Date |
Lectures Topics |
Speakers & Notes |
Reading |
Mon 3/26 | Class Overview, Overview of Internet Security. | Yan [ppt] |
Symantec Internet Security Threat Report April 2010. |
Wed 3/28 | Mobile Malcode | [malcode.ppt][botnet.ppt] No paper summary needed. |
Taxonomy of Botnet Threats, Trend Micro White Paper, November 2006. [Reference]A Survey of Botnet Technology and Defenses, M. Bailey, et al. in the Proc. of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security. |
Mon 4/2 | Network-level defense: vulnerability
signatures |
[IDS.ppt] [Shield&NetShield] Xitao, Yan |
Shield:
Vulnerability-Driven Network Filters for Preventing
Known Vulnerability Exploits, by Helen J. Wang, et
al, in the Proc. of ACM SIGCOMM, 2004. [Ref] NetShield: Massive Semantics-based Vulnerability Signature Matching for High-speed Networks , by Z. Li et al, in the Proc. of ACM SIGCOMM, 2010. |
Wed 4/4 | Vulnerability signature generation |
|
Towards
Automatic Generation of Vulnerability-Based Signatures,
by David Brumley, et al, in the Proceedings of the 2006
IEEE Symposium on Security and Privacy. |
Mon 4/9 |
Polymorphic Malware Detection |
[PolyMalwareDetect] |
Synthesizing
Near-Optimal Malware Specifications from
Suspicious Behaviors. Matt
Fredrikson, Somesh Jha, Mihai Christodorescu, Reiner
Sailer, Xifeng Yan. IEEE Symposium on Security and
Privacy 2010. |
Wed 4/11 |
WWW security background |
[browser_security] |
Browser Security Handbook, part 1 (Basic concepts). Virtual Browser: a Virtualized Browser to Sandbox Third-party JavaScripts with Enhanced Security, by Yinzhi Cao et al, in the Proc. of AsiaCCS, 2012. |
Mon 4/16 |
Web origins and the same origin policy |
[gazelle] [XO_JScapabilityLeaks] Jed, Xin |
The Multi-Principal OS Construction of the Gazelle Web Browser, Helen Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, and Herman Venter, USENIX Security 2009. [Ref]Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense, Adam Barth, Joel Weinberger, and Dawn Song, USENIX Security 2009. |
Wed 4/18 |
(Combined with 4/16 class) |
[systematicXSSsanitization] |
ScriptGard:
Automatic Context-Sensitive Sanitization for
Large-Scale Legacy Web Applications, by Prateek
Saxena, et al, in the Proc. of ACM CCS 2011. |
Mon 4/23 |
Cross-site request forgery (CSRF) Attacks |
[CSRFDefense.pdf] [CSDFclientDefense] Connor, Xiang |
A
Server- and Browser-Transparent CSRF Defense for Web 2.0
Applications, by Riccardo Pelizzi, and R Sekar. in
thet Proc. of ACSAC 2011. [Ref] Automatic and Precise Client-Side Protection against CSRF Attacks, by Philippe De Ryck, et al, in the Proc. of Esorics, 2011. |
Wed 4/25 |
Heap Spraying Attacks |
[Rozzle][Zozzle] Xiang, Yinzhi |
Rozzle:
De-Cloaking Internet Malware, by Clemens
Kolbitsch, et al, in the Proc. of IEEE Symposium on
Security and Privacy, 2012.
[Ref] ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection, by Charlie Curtsinger, et al., in the Proc. of USENIX Security, 2011. |
Mon 4/30 |
Midterm project presentation |
||
Wed 5/2 |
Smartphone security and privacy background. |
[TaintDroid.pdf] Vaibhav No paper summary is needed. |
Mobile
Application Security on Android, by Jesse Burns at
Black Hat 2009. Reference slides: Understanding Android's Security Framework (Tutorial) by W. Enck, and P. McDaniel. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, by William Enck et al. in Proc. of the USENIX OSDI, 2010. |
Mon 5/7 |
Smartphone Malware |
[droidRanger.pdf] Jed, Jonathon |
Hey,
You, Get off of My Market: Detecting Malicious Apps in
Official and Alternative Android Markets, by Yajin
Zhou, et al, in the Proc. of the NDSS 2012. [Ref] A Survey of Mobile Malware in the Wild, Adrienne Porter Felt et al, ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2011 (ref slides). |
Wed 5/9 |
Smartphone Capability Leaks |
[woodpecker.pdf] William, Shaker |
Systematic
Detection of Capability Leaks in Stock Android
Smartphones. by Michael Grace, et al, in the Proc.
of the NDSS 2012. [Ref] Permission Re-Delegation: Attacks and Defenses, by Adrienne Porter Felt, et al., in the Proc. of USENIX Security Symposium, 2011. (Reference talk slides). |
Mon 5/14 |
Online Social Network Security Background |
[socialNetworkSec] Hongyu No paper summary is needed. |
Towards
Online Spam Detection in Social Networks, by Hongyu
Gao et al., in the Proc. of NDSS 2012 [Ref] Security Issues in Online Social Networks, by Hongyu Gao, et. al, in IEEE Internet Computing, Volume 15, Issue 4, 2011. |
Wed 5/16 |
OSN Spam |
Dan, Shaker |
Suspended
Accounts in Retrospect: An Analysis of Twitter Spam,
by Kurt Thomas, et. al. in the Proc. of ACM SIGCOMM IMC,
2011. [Ref] @spam: The Underground on 140 Characters or Less, by Grier, et. al, in the Proc. of ACM CCS, 2010. |
Mon 5/21 |
OSN Privacy |
[OSNprivacy_ndss12] |
Hummingbird:
Privacy at the time of Twitter, by Emiliano
De Cristofaro, et. al. in the Proc. of IEEE
Symposium on S&P (Oakland), 2012. |
Wed 5/23 |
Merged with the 5/30 class |
||
Mon 5/28 |
No class due to Memorial Day. |
||
Wed 5/30 |
Project presentation. |
Notes: You may find the brochure useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.