| Date |
Topic |
Reading & Notes (tentative) |
Speaker |
| Week 1, 08/31 |
Course overview |
- How to Read an Engineering Research Paper. William G. Griswold. [Link]
- Writing Technical Papers in CS/EE. Henning Schulzrinne. [Link]
- The Elements of Style. Strunk and White. [Link]
|
Fengwei Zhang
[Slides] |
| Week 2, 09/05 |
No Class |
|
|
| Week 2, 09/07 |
Hardware Isolated Execution Environments |
Assigned:
- SoK: A Study of Using Hardware-assisted Isolated Execution Environments for Security. Fengwei Zhang and Hongwei Zhang. In HASP'16. [Link]
Optional:
- Using Hardware Isolated Execution Environments for Securing Systems, Fengwei Zhang, Ph.D. Thesis. [Link]
|
Fengwei Zhang
[Slides] |
| Week 3, 09/12 |
Transparent Malware Analysis I |
Assigned:
- Using Hardware Features for Increased Debugging Transparency. Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang, and Kun Sun. In S&P'15. [Link]
Optional:
- MalGene: Automatic Extraction of Malware Analysis Evasion Signature. Dhilung Kirat and Giovanni Vigna. In CCS'15. [Link]
|
Fengwei Zhang
[Slides] |
| Week 3, 09/14 |
Transparent Malware Analysis II |
Assigned:
- LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis. Chad Spensky, Hongyi Hu, and Kevin Leach. In NDSS'16. [Link]
Optional:
- Evading Android Runtime Analysis via Sandbox Detection. Timothy Vidas and Nicolas Christin. In AsiaCCS'14. [Link]
- BareDroid: Large-Scale Analysis of Android Apps on Real Devices. Simone Mutti, Yanick Fratantonio, Antonio Bianchi, Luca Invernizzi, Jacopo Corbetta, Dhilung Kirat, Christopher Kruegel, Giovanni Vigna. In ACSAC'15. [Link]
|
Guest: Chad Spensky
[Slides] |
| Week 4, 09/19 |
Intel SGX I |
Assigned:
- Intel Software Guard Extensions (Intel SGX) Support for Dynamic Memory Management Inside an Enclave
Frank McKeen, Ilya Alexandrovich, Ittai Anati, Dror Caspi, Simon Johnson, Rebekah Leslie-Hurd, Carlos Rozas. In HASP'16. [Link]
Optional:
- Intel Software Guard Extensions (Intel SGX) Tutorial. In ISCA'15 [Link]
- Intel Software Guard Extensions (Intel SGX) Software Support for Dynamic Memory Allocation Inside an Enclave
Bin (Cedric) Xing, Mark Shanahan, Rebekah Leslie-Hurd. In HASP'16 [Link]
|
Saeid Mofrad
[Slides] |
| Week 4, 09/21 |
Denial of Service (DoS) Attack |
Assigned:
- Catch Me if You Can: A Cloud-Enabled DDoS Defense. Quan Jia, Huangxin Wang, Dan Fleck, Fei Li, Angelos Stavrou, Walter Powell. In ACM DSN'14. [Link]
Optional:
- Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants). Aleksandar Kuzmanovic and Edward W. Knightly. In ACM SIGCOMM'03. [Link]
|
Mikal Fourrier
[Slides] |
| Week 5, 09/26 |
Car Hacking I |
Assigned:
- Lock It and Still Lose It - On the (In)Security of Automotive Remote Keyless Entry Systems. Flavio D. Garcia, David Oswald, Timo Kasper, and Pierre Pavlidès. In UsenixSecurity'16. [Link]
Optional:
- Remote Exploitation of an Unaltered Passenger Vehicle. Charlie Miller and Chris Valasek. In BlackHat USA'15. [Link]
|
Yang Zhang |
| Week 5, 09/28 |
Car Hacking II |
Assigned:
- Fingerprinting Electronic Control Units for Vehicle Intrusion Detection. Kyong-Tak Cho and Kang G. Shin. In UsenixSecurity'16. [Link]
Optional:
- Comprehensive Experimental Analyses of Automotive Attack Surfaces. Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno. In UsenixSecurity'11. [Link]
|
Yang Zhang |
| Week 6, 10/03 |
Ransomware |
Project Proposals Due
Assigned:
- UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. Amin Kharaz, Sajjad Arshad, Collin Mulliner, William Robertson, and Engin Kirda. In UsenixSecurity'16. [Link]
Optional:
- CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. Nolen Scaife, Henry Carter, Patrick Traynor, and Kevin Butler. In ICDCS'16 [Link]
|
Yashar Dehkan Asl
[Slides] |
| Week 6, 10/05 |
Term Project Proposal |
- Proposal Presentations and Discussion
|
|
| Week 7, 10/10 |
Hardware Supported Security |
Assigned:
- CaSE: Cache-Assisted Secure Execution on ARM Processors. Ning Zhang, Kun Sun, and Wenjing Lou, and Y. Thomas Hou. In S&P'16. [Link]
Optional:
- Breaking Kernel Address Space Layout Randomization with Intel TSX. Yeongjin Jang, Sangho Lee, and Taesoo Kim. In CCS'16. [Link]
|
Guest: Dr. Ning Zhang
[Slides] |
| Week 7, 10/12 |
Plausibly Deniable Encryption (PDE) |
Assigned:
- DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A. Gondree, and Zachary N. J. Peterson. In NDSS'15. [Link]
Optional:
- MobiPluto: File System Friendly Deniable Storage for Mobile Devices. Bing Chang, Zhan Wang, Bo Chen, and Fengwei Zhang. In ACSAC'15. [Link]
- Mobiflage: Deniable Storage Encryptionfor Mobile Devices. Adam Skillen and Mohammad Mannan. In NDSS'13 and TDSC'14. [Link]
