Date |
Lectures Topics |
Speakers & Notes |
Reading |
Mon 1/5 |
Class Overview, Overview of Internet Security. |
Yan |
Symantec Internet Security Threat Report, April 2014. |
Wed 1/7 |
Intro to Mobile Security |
Vaibhav |
Intro to mobile security slides by Prof.
Konstantin Beznosov of UBC, Canda. |
Mon 1/12 |
App Instrumentation and MDM/MAM |
[FireDroid] |
MDM and MAM 101: Take the Next Step in your Mobility Strategy, talk by Citrix FireDroid: hardening security in almost-stock Android. in the Proc. of the 29th Annual Computer Security Applications Conference. ACM, 2013. |
Wed 1/14 |
Building Android Security |
[ASM] Yang and Ben |
Stephan Heuser, Adwait Nadkarni, William Enck, and
Ahmad-Reza Sadeghi,
ASM: A Programmable Interface for Extending Android
Security, in Usenix Security 2014. |
Wed 1/21 |
Inter-app Security |
[Mayhem] Boyu and Tai-Won |
Tongxin Li, Xiaoyong Zhou, Luyi Xing, Yeonjoon Lee,
Muhammad Naveed, Xiaofeng Wang and Xinhui Han
Mayhem in the Push Clouds: Understanding and
Mitigating Security Hazards in Mobile Push-Messaging
Services, in CCS 2014. |
Mon 1/26 |
Access Control |
[mobile
access] Rehan and Tai-Won |
Soteris Demetriou, Xiaoyong Zhou, Muhammad Naveed,
Yeonjoon Lee, Kan Yuan, Xiaofeng Wang, and Carl A.
Gunter. What's in Your Dongle and Bank Account's
Mandatory and Discretionary Protection of Android
External Resources, in NDSS 2015 (emailed to students). |
Wed 1/28 |
Mobile code obfuscation |
[MobileObfuscation] Zhengyang, [obfuscation_bg] Cyrus and Emre No paper summary is needed |
Towards understanding the Android app obfuscation
(Zhengyang will give the talk) |
Mon 2/2 |
Mobile Meets Web |
[HybridAppSec] Emre and Yang |
Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng
Yin and Gautam Nagesh Peri.
Code Injection Attacks on HTML5-based Mobile Apps:
Characterization, Detection and Mitigation, in CCS
2014. |
Wed 2/4 |
Malicious advertisements |
[Malvertisement] Boyu and Ben |
Zhou Li, Kehuan Zhang, Yinglian Xie, Fang Yu, and
XiaoFeng Wang. Knowing
your enemy: understanding and detecting malicious web
advertising., in CCS 2012. |
Mon 2/9 |
iOS security |
[iOS
Sec] Cyrus and Rehan |
Tielei Wang, Yeongjin Jang, Yizheng Chen, Simon Chung,
Billy Lau, and Wenke Lee, On
the Feasibility of Large-Scale Infections of iOS
Device, in USENIX Security 2014. |
Wed 2/11 |
Midterm proj presentation |
||
Mon 2/16 |
Openflow and SDN Background |
[Slides
by Shenker] Yan [Openflow] Xitao No paper summary needed |
The Future of Networking, and the
Past of Protocols, Scott Shenker (video
of talk at Ericsson) How
SDN will Shape Networking, talk by Nick McKeown at
Open Network Summit, 2011. McKeown, Nick, et al., OpenFlow:
enabling innovation in campus networks, ACM
SIGCOMM Computer Communication Review 38.2 (2008). |
|
Network Virtualization |
[NetVirIntroduction] [NVP][CoVisor] Xitao No paper summary is needed |
Xin Jin, etc. CoVisor: A Compositional Hypervisor for Software-Defined Networks. to appear USENIX NSDI’15 (emailed to students). [Ref] Teemu Koponen, etc., Network
Virtualization in Multi-tenant Datacenters, in the
Proc. of ACM NSDI, 2014. |
Mon 2/23 | Network Verification |
[NetVerification] Qi and Sisi |
Ahmed Khurshid et al, VeriFlow:
Verifying Network-Wide Invariants in Real Time, in
the Proc. of ACM NSDI, 2013.
|
|
SDN Control-plane
Security |
Xitao |
SDNShield: Application Access Control for OpenFlow
Controllers, in submission (emailed to students). [Ref] Phillip Porras, etc. Securing the Software-Defined Network Control Layer, In NDSS'15 |
Mon 3/2 | SDN Data-plane Security | Yuqing and Sisi |
Seungwon Shin et al, AVANT-GUARD:
Scalable and Vigilant Switch Flow Management in
Software-Defined Networks, in the Proc. of ACM CCS
2013. [Ref] Hesham Mekky, etc., Application-aware Data Plane Processing in SDN, ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN), 2014 |
Wed 3/4 | SDN Middlebox Security | Qi and Yuqing |
|
Mon 3/9 |
Merged with Wed class for 2 hour presentation. |
||
Wed 3/11 |
Final project presentation |
Notes: You may
find the brochure useful: Efficient
reading of papers in Science and Technology by Michael
J. Hanson, 1990, revised 2000 Dylan McNamee.
Backup papers:
Adam Bates, Joe Pletcher, Tyler Nichols, Braden
Hollembaekc, Dave Tian and Kevin Butler. Securing SSL
Certificate Verification through Dynamic Linking, in CCS
2014.
[Ref] M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh,
and V. Shmatikov. The
Most Dangerous Code in the World: Validating SSL Certificates
in Non-Browser Software, in CCS 2012.