Course Lecture Plan


Lectures Topics

Speakers & Notes


Mon 1/5

Class Overview, Overview of Internet Security.


Symantec Internet Security Threat Report, April 2014.

Wed 1/7

Intro to Mobile Security

No paper summary needed

Intro to mobile security slides by Prof. Konstantin Beznosov of UBC, Canda.
Tutorial video on Google I/O 2012 - Security and Privacy in Android Apps.
Reference slides: Understanding Android's Security Framework (Tutorial) by W. Enck, and P. McDaniel.

Mon 1/12

App Instrumentation and MDM/MAM

Zhengyang and Yan

MDM and MAM 101: Take the Next Step in your Mobility Strategy, talk by Citrix
FireDroid: hardening security in almost-stock Android. in the Proc. of the 29th Annual Computer Security Applications Conference. ACM, 2013.

Wed 1/14

Building Android Security

Yang and Ben

Stephan Heuser, Adwait Nadkarni, William Enck, and Ahmad-Reza Sadeghi,  ASM: A Programmable Interface for Extending Android Security, in Usenix Security 2014.
[Ref] Sven Bugiel, Stephan Heuser and Ahmad-Reza Sadeghi. Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies, in Usenix Security 2013.

Wed 1/21

Inter-app Security

Boyu and Tai-Won

Tongxin Li, Xiaoyong Zhou, Luyi Xing, Yeonjoon Lee, Muhammad Naveed, Xiaofeng Wang and Xinhui Han Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services, in CCS 2014.
[Ref] Eric Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher and Patrick Tague. OAuth Demystified for Mobile Application Developers, in CCS 2014.

Mon 1/26

Access Control

[mobile access]
Rehan and Tai-Won

Soteris Demetriou, Xiaoyong Zhou, Muhammad Naveed, Yeonjoon Lee, Kan Yuan, Xiaofeng Wang, and Carl A. Gunter. What's in Your Dongle and Bank Account's Mandatory and Discretionary Protection of Android External Resources, in NDSS 2015 (emailed to students).
[Ref] M. Naveed, X. Zhou, S. Demetriou, X. Wang and C. Gunter. Inside Job: Understanding and Mitigating the Threat of External Device Misbinding on Android, in NDSS 2014.

Wed 1/28

Mobile code obfuscation

Cyrus and Emre
No paper summary is needed

Towards understanding the Android app obfuscation (Zhengyang will give the talk)
[Ref] Hannes Schulz, Automated De-Obfuscation of Android Bytecode, Master thesis.

Mon 2/2

Mobile Meets Web

Emre and Yang

Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin and Gautam Nagesh Peri. Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation, in CCS 2014.
[Ref] Martin Georgiev, Suman Jana, and Vitaly Shmatikov. Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks, in NDSS 2014

Wed 2/4

Malicious advertisements

Boyu and Ben

Zhou Li, Kehuan Zhang, Yinglian Xie, Fang Yu, and XiaoFeng Wang. Knowing your enemy: understanding and detecting malicious web advertising., in CCS 2012.
[Ref] Apostolis Zarras, Alexandros Kapravelos, Gianluca Stringhini, Thorsten Holz, Christopher Kruegel, and Giovanni Vigna. The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements., in IMC 2014.

Mon 2/9

iOS security

[iOS Sec]
Cyrus and Rehan

Tielei Wang, Yeongjin Jang, Yizheng Chen, Simon Chung, Billy Lau, and Wenke Lee, On the Feasibility of Large-Scale Infections of iOS Device, in USENIX Security 2014.
[Ref] Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee, Jekyll on iOS: When Benign Apps Become Evil, in USENIX Security 2013.

Wed 2/11
Midterm proj presentation
Mon 2/16

Openflow and SDN Background
[Slides by Shenker]
No paper summary needed

The Future of Networking, and the Past of Protocols, Scott Shenker (video of talk at Ericsson)

How SDN will Shape Networking, talk by Nick McKeown at Open Network Summit, 2011.

McKeown, Nick, et al., OpenFlow: enabling innovation in campus networks,  ACM SIGCOMM Computer Communication Review 38.2 (2008).
[Ref]Teemu Koponen et al, Onix: A Distributed Control Platform for Large-scale Production Networks, in the Proc. of ACM OSDI, 2010.

Wed 2/18

Network Virtualization
No paper summary is needed

Xin Jin, etc. CoVisor: A Compositional Hypervisor for Software-Defined Networks. to appear USENIX NSDI’15 (emailed to students).

[Ref] Teemu Koponen, etc., Network Virtualization in Multi-tenant Datacenters, in the Proc. of ACM NSDI, 2014.
[Ref talk] Google's experience with Software Defined Network Function Virtualization at Scale, by Amin Vadhat, ONS 2014 Keynote.

Mon 2/23 Network Verification
 Qi and Sisi

Ahmed Khurshid et al, VeriFlow: Verifying Network-Wide Invariants in Real Time, in the Proc. of ACM NSDI, 2013.

[Ref] Hongyi Zeng et al, Libra: Divide and Conquer to Verify Forwarding Tables in Huge Networks, in the Proc. of ACM NSDI, 2014.

Wed 2/25

SDN Control-plane Security
SDNShield: Application Access Control for OpenFlow Controllers, in submission (emailed to students).
[Ref] Phillip Porras, etc. Securing the Software-Defined Network Control Layer, In NDSS'15
Mon 3/2 SDN Data-plane Security Yuqing and Sisi
Seungwon Shin et al, AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks, in the Proc. of ACM CCS 2013.
[Ref] Hesham Mekky, etc., Application-aware Data Plane Processing in SDN, ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN), 2014

Wed 3/4 SDN Middlebox Security  Qi and Yuqing
Seyed Kaveh Fayazbakhsh et al, Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags, in the Proc. of ACM NSDI '14.
[Ref]Zafar Ayyub Qazi et al, SIMPLE-fying Middlebox Policy Enforcement Using SDN, in the Proc. of ACM SIGCOMM 2013.
Mon 3/9
Merged with Wed class for 2 hour presentation.

Wed 3/11

Final project presentation

Notes: You may find the brochure useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.
Backup papers:
Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaekc, Dave Tian and Kevin Butler. Securing SSL Certificate Verification through Dynamic Linking, in CCS 2014.
[Ref] M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov. The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software, in CCS 2012.