|
Fengwei Zhang
[Slides] |
| Week 8, 10/17 |
TrustZone on ARM |
Assigned:
- TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens. He Sun, Kun Sun, Yuewu Wang, Jiwu Jing. In CCS'15. [Link]
Optional:
- SKEE: A lightweight Secure Kernel-level Execution Environment for ARM. Ahmed Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang and Peng Ning. In NDSS'16. [Link]
- Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World. Ahmed Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, and Wenbo Shen. In CCS'14. [Link]
|
Fengwei Zhang
[Slides] |
| Week 8, 10/19 |
Semantic Gap, Memory Introspection |
Assigned:
- SPECTRE: A Dependable Introspection Framework via System Management Mode. Fengwei Zhang, Kevin Leach, Kun Sun, and Angelos Stavrou. In DSN'13. [Link]
Optional:
- SoK: Introspections on Trust and the Semantic Gap. Bhushan Jain, Mirza Basim Baig, Dongli Zhang, Donald E. Porter, and Radu Sion. In S&P'14. [Link]
|
Fengwei Zhang
[Slides] |
| Week 9, 10/24 |
Android Security I |
Assigned:
- TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime. Mingshen Sun, Tao Wei, and John C.S. Lui. In CCS'16. [Link]
|
Sudeep Nanjappa Jayakumar
[Slides] |
| Week 10, 10/26 |
Cache Security |
Assigned:
- Cache Games - Bringing Access-Based Cache Attacks on AES to Practice. Endre Bangerter, David Gullasch, and Stephan Krenn. In S&P'11. [Link]
Optional:
- S$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing-and its Application to AES. Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. In S&P'15. [Link]
|
Mikal Fourrier
[Slides] |
| Week 10, 10/31 |
Android Security II |
Assigned:
- Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy. Vitor Afonso, Paulo de Geus, Antonio Bianchi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna, Adam Doupe, and Mario Polino . In NDSS'16. [Link]
|
Sudeep Nanjappa Jayakumar
[Slides] |
| Week 10, 11/02 |
IoT Security |
Assigned:
- FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. In UsenixSecurity'16. [Link]
Optional:
- Security Analysis of Emerging Smart Home Applications. Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. In S&P'16. [Link]
|
Mikal Fourrier
[Slides] |
| Week 11, 11/07 |
Term Project Discussion |
- Working Class for Term Project (Q & A)
|
|
| Week 11, 11/09 |
Intel SGX II |
Assigned:
- SCONE: Secure Linux Containers with Intel SGX. Sergei
Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre
Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran,
Daniel O'Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers,
Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. In OSDI'16.
[Link]
Optional:
- AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves. Nico Weichbrodt, Anil Kurmus, Peter Pietzuch and Rudiger Kapitza. In ESORICS'16. [Link]
|
Saeid Mofrad
[Slides] |
| Week 12, 11/14 |
Systems Security |
- Research Projects in COMPASS lab
|
Guest: Zhengyu Ning |
| Week 12, 11/16 |
Firmware Security |
Assigned:
- A Large-Scale Analysis of the Security of Embedded Firmwares. Andrei Costin, Jonas Zaddach, Aurelien Francillon, and Davide Balzarotti. In UsenixSecurity'14. [Link]
Optional:
- Thunderstrike: EFI firmware bootkits for Apple MacBooks. Trammell Hudson. In 31C3. [Link]
|
Saeid Mofrad
[Slides] |
| Week 13, 11/21 |
BlockChain |
Assigned:
- Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos Papamanthou. In S&P'16. [Link]
Optional:
- On the Security and Performance of Proof of Work Blockchains. Arthur Gervais, Ghassan O. Karame, Karl Wüst, Vasileios Glykantzis, Hubert Ritzdorf and Srdjan Capkun. In CCS'16. [Link]
|
Yashar Dehkan Asl
[Slides] |
| Week 13, 11/25 |
No Class |
|
|
| Week 14, 11/28 |
Android Malware Unpacking |
Assigned:
- AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware. Wenbo Yang; Juanru Li; Bodong Li; Junliang Shu; Wenjun Hu; Yuanyuan Zhang; Dawu Gu. In RAID'15. [Link]
Optional:
- DexHunter: Toward Extracting Hidden Code from Packed Android Applications. Yueqian Zhang, Xiapu Luo, Haoyang Yin. In ESORICS'15. [Link]
|
Sudeep Nanjappa Jayakumar
[Slides] |
| Week 14, 11/30 |
Moving Target Defense |
Assigned:
- Survey of Cyber Moving Targets. H. Okhravi, M.A. Rabe, T.J. Mayberry, W.G. Leonard, T.R. Hobson, D. Bigelow, W.W. Streilein. Technical Report, MIT Lincoln Laboratory, 2013. [Link]
|
Yashar Dehkan Asl
[Slides] |
| Week 15, 12/05 |
Term Project Discussion |
- Working Class for Term Project Demo (Q & A)
|
Fengwei Zhang
[Slides] |
| Week 15, 12/07 |
Term Project Presentations |
|
|
| Week 16, 12/12 |
Term Project Presentations |
Project Final Reports Due
|
|