Date

Lectures Topics

Speakers & Notes

Reading

Mon 1/5

Class Overview, Overview of Internet Security.

Yan

Symantec Internet Security Threat Report, April 2014.

Wed 1/7

Intro to Mobile Security

Vaibhav
No paper summary needed

Intro to mobile security slides by Prof. Konstantin Beznosov of UBC, Canda.
Tutorial video on Google I/O 2012 - Security and Privacy in Android Apps.
Reference slides: Understanding Android's Security Framework (Tutorial) by W. Enck, and P. McDaniel.

Mon 1/12

App Instrumentation and MDM/MAM

[FireDroid]
Zhengyang and Yan

Wed 1/14

Building Android Security

Stephan Heuser, Adwait Nadkarni, William Enck, and Ahmad-Reza Sadeghi,  ASM: A Programmable Interface for Extending Android Security, in Usenix Security 2014.
[Ref] Sven Bugiel, Stephan Heuser and Ahmad-Reza Sadeghi. Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies, in Usenix Security 2013.

Wed 1/21

Inter-app Security

Tongxin Li, Xiaoyong Zhou, Luyi Xing, Yeonjoon Lee, Muhammad Naveed, Xiaofeng Wang and Xinhui Han Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services, in CCS 2014.
[Ref] Eric Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher and Patrick Tague. OAuth Demystified for Mobile Application Developers, in CCS 2014.

Mon 1/26

Access Control

Soteris Demetriou, Xiaoyong Zhou, Muhammad Naveed, Yeonjoon Lee, Kan Yuan, Xiaofeng Wang, and Carl A. Gunter. What's in Your Dongle and Bank Account's Mandatory and Discretionary Protection of Android External Resources, in NDSS 2015 (emailed to students).
[Ref] M. Naveed, X. Zhou, S. Demetriou, X. Wang and C. Gunter. Inside Job: Understanding and Mitigating the Threat of External Device Misbinding on Android, in NDSS 2014.

Wed 1/28

Mobile code obfuscation

Towards understanding the Android app obfuscation (Zhengyang will give the talk)
[Ref] Hannes Schulz, Automated De-Obfuscation of Android Bytecode, Master thesis.

Mon 2/2

Mobile Meets Web

Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin and Gautam Nagesh Peri. Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation, in CCS 2014.
[Ref] Martin Georgiev, Suman Jana, and Vitaly Shmatikov. Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks, in NDSS 2014

Wed 2/4

Malicious advertisements

Zhou Li, Kehuan Zhang, Yinglian Xie, Fang Yu, and XiaoFeng Wang. Knowing your enemy: understanding and detecting malicious web advertising., in CCS 2012.
[Ref] Apostolis Zarras, Alexandros Kapravelos, Gianluca Stringhini, Thorsten Holz, Christopher Kruegel, and Giovanni Vigna. The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements., in IMC 2014.

Mon 2/9

iOS security

Tielei Wang, Yeongjin Jang, Yizheng Chen, Simon Chung, Billy Lau, and Wenke Lee, On the Feasibility of Large-Scale Infections of iOS Device, in USENIX Security 2014.
[Ref] Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee, Jekyll on iOS: When Benign Apps Become Evil, in USENIX Security 2013.

The Future of Networking, and the Past of Protocols, Scott Shenker (video of talk at Ericsson)

How SDN will Shape Networking, talk by Nick McKeown at Open Network Summit, 2011.

McKeown, Nick, et al., OpenFlow: enabling innovation in campus networks,  ACM SIGCOMM Computer Communication Review 38.2 (2008).
[Ref]Teemu Koponen et al, Onix: A Distributed Control Platform for Large-scale Production Networks, in the Proc. of ACM OSDI, 2010.

Wed 2/18

Xin Jin, etc. CoVisor: A Compositional Hypervisor for Software-Defined Networks. to appear USENIX NSDI’15 (emailed to students).

[Ref] Teemu Koponen, etc., Network Virtualization in Multi-tenant Datacenters, in the Proc. of ACM NSDI, 2014.
[Ref talk] Google's experience with Software Defined Network Function Virtualization at Scale, by Amin Vadhat, ONS 2014 Keynote.

Ahmed Khurshid et al, VeriFlow: Verifying Network-Wide Invariants in Real Time, in the Proc. of ACM NSDI, 2013.

Wed 2/25

Final project presentation