Date |
Lectures Topics |
Speakers & Notes |
Reading |
Mon 3/29 |
Class overview, overview of Internet security. |
Yan [ppt] |
Symantec Internet Security Threat Report April 2009. |
Wed 3/31 |
Web 2.0 and its diagnosis |
Zhichun [ppt] No paper summary needed. |
WebProphet: Automating Performance Prediction for Web Services, Zhichun Li, Ming Zhang, Zhaosheng Zhu, Yan Chen, Albert Greenberg and Yi-Min Wang, USENIX/ACM NSDI 2010 |
Mon 4/5 |
Diagnosis of distributed systems |
Jingnan, Tuo [ppt] |
Automating Network Application Dependency Discovery: Experiences, Limitations, and New Solutions, by Xu Chen, Ming Zhang, Z. Morley Mao, Victor Bahl, OSDI 2008. Reference slides by Ming Zhang is here. [Ref] X-Trace: A Pervasive Network Tracing Framework, Rodrigo Fonseca, George Porter, Randy Katz, Scott Shenker, Ion Stoica, ACM NSDI 2007. (presentation available in mp3 format). |
Wed 4/7 |
Mobile malcode |
Daniel [ppt]
|
Taxonomy of Botnet Threats, Trend Micro White Paper, November 2006. [Reference]A Survey of Botnet Technology and Defenses, M. Bailey, et al. in the Proc. of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security. |
Mon 4/12 |
World Wide Web vulnerability analysis |
Brett, Tyler [ppt] |
Vulnerability Analysis of Web-Based Applications, Marco Cova, Viktoria Felmetsger, Giovanni Vigna, Chapter in ``Test and Analysis of Web Services" Springer, September 2007. |
Wed 4/14 |
WWW vulnerability analysis cont'd |
Brett [ppt] |
Main paper same as above. [Ref] Multi-Module Vulnerability Analysis of Web-based Applications. ACM CCS 2007. |
Mon 4/19 |
Browser vulnerability defense |
Yi [ppt] |
BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML Charles Reis, et al, Usenix OSDI, 2006. |
Wed 4/21 |
Web app vulnerability discovery |
Daniel [pdf, and complementary ppt] |
State of the Art: Automated Black-Box Web Application Vulnerability Testing, Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell, Oakland, 2010. |
Mon 4/26 |
Web origin policy |
Vaibhav [ppt] |
The Multi-Principal OS Construction of the Gazelle Web Browser, Helen Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, and Herman Venter, USENIX Security 2009. [Ref]Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense, Adam Barth, Joel Weinberger, and Dawn Song, USENIX Security 2009. |
Wed 4/28 |
JavaScript security policy |
Vaibhav [ppt] |
ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser, IEEE Symposium on Security and Privacy, 2010. [Ref]Object Views: Fine-Grained Sharing in Browsers, Leo Meyerovich, and Adrienne Felt WWW 2010. |
Mon 5/3 |
Midterm project presentation [Android Security] [Social Network Security Survey] [Web Origin Security] [UltraPAC] |
||
Wed 5/5 |
Web browser access control |
Yi [ppt] |
On the Incoherencies in Web Browser Access Control Policies, Kapil Singh, Alexander Moshchuk, Helen J. Wang, and Wenke Lee, IEEE Symposium on Security and Privacy, 2010. |
Mon 5/10 |
Mobile System Security |
Ted, Tyler [ppt] |
Mobile Application Security on Android, by Jesse Burns at Black Hat 2009. Reference slides: Understanding Android's Security Framework (Tutorial) by W. Enck, and P. McDaniel. |
Wed 5/12 |
Mobile System Security |
Ted, Tyler [Kirin] [Apex] |
On Lightweight Mobile Phone Application Certification, W. Enck, M. Ongtang, and P. McDaniel, ACM CCS 2009. [Ref] Apex: extending Android permission model and enforcement with user-defined runtime constraints, M. Nauman, S. Khan, and X. Zhang, ACM ASIACCS 2010. |
Mon 5/17 |
Social Network Security/Measurement |
Tuo, Jun [ppt] |
Social Honeypots: Making Friends With A Spammer Near You, Steve Webb, J. Caverlee, and C. Pu, ACM CEAS 2008. [Ref]Characterizing User Behavior in Online Social Networks, F. Benevenuto et al, ACM IMC 2009. |
Wed 5/19 |
Social Network Privacy |
Jun, Jingnan |
xBook: Redesigning Privacy Control in Social Networking Platforms, by Singh, et. al., USENIX Security Symposium 2009. [Ref] Persona: An Online Social Network with User-Defined Privacy, R. Baden, et al, SIGCOMM 2009. |
Mon 5/24 |
NIDS |
Jing |
Outside the Closed World: On Using Machine Learning For Network Intrusion Detection, Robin Sommer and Vern Paxson, in IEEE Symposium of Security and Privacy, 2010. |
Wed 5/26 |
Project presentation |
||
Mon 5/31 |
No class due to Memorial Day. |
||
Wed 6/2 |
Project presentation, cont`d |
Notes: You may find the brochure useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.