EECS 450 Lectures

Course Lecture Plan

Date	Lectures Topics	Speakers & Notes	Reading
Mon 3/26	Class Overview, Overview of Internet Security.	Yan [ppt]	Symantec Internet Security Threat Report April 2010.
Wed 3/28	Mobile Malcode	[malcode.ppt][botnet.ppt] No paper summary needed.	Taxonomy of Botnet Threats, Trend Micro White Paper, November 2006. [Reference]A Survey of Botnet Technology and Defenses, M. Bailey, et al. in the Proc. of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security.
Mon 4/2	Network-level defense: vulnerability signatures	[IDS.ppt] [Shield&NetShield] Xitao, Yan	Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits, by Helen J. Wang, et al, in the Proc. of ACM SIGCOMM, 2004. [Ref] NetShield: Massive Semantics-based Vulnerability Signature Matching for High-speed Networks , by Z. Li et al, in the Proc. of ACM SIGCOMM, 2010.
Wed 4/4	Vulnerability signature generation	[vulSig_gen.pptx] Xitao, Xin	Towards Automatic Generation of Vulnerability-Based Signatures, by David Brumley, et al, in the Proceedings of the 2006 IEEE Symposium on Security and Privacy.
Mon 4/9	Polymorphic Malware Detection	[PolyMalwareDetect] Connor,Taiyo	Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors. Matt Fredrikson, Somesh Jha, Mihai Christodorescu, Reiner Sailer, Xifeng Yan. IEEE Symposium on Security and Privacy 2010. [Ref] Effective and Efficient Malware Detection at the End Host, by Clemens Kolbitsch, et al, Usenix Security Symposium 2009.
Wed 4/11	WWW security background	[browser_security] Yinzhi No paper summary needed	Browser Security Handbook, part 1 (Basic concepts). Virtual Browser: a Virtualized Browser to Sandbox Third-party JavaScripts with Enhanced Security, by Yinzhi Cao et al, in the Proc. of AsiaCCS, 2012.
Mon 4/16	Web origins and the same origin policy	[gazelle] [XO_JScapabilityLeaks] Jed, Xin	The Multi-Principal OS Construction of the Gazelle Web Browser, Helen Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, and Herman Venter, USENIX Security 2009. [Ref]Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense, Adam Barth, Joel Weinberger, and Dawn Song, USENIX Security 2009.
Wed 4/18	(Combined with 4/16 class) Cross-site Scripting Attacks (XSS)	[scriptGuard] [systematicXSSsanitization] Jonathan, William	ScriptGard: Automatic Context-Sensitive Sanitization for Large-Scale Legacy Web Applications, by Prateek Saxena, et al, in the Proc. of ACM CCS 2011. [Ref] A Systematic Analysis of XSS Sanitization in Web Application Frameworks, by Joel Weinberger, et al, in the Proc. of ESORICS 2011.
Mon 4/23	Cross-site request forgery (CSRF) Attacks	[CSRFDefense.pdf] [CSDFclientDefense] Connor, Xiang	A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications, by Riccardo Pelizzi, and R Sekar. in thet Proc. of ACSAC 2011. [Ref] Automatic and Precise Client-Side Protection against CSRF Attacks, by Philippe De Ryck, et al, in the Proc. of Esorics, 2011.
Wed 4/25	Heap Spraying Attacks	[Rozzle][Zozzle] Xiang, Yinzhi	Rozzle: De-Cloaking Internet Malware, by Clemens Kolbitsch, et al, in the Proc. of IEEE Symposium on Security and Privacy, 2012. [Ref] ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection, by Charlie Curtsinger, et al., in the Proc. of USENIX Security, 2011.
Mon 4/30	Midterm project presentation [Social Network Security][NIPS and Vulnerability Signatures] [Android Security] [Web Security]
Wed 5/2	Smartphone security and privacy background.	[TaintDroid.pdf] Vaibhav No paper summary is needed.	Mobile Application Security on Android, by Jesse Burns at Black Hat 2009. Reference slides: Understanding Android's Security Framework (Tutorial) by W. Enck, and P. McDaniel. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, by William Enck et al. in Proc. of the USENIX OSDI, 2010.
Mon 5/7	Smartphone Malware	[droidRanger.pdf] Jed, Jonathon	Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets, by Yajin Zhou, et al, in the Proc. of the NDSS 2012. [Ref] A Survey of Mobile Malware in the Wild, Adrienne Porter Felt et al, ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2011 (ref slides).
Wed 5/9	Smartphone Capability Leaks	[woodpecker.pdf] William, Shaker	Systematic Detection of Capability Leaks in Stock Android Smartphones. by Michael Grace, et al, in the Proc. of the NDSS 2012. [Ref] Permission Re-Delegation: Attacks and Defenses, by Adrienne Porter Felt, et al., in the Proc. of USENIX Security Symposium, 2011. (Reference talk slides).
Mon 5/14	Online Social Network Security Background	[socialNetworkSec] Hongyu No paper summary is needed.	Towards Online Spam Detection in Social Networks, by Hongyu Gao et al., in the Proc. of NDSS 2012 [Ref] Security Issues in Online Social Networks, by Hongyu Gao, et. al, in IEEE Internet Computing, Volume 15, Issue 4, 2011.
Wed 5/16	OSN Spam	[twitterSpam_imc2011] [twitterSpam_ccs2010] Dan, Shaker	Suspended Accounts in Retrospect: An Analysis of Twitter Spam, by Kurt Thomas, et. al. in the Proc. of ACM SIGCOMM IMC, 2011. [Ref] @spam: The Underground on 140 Characters or Less, by Grier, et. al, in the Proc. of ACM CCS, 2010.
Mon 5/21	OSN Privacy	[hummingbird] [OSNprivacy_ndss12] Dan, Hongyu	Hummingbird: Privacy at the time of Twitter, by Emiliano De Cristofaro, et. al. in the Proc. of IEEE Symposium on S&P (Oakland), 2012. [Ref] You are what you like! Information leakage through users' Interests, by Abdelberi Chaabane, et. al., in the Proc. of NDSS, 2012.
Wed 5/23	Merged with the 5/30 class
Mon 5/28	No class due to Memorial Day.
Wed 5/30	Project presentation.

Notes: You may find the brochure useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.