Date

Lectures Topics

Speakers & Notes

Reading

Mon 3/29

Class overview, overview of Internet security.

Yan [ppt]

Symantec Internet Security Threat Report April 2009.

Wed 3/31

Web 2.0 and its diagnosis

Zhichun

[ppt]

No paper summary needed.

Mon 4/5

Diagnosis of distributed systems

Jingnan, Tuo

[ppt]

Automating Network Application Dependency Discovery: Experiences, Limitations, and New Solutions, by Xu Chen, Ming Zhang, Z. Morley Mao, Victor Bahl, OSDI 2008. Reference slides by Ming Zhang is here.

[Ref] X-Trace: A Pervasive Network Tracing Framework, Rodrigo Fonseca, George Porter, Randy Katz, Scott Shenker, Ion Stoica, ACM NSDI 2007. (presentation available in mp3 format).

Wed 4/7

Mobile malcode

Daniel
[ppt]

Taxonomy of Botnet Threats, Trend Micro White Paper, November 2006.

[Reference]A Survey of Botnet Technology and Defenses, M. Bailey, et al. in the Proc. of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

Mon 4/12

World Wide Web vulnerability analysis

Brett, Tyler [ppt]

Vulnerability Analysis of Web-Based Applications, Marco Cova, Viktoria Felmetsger, Giovanni Vigna, Chapter in ``Test and Analysis of Web Services" Springer, September 2007.

Wed 4/14

WWW vulnerability analysis cont'd

Brett

[ppt]

Main paper same as above.

[Ref] Multi-Module Vulnerability Analysis of Web-based Applications. ACM CCS 2007.

Mon 4/19

Browser vulnerability defense

Yi

[ppt]

BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML Charles Reis, et al, Usenix OSDI, 2006.

Wed 4/21

Web app vulnerability discovery

Daniel
[pdf, and complementary ppt]

State of the Art: Automated Black-Box Web Application Vulnerability Testing, Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell, Oakland, 2010.

Mon 4/26

Web origin policy

Vaibhav

[ppt]

The Multi-Principal OS Construction of the Gazelle Web Browser, Helen Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, and Herman Venter, USENIX Security 2009.

[Ref]Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense, Adam Barth, Joel Weinberger, and Dawn Song, USENIX Security 2009.

Wed 4/28

JavaScript security policy

Vaibhav

[ppt]

ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser, IEEE Symposium on Security and Privacy, 2010.

[Ref]Object Views: Fine-Grained Sharing in Browsers, Leo Meyerovich, and Adrienne Felt WWW 2010.

Mon 5/3

Midterm project presentation
[Android Security] [Social Network Security Survey] [Web Origin Security] [UltraPAC]

Wed 5/5

Web browser access control

Yi

[ppt]

On the Incoherencies in Web Browser Access Control Policies, Kapil Singh, Alexander Moshchuk, Helen J. Wang, and Wenke Lee, IEEE Symposium on Security and Privacy, 2010.

Mon 5/10

Mobile System Security

Ted, Tyler

[ppt]

Mobile Application Security on Android, by Jesse Burns at Black Hat 2009.

Reference slides: Understanding Android's Security Framework (Tutorial) by W. Enck, and P. McDaniel.

Wed 5/12

Mobile System Security

Ted, Tyler

[Kirin]

[Apex]

On Lightweight Mobile Phone Application Certification, W. Enck, M. Ongtang, and P. McDaniel, ACM CCS 2009.

[Ref] Apex: extending Android permission model and enforcement with user-defined runtime constraints, M. Nauman, S. Khan, and X. Zhang, ACM ASIACCS 2010.

Mon 5/17

Social Network Security/Measurement

Tuo, Jun

[ppt]

Social Honeypots: Making Friends With A Spammer Near You, Steve Webb, J. Caverlee, and C. Pu, ACM CEAS 2008.

[Ref]Characterizing User Behavior in Online Social Networks, F. Benevenuto et al, ACM IMC 2009.

Wed 5/19

Social Network Privacy

Jun, Jingnan

xBook: Redesigning Privacy Control in Social Networking Platforms, by Singh, et. al., USENIX Security Symposium 2009.

Mon 5/24

NIDS

Jing

Outside the Closed World: On Using Machine Learning For Network Intrusion Detection, Robin Sommer and Vern Paxson, in IEEE Symposium of Security and Privacy, 2010.

Wed 5/26

Project presentation

Mon 5/31

No class due to Memorial Day.

Wed 6/2

Project presentation, cont`d