Course Lecture Plan

Date

Lectures Topics

Speakers & Notes

Reading

Mon 3/31 Class Overview, Overview of Internet Security. Yan

Symantec Internet Security Threat Report, April 2013.

Wed 4/2

Intro to mobile security

Vaibhav
No paper summary needed

Intro to mobile security slides by Prof. Konstantin Beznosov of UBC, Canda.
Tutorial video on Google I/O 2012 - Security and Privacy in Android Apps.
Reference slides: Understanding Android's Security Framework (Tutorial) by W. Enck, and P. McDaniel.

Mon 4/7

Android Permission

[Android_permission]
Zhengyang

Zhang, Yuan, et al. Vetting undesirable behaviors in android apps with permission use analysis, in the Proc. of ACM CCS, 2013.
[Ref] Pandita, Rahul, et al. WHYPER: towards automating risk assessment of mobile applications, in the Proc. of USENIX Security Symposium, 2013.

Wed 4/9

Mobile privacy

[mobile_privacy]
Sinan, Eric J.
Zhou, Xiaoyong, et al. Identity, location, disease and more: inferring your secrets from android public resources, in the Proc. of ACM CCS, 2013.
[Ref]Nadkarni, Adwait, and William Enck. Preventing accidental data disclosure in modern operating systems, in the Proc. of ACM CCS, 2013.
Mon 4/14

Vulnerabilities and malware

[mobile_vulnerability]
David, Sinan

Xing, Luyi, et al. "Upgrading Your Android, Elevating My Malware: Privilege Escalation Through Mobile OS Updating, in Proc. of IEEE Oakland,  2014.
[Ref]Wang, Tielei, et al., Jekyll on iOS: when benign apps become evil, in the Proc. of USENIX Security Symposium, 2013.

Wed 4/16
SSL vulnerabilities in Android apps [SSL in Android]
Steven, Tom C.

Greenwood, David Sounthiraraj Justin Sahs Garret, and Zhiqiang Lin Latifur Khan. "SMV-HUNTER: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps, in the Proc. of NDSS 2014.

 [Ref] Fahl, Sascha, et al., Why Eve and Mallory love Android: An analysis of Android SSL (in) security, in the Proceedings of the ACM CCS, 2012.

Mon 4/21
WWW security background [browser_security]
Yinzhi
No paper summary needed

Browser Security Handbook, part 1 (Basic concepts).

Wed 4/23

Automatic Web Content Isolation

[web_contentIsolation]
Shuangping, Chao

Aaron Blankstein and Michael J. Freedman, Automating Isolation and Least Privilege in Web Services, in Proc. of IEEE Oakland 2014.

[Ref]Adam Doupé, Weidong Cui, Mariusz H. Jakubowski, Marcus Peinado, Christopher Kruegel, Giovanni Vigna, deDacota: Toward Preventing Server-Side XSS via Automatic Code and Data Separation, in the Proc. of CCS 2013.

Mon 4/28

Single Sign-On (SSO) Security

[SSO security]
Kevin, Yuchao

Daniel Fett, Ralf Küsters, Guido Schmitz, An Expressive Model for the Web Infrastructure: Definition and Application to the BrowserID SSO System, in the Proc. of Oakland, 2014.

[Ref] Luyi Xing, Yangyi Chen, XiaoFeng Wang, Shuo Chen, InteGuard: Toward Automatic Protection of Third-Party Web Service Integrations, in the Proc. of NDSS 2013.

Wed 4/30
Web Logic Vulnerability [Web log vulnerability]
Eric J., Yan

Fangqi Sun, Liang Xu and Zhendong Su, "Detecting Logic Vulnerabilities in E-commerce Applications", NDSS 2014.

[Ref]Giancarlo Pellegrino and Davide Balzarotti, Toward Black-Box Detection of Logic Flaws in Web Applications", in the Proc. of NDSS 2014.

Mon 5/5
Midterm proj presentation
Wed 5/7
Mobility meets Web
[mobile Web]
Al, David

Georgiev, Martin, Suman Jana, and Vitaly Shmatikov, Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks, in Proc. of NDSS 2014.
[Ref]Wang, Rui, et al., Unauthorized origin crossing on mobile platforms: Threats and mitigation, in the Proc. of the ACM CCS, 2013.


Mon 5/12

Openflow and SDN Background

[Slides by Shenker]
Yan
[Openflow]
Xitao
No paper summary needed

The Future of Networking, and the Past of Protocols, Scott Shenker (video of talk at Ericsson)

McKeown, Nick, et al., OpenFlow: enabling innovation in campus networks,  ACM SIGCOMM Computer Communication Review 38.2 (2008).
[Ref]Teemu Koponen et al, Onix: A Distributed Control Platform for Large-scale Production Networks, in the Proc. of ACM OSDI, 2010.

Wed 5/14 SDN 2.0
[net_virtual_SDN2.0]
Tom M., Yu

Teemu Koponen, etc., Network Virtualization in Multi-tenant Datacenters, in the Proc. of ACM NSDI, 2014.

[Ref]Scott Shenker, etc., Software-Defined Networking Revisited, paper under submission (emailed to students).


Mon 5/19

Security of SDN
[Sec_of_SDN]
Tommy, Eric L.

Seungwon Shin et al, AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks, in the Proc. of ACM CCS 2013.

[Ref] A security enforcement kernel for OpenFlow networks, Porras, Philip, et al., in the Proc. of the first Workshop on Hot Topics in Software Defined Networks (SDN), ACM, 2012.
Wed 5/21 Security using SDN [SDN for sec]
Hangbin, Yuchao

Seyed Kaveh Fayazbakhsh et al, Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags, in the Proc. of ACM NSDI '14.
[Ref]Zafar Ayyub Qazi et al, SIMPLE-fying Middlebox Policy Enforcement Using SDN, in the Proc. of ACM SIGCOMM 2013.

Mon 5/26
Memorial Day break
Wed 5/28

Network verification

[net_verification]
Dane, Al

Hongyi Zeng et al, Libra: Divide and Conquer to Verify Forwarding Tables in Huge Networks, in the Proc. of ACM NSDI, 2014.

[Ref] Ahmed Khurshid et al, VeriFlow: Verifying Network-Wide Invariants in Real Time, in the Proc. of ACM NSDI, 2013.

Mon 6/2

Final project presentation


Notes: You may find the brochure useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.