW vulnerability analysis cont'd



Main paper same as above.

[Ref] Multi-Module Vulnerability Analysis of Web-based Applications. ACM CCS 2007.

Mon 4/19

Browser vulnerability defense



BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML Charles Reis, et al, Usenix OSDI, 2006.

Wed 4/21

Web app vulnerability discovery

[pdf, and complementary ppt]

State of the Art: Automated Black-Box Web Application Vulnerability Testing, Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell, Oakland, 2010.

Mon 4/26

Web origin policy



The Multi-Principal OS Construction of the Gazelle Web Browser, Helen Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, and Herman Venter, USENIX Security 2009.

[Ref]Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense, Adam Barth, Joel Weinberger, and Dawn Song, USENIX Security 2009.

Wed 4/28

JavaScript security policy



ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser, IEEE Symposium on Security and Privacy, 2010.

[Ref]Object Views: Fine-Grained Sharing in Browsers, Leo Meyerovich, and Adrienne Felt WWW 2010.

Mon 5/3

Midterm project presentation
[Android Security] [Social Network Security Survey] [Web Origin Security] [UltraPAC]

Wed 5/5

Web browser access control



On the Incoherencies in Web Browser Access Control Policies, Kapil Singh, Alexander Moshchuk, Helen J. Wang, and Wenke Lee, IEEE Symposium on Security and Privacy, 2010.

Mon 5/10

Mobile System Security

Ted, Tyler


Mobile Application Security on Android, by Jesse Burns at Black Hat 2009.

Reference slides: Understanding Android's Security Framework (Tutorial) by W. Enck, and P. McDaniel.

Wed 5/12

Mobile System Security

Ted, Tyler



On Lightweight Mobile Phone Application Certification, W. Enck, M. Ongtang, and P. McDaniel, ACM CCS 2009.

[Ref] Apex: extending Android permission model and enforcement with user-defined runtime constraints, M. Nauman, S. Khan, and X. Zhang, ACM ASIACCS 2010.

Mon 5/17

Social Network Security/Measurement

Tuo, Jun


Social Honeypots: Making Friends With A Spammer Near You, Steve Webb, J. Caverlee, and C. Pu, ACM CEAS 2008.

[Ref]Characterizing User Behavior in Online Social Networks, F. Benevenuto et al, ACM IMC 2009.

Wed 5/19

Social Network Privacy

Jun, Jingnan

xBook: Redesigning Privacy Control in Social Networking Platforms, by Singh, et. al., USENIX Security Symposium 2009.

[Ref] Persona: An Online Social Network with User-Defined Privacy, R. Baden, et al, SIGCOMM 2009.

Mon 5/24



Outside the Closed World: On Using Machine Learning For Network Intrusion Detection, Robin Sommer and Vern Paxson, in IEEE Symposium of Security and Privacy, 2010.

Wed 5/26

Project presentation

Mon 5/31

No class due to Memorial Day.

Wed 6/2

Project presentation, cont`d

Notes: You may find the brochure useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.