|
Date |
Lectures Topics |
Speakers & Notes |
Reading |
| Mon 1/7 | Class Overview, Overview of Internet Security. | Yan |
Symantec Internet Security Threat Report, April 2012. |
| Wed 1/9 | WWW security background | [browser_security] Yinzhi No paper summary needed |
|
| Mon 1/14 | Web origins and the same origin policy | [flowfox][gazelle] Xiang |
FlowFox:
a Web Browser with Flexible and Precise Information
Flow Control, Willem De Groef, Dominique Devriese,
Nick Nikiforakis and Frank Piessens, CCS 2012.
[Ref] The Multi-Principal OS Construction of the Gazelle Web Browser, Helen Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, and Herman Venter, USENIX Security 2009. |
| Wed 1/16 | Clickjacking |
|
Clickjacking:
Attacks and Defenses, Lin-Shung Huang, Alex
Moshchuk, Helen J. Wang, and Stuart Schechter, USENIX
Security 2012
[Ref] A
solution for the automated detection of clickjacking
attacks, Marco Balduzzi, Manuel Egele, Engin
Kirda, Davide Balzarotti and Christopher Kruegel,
AsiaCCS 2010
|
|
Mon 1/21 |
No class due to MLK Day. |
||
|
Wed 1/23 |
Single Sign-On (SSO) Security |
[SSO] |
Signing
Me onto Your Accounts through Facebook and Google: a
Traffic-Guided Security Study of Commercially Deployed
Single-Sign-On Web Services, Rui Wang, Shuo Chen,
and XiaoFeng Wang, IEEE Symposium on Security &
Privacy, 2012 |
|
Mon 1/28 |
Openflow Background |
[Openflow] Xitao |
OpenFlow:
enabling innovation in campus networks, McKeown,
Nick, et al., ACM SIGCOMM Computer Communication Review
38.2 (2008). [Ref]NOX: towards an operating system for networks, Gude, Natasha, et al., ACM SIGCOMM Computer Communication Review 38.3 (2008). |
|
Wed 1/30 |
SDN Background |
[Slides
by Shenker] Yan |
The Future of Networking, and the
Past of Protocols, Scott Shenker (video
of talk at Ericsson) |
|
Mon 2/4 |
OpenFlow Security Services |
[OF Sec
Services] Stephen Chao |
FRESCO:
Modular Composable Security Services for
Software-Defined Networks, Shin, Seugwon, et al., in
the Network and Distributed System Security Symposium,
(NDSS), 2013. [Ref] A security enforcement kernel for OpenFlow networks, Porras, Philip, et al., in the Proc. of the first Workshop on Hot Topics in Software Defined Networks (SDN), ACM, 2012. |
|
Wed 2/6 |
OpenFlow App Testing | [OF App
Testing] Stephen Chao |
A NICE Way to Test OpenFlow Applications, by Canini, Marco, et al., in the Proc. of NSDI, 2012. |
|
Mon 2/11 |
Midterm project presentation |
||
|
Wed 2/13 |
Secure Web Infrastructure |
[
DarkWeb] Chris |
Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures, in Proc. of Symposiumof IEEE Security & Privacy, 2013. |
|
Mon 2/18 |
Embedded System Security |
[Embedded
Sys Sec] Titi |
When
Firmware Modifications Attack: A Case Study of Embedded
Exploitation, Ang Cui, Michael Costello and
Salvatore J. Stolfo, in NDSS 2013. |
|
Wed 2/20 |
Embedded Medical System Security
|
[Medical
Sys Sec] Jon |
They
Can Hear Your Heartbeats: Non-Invasive Security for
Implanted Medical Devices Gollakota et al., in the
Proc. of ACMSIGCOMM 2011. [Ref]A Quantitative Analysis of the Insecurity of Embedded Network Devices: Results of a Wide-Area Scan, Ang Cui and Salvatore J. Stolfo, in ACSAC 2010. |
|
Mon 2/25 |
Crypto &
Authentication background |
[crypto][authentication] Yan |
|
|
Wed 2/27 |
SSL/HTTPS | [TLS&SSL] Zhengyang |
SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements, in Proc. of Symposiumof IEEE Security & Privacy, 2013. |
|
Mon 3/4 |
Android Background |
Vaibhav |
Reference slides: Understanding
Android's Security Framework (Tutorial) by W.
Enck, and P. McDaniel. |
|
Wed 3/6 |
Android Permission I |
[Android_permission] |
A
methodology for empirical analysis of
permission-based security models and its
application to android.", by Barrera,
David, et al., in the Proc. of the
ACM CCS 2010. |
| Mon 3/11 | Android Permission II &
Proj presenation I |
[pscout] Zhengyang Peng |
PScout:
Analyzing the Android Permission Specification, by
Au et al., in the Proc. of the ACM Conference on Computer
and communications security (CCS), 2012. |
| Wed 3/13 |
Project presentation II |
||
Notes: You may find the brochure useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.