|
Date |
Lectures Topics |
Speakers & Notes |
Reading |
| Mon 3/31 | Class Overview, Overview of Internet Security. | Yan |
Symantec Internet Security Threat Report, April 2013. |
|
Wed 4/2 |
Intro to mobile security |
Vaibhav |
Intro
to mobile security slides by Prof. Konstantin
Beznosov of UBC, Canda. |
| Mon 4/7 |
Android Permission |
[Android_permission] |
Zhang, Yuan, et al. Vetting
undesirable behaviors in android apps with permission
use analysis, in the Proc. of ACM CCS,
2013. |
| Wed 4/9 |
Mobile privacy |
[mobile_privacy] Sinan, Eric J. |
Zhou,
Xiaoyong, et al. Identity,
location, disease and more: inferring your secrets
from android public resources, in the Proc. of ACM
CCS, 2013. [Ref]Nadkarni, Adwait, and William Enck. Preventing accidental data disclosure in modern operating systems, in the Proc. of ACM CCS, 2013. |
| Mon 4/14 |
Vulnerabilities and malware |
[mobile_vulnerability] David, Sinan |
Xing, Luyi, et al. "Upgrading
Your Android, Elevating My Malware: Privilege
Escalation Through Mobile OS Updating, in Proc. of
IEEE Oakland, 2014. |
| Wed 4/16 |
SSL vulnerabilities in Android apps | [SSL
in Android] Steven, Tom C. |
Greenwood, David Sounthiraraj Justin
Sahs Garret, and Zhiqiang Lin Latifur Khan. "SMV-HUNTER:
Large Scale, Automated Detection of SSL/TLS
Man-in-the-Middle Vulnerabilities in Android Apps,
in the Proc. of NDSS 2014.
|
| Mon 4/21 |
WWW security background | [browser_security] Yinzhi No paper summary needed |
|
| Wed 4/23 |
Automatic Web Content Isolation |
[web_contentIsolation] Shuangping, Chao |
Aaron Blankstein and Michael J.
Freedman, Automating
Isolation and Least Privilege in Web Services, in
Proc. of IEEE Oakland 2014. |
| Mon
4/28 |
Single Sign-On (SSO) Security |
[SSO
security] |
Daniel Fett, Ralf Küsters, Guido
Schmitz, An
Expressive
Model for the Web Infrastructure: Definition and
Application to the BrowserID SSO System, in the
Proc. of Oakland, 2014. [Ref] Luyi Xing, Yangyi Chen,
XiaoFeng Wang |
| Wed 4/30 |
Web Logic Vulnerability | [Web log
vulnerability] Eric J., Yan |
Fangqi Sun, Liang Xu and Zhendong Su,
"Detecting
Logic Vulnerabilities in E-commerce Applications",
NDSS 2014. [Ref]Giancarlo Pellegrino and Davide
Balzarotti, Toward
Black-Box Detection of Logic Flaws in Web Applications",
in the Proc. of NDSS 2014. |
| Mon 5/5 |
Midterm proj
presentation |
||
| Wed 5/7 |
Mobility meets Web |
[mobile Web] Al, David |
Georgiev, Martin, Suman Jana, and
Vitaly Shmatikov, Breaking
and Fixing Origin-Based Access Control in Hybrid
Web/Mobile Application Frameworks, in Proc. of
NDSS 2014. |
|
|
Openflow and SDN Background |
[Slides
by Shenker] Yan [Openflow] Xitao No paper summary needed |
The Future of Networking, and the
Past of Protocols, Scott Shenker (video
of talk at Ericsson)
McKeown, Nick, et al., OpenFlow:
enabling innovation in campus networks, ACM
SIGCOMM Computer Communication Review 38.2 (2008). |
| Wed 5/14 | SDN 2.0 |
[net_virtual_SDN2.0] Tom M., Yu |
Teemu Koponen, etc., Network
Virtualization in Multi-tenant Datacenters, in the
Proc. of ACM NSDI, 2014. [Ref]Scott Shenker, etc.,
Software-Defined Networking Revisited, paper under
submission (emailed to students). |
|
|
Security of SDN |
[Sec_of_SDN] Tommy, Eric L. |
Seungwon Shin et al, AVANT-GUARD:
Scalable and Vigilant Switch Flow Management in
Software-Defined Networks, in the Proc. of ACM CCS
2013. |
| Wed 5/21 | Security using SDN | [SDN
for sec] Hangbin, Yuchao |
|
| Mon 5/26 |
Memorial Day break |
||
| Wed 5/28 |
Network verification |
[net_verification] Dane, Al |
Hongyi Zeng et al, Libra:
Divide and Conquer to Verify Forwarding Tables in Huge
Networks, in the Proc. of ACM NSDI, 2014. [Ref] Ahmed Khurshid et al, VeriFlow:
Verifying Network-Wide Invariants in Real Time, in
the Proc. of ACM NSDI, 2013. |
| Mon 6/2 |
Final project presentation |
||
Notes: You may find the brochure useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.