| Date |
Topic |
Reading & Notes (tentative) |
Speaker |
| Week 1, 08/30 |
Course overview |
- How to Read an Engineering Research Paper. William G. Griswold. [Link]
- Writing Technical Papers in CS/EE. Henning Schulzrinne. [Link]
- The Elements of Style. Strunk and White. [Link]
|
Fengwei Zhang
[Slides] |
| Week 2, 09/04 |
No Class |
|
|
| Week 2, 09/06 |
Hardware Isolated Execution Environments |
Assigned:
- SoK: A Study of Using Hardware-assisted Isolated Execution Environments for Security. Fengwei Zhang and Hongwei Zhang. In HASP'16. [Link]
Optional:
- Using Hardware Isolated Execution Environments for Securing Systems, Fengwei Zhang, Ph.D. Thesis. [Link]
|
Fengwei Zhang
[Slides] |
| Week 3, 09/11 |
Transparent Malware Analysis on x86 |
Assigned:
- Using Hardware Features for Increased Debugging Transparency. Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang, and Kun Sun. In S&P'15. [Link]
Optional:
- MalGene: Automatic Extraction of Malware Analysis Evasion Signature. Dhilung Kirat and Giovanni Vigna. In CCS'15. [Link]
|
Fengwei Zhang
[Slides] |
| Week 3, 09/13 |
Transportation Security I |
Assigned:
- Green Lights Forever: Analyzing the Security of Traffic Infrastructure. William Beyer, Branden Ghena, Allen Hillaker, Jonathan Pevarnek, and J. Alex Halderman. In WOOT'14. [Link]
Optional:
- Hacking US (and UK, Australia, France, etc.) Traffic Control Systems. Cesar Cerrudo. In IOActive Blog 2014. [Link]
|
Jacob Bednard |
| Week 4, 09/18 |
Transparent Malware Analysis on ARM |
Assigned:
- Ninja: Towards Transparent Tracing and Debugging on ARM. Zhenyu Ning and Fengwei Zhang. In USENIX Security'17. [Link]
Optional:
- Evading Android Runtime Analysis via Sandbox Detection. Timothy Vidas and Nicolas Christin. In AsiaCCS'14. [Link]
- BareDroid: Large-Scale Analysis of Android Apps on Real Devices. Simone Mutti, Yanick Fratantonio, Antonio Bianchi, Luca Invernizzi, Jacopo Corbetta, Dhilung Kirat, Christopher Kruegel, Giovanni Vigna. In ACSAC'15. [Link]
|
Zhenyu Ning
[Slides] |
| Week 4, 09/20 |
Android Security I |
Assigned:
- TBD: A paper from COMPASS Lab
Optional:
- TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime. Mingshen Sun, Tao Wei, and John C.S. Lui. In CCS'16. [Link]
|
Zhenyu Ning
[Slides] |
| Week 5, 09/25 |
Cloud Security |
Assigned:
- Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage. Kevin Leach, Fengwei Zhang, and Westley Weimer. In RAID'17. [Link]
|
Fengwei Zhang
[Slides] |
| Week 5, 09/28 |
Car Hacking I |
Assigned:
- Viden: Attacker Identification on In-Vehicle Networks. Kyong-Tak Cho and Kang G. Shin. In CCS'17. [Link]
Optional:
- Fingerprinting Electronic Control Units for Vehicle Intrusion Detection. Kyong-Tak Cho and Kang G. Shin. In UsenixSecurity'16. [Link]
- Comprehensive Experimental Analyses of Automotive Attack Surfaces. Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno. In UsenixSecurity'11. [Link]
|
Surya Mani
[Slides] |
| Week 6, 10/02 |
Ransomware |
Project Proposals Due
Assigned:
- Redemption: Real-time Protection Against Ransomware at End-Hosts. Amin Kharaz and Engin Kirda. In RAID'17. [Link]
Optional:
- UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. Amin Kharaz, Sajjad Arshad, Collin Mulliner, William Robertson, and Engin Kirda. In UsenixSecurity'16. [Link]
- CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. Nolen Scaife, Henry Carter, Patrick Traynor, and Kevin Butler. In ICDCS'16 [Link]
|
Nicholas Burton
[Slides] |
| Week 6, 10/04 |
Term Project Proposal |
- Proposal Presentations and Discussion
|
|
| Week 7, 10/09 |
Term Project Proposal |
- Proposal Presentations and Discussion
|
|
| Week 7, 10/11 |
Plausibly Deniable Encryption (PDE) |
Assigned:
- DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A. Gondree, and Zachary N. J. Peterson. In NDSS'15. [Link]
Optional:
- MobiPluto: File System Friendly Deniable Storage for Mobile Devices. Bing Chang, Zhan Wang, Bo Chen, and Fengwei Zhang. In ACSAC'15. [Link]
- Mobiflage: Deniable Storage Encryptionfor Mobile Devices. Adam Skillen and Mohammad Mannan. In NDSS'13 and TDSC'14. [Link]
|
Nicholas Burton
[Slides] |
| Week 8, 10/16 |
TrustZone on ARM |
Assigned:
- TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone. Le Guan, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, Trent Jaeger. In MobiSys'17. [Link]
Optional:
- SKEE: A lightweight Secure Kernel-level Execution Environment for ARM. Ahmed Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang and Peng Ning. In NDSS'16. [Link]
- TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens. He Sun, Kun Sun, Yuewu Wang, Jiwu Jing. In CCS'15. [Link]
|
James Kirkland |
| Week 8, 10/18 |
Bitcoin |
Assigned:
- SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies. Joseph Bonneau, Andrew Miller, Jeremy Clark, Arvind Narayanan, Joshua A. Kroll, and Edward W. Felten. In In S&P'15. [Link]
|
Matthew Prigorac
[Slides] |
| Week 9, 10/23 |
Denial of Service (DoS) Attack |
Assigned:
- Catch Me if You Can: A Cloud-Enabled DDoS Defense. Quan Jia, Huangxin Wang, Dan Fleck, Fei Li, Angelos Stavrou, Walter Powell. In ACM DSN'14. [Link]
Optional:
- Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants). Aleksandar Kuzmanovic and Edward W. Knightly. In ACM SIGCOMM'03. [Link]
|
Surya Mani
[Slides] |
| Week 10, 10/25 |
Side-channel Attacks |
Assigned:
- CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management. Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. In USENIX Security'17. [Link]
Optional:
- S$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing-and its Application to AES. Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. In S&P'15. [Link]
|
Matthew Prigorac |
| Week 10, 10/30 |
Android Security II |
Assigned:
- Adaptive Android Kernel Live Patching. Yue Chen, Yulong Zhang, Zhi Wang, Liangzhao Xia, Chenfu Bao, and Tao Wei . In USENIX Security'17. [Link]
|
|
| Week 10, 11/01 |
Term Project |
- Working Class for Term Project
|
|
| Week 11, 11/06 |
IoT Security |
Assigned:
- Security Analysis of Emerging Smart Home Applications. Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. In S&P'16. [Link]
Optional:
- FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. In UsenixSecurity'16. [Link]
|
Surya Mani
[Slides] |
| Week 11, 11/08 |
Big Data and Intel SGX I |
Assigned:
- Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel. In OSDI'16. [Link]
Optional:
- SCONE: Secure Linux Containers with Intel SGX. Sergei
Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre
Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran,
Daniel O'Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers,
Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. In OSDI'16.
[Link]
|
Nicholas Burton
[Slides] |
| Week 12, 11/13 |
Car Hacking II |
Assigned:
- Lock It and Still Lose It - On the (In)Security of Automotive Remote Keyless Entry Systems. Flavio D. Garcia, David Oswald, Timo Kasper, and Pierre Pavlidès. In UsenixSecurity'16. [Link]
Optional:
- Remote Exploitation of an Unaltered Passenger Vehicle. Charlie Miller and Chris Valasek. In BlackHat USA'15. [Link]
|
Jacob Bednard
[Slides] |
| Week 12, 11/15 |
Big Data and Intel SGX II |
Assigned:
- VC3: Trustworthy Data Analytics in the Cloud using SGX. Felix Schuster, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. In S&P'15. [Link]
|
James Kirkland |
| Week 13, 11/20 |
BlockChain |
Assigned:
- Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos Papamanthou. In S&P'16. [Link]
Optional:
- On the Security and Performance of Proof of Work Blockchains. Arthur Gervais, Ghassan O. Karame, Karl Wüst, Vasileios Glykantzis, Hubert Ritzdorf and Srdjan Capkun. In CCS'16. [Link]
|
Matthew Prigorac
[Slides] |
| Week 13, 11/22 |
No Class |
|
|
| Week 14, 11/27 |
Inaudible Voice Attacks |
Assigned:
- DolphinAttack: Inaudible Voice Commands. Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. In CCS'17. [Link]
|
Jacob Bednard
[Slides] |
| Week 14, 11/29 |
Moving Target Defense |
Assigned:
- Survey of Cyber Moving Targets. H. Okhravi, M.A. Rabe, T.J. Mayberry, W.G. Leonard, T.R. Hobson, D. Bigelow, W.W. Streilein. Technical Report, MIT Lincoln Laboratory, 2013. [Link]
|
James Kirkland |
| Week 15, 12/04 |
Term Project Discussion |
- Working Class for Term Project Demo (Q & A)
|
Fengwei Zhang
[Slides] |
| Week 15, 12/06 |
Term Project Presentations |
|
|
| Week 16, 12/11 |
Term Project Presentations |
Project Final Reports Due
Class Lunch at Towers Cafe
|
|