Course Lecture Plan


Lectures Topics

Speakers & Notes


Mon 1/7 Class Overview, Overview of Internet Security. Yan

Symantec Internet Security Threat Report, April 2012.

Wed 1/9 WWW security background [browser_security]
No paper summary needed

Browser Security Handbook, part 1 (Basic concepts).

Mon 1/14 Web origins and the same origin policy
FlowFox: a Web Browser with Flexible and Precise Information Flow Control, Willem De Groef, Dominique Devriese, Nick Nikiforakis and Frank Piessens, CCS 2012.
[Ref] The Multi-Principal OS Construction of the Gazelle Web Browser, Helen Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, and Herman Venter, USENIX Security 2009.
Wed 1/16 Clickjacking
Yiyang & Xiang

Clickjacking: Attacks and Defenses, Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, and Stuart Schechter, USENIX Security 2012
[Ref] A solution for the automated detection of clickjacking attacks, Marco Balduzzi, Manuel Egele, Engin Kirda, Davide Balzarotti and Christopher Kruegel, AsiaCCS 2010

Mon 1/21

No class due to MLK Day.

Wed 1/23

Single Sign-On (SSO) Security


Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services, Rui Wang, Shuo Chen, and XiaoFeng Wang, IEEE Symposium on Security & Privacy, 2012

Mon 1/28

Openflow Background

OpenFlow: enabling innovation in campus networks, McKeown, Nick, et al., ACM SIGCOMM Computer Communication Review 38.2 (2008).
[Ref]NOX: towards an operating system for networks, Gude, Natasha, et al.,  ACM SIGCOMM Computer Communication Review 38.3 (2008).

Wed 1/30

SDN Background

[Slides by Shenker]

The Future of Networking, and the Past of Protocols, Scott Shenker (video of talk at Ericsson)
[Ref]Fabric: A Retrospective on Evolving SDN, Martěn Casado, Teemu Koponen, Scott Shenker, Amin Tootoonchian, HotSDN 2012

Mon 2/4

OpenFlow Security Services
[OF Sec Services]
FRESCO: Modular Composable Security Services for Software-Defined Networks, Shin, Seugwon, et al., in the Network and Distributed System Security Symposium, (NDSS), 2013.
[Ref] A security enforcement kernel for OpenFlow networks, Porras, Philip, et al., in the Proc. of the first Workshop on Hot Topics in Software Defined Networks (SDN), ACM, 2012.

Wed 2/6

OpenFlow App Testing [OF App Testing]
A NICE Way to Test OpenFlow Applications, by Canini, Marco, et al., in the Proc. of NSDI, 2012.

Mon 2/11

Midterm project presentation

Wed 2/13

Secure Web Infrastructure

[ DarkWeb]
Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures, in Proc. of Symposiumof IEEE Security & Privacy, 2013.

Mon 2/18

Embedded System Security

[Embedded Sys Sec]
When Firmware Modifications Attack: A Case Study of Embedded Exploitation, Ang Cui, Michael Costello and Salvatore J. Stolfo, in NDSS 2013.

Wed 2/20

Embedded Medical System Security

[Medical Sys Sec]
They Can Hear Your Heartbeats: Non-Invasive Security for Implanted Medical Devices Gollakota et al., in the Proc. of ACMSIGCOMM 2011.
[Ref]A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-Area Scan, Ang Cui and Salvatore J. Stolfo, in ACSAC 2010.

Mon 2/25

Crypto & Authentication background

Wed 2/27

SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements, in Proc. of Symposiumof IEEE Security & Privacy, 2013.

Mon 3/4

Android Background


Reference slides: Understanding Android's Security Framework (Tutorial) by W. Enck, and P. McDaniel.
Tutorial video on Google I/O 2012 - Security and Privacy in Android Apps.

Wed 3/6

Android Permission I


A methodology for empirical analysis of permission-based security models and its application to android.", by Barrera, David, et al., in the Proc. of the ACM CCS 2010.
[Ref] Android Permissions Demystified, by Adrienne Porter Felt,etc. in the Proc. of ACM CCS, 2011.

Mon 3/11 Android Permission II & Proj presenation I
PScout: Analyzing the Android Permission Specification, by Au et al., in the Proc. of the ACM Conference on Computer and communications security (CCS), 2012.

Wed 3/13

Project presentation II

Notes: You may find the brochure useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.