CS 563

Advanced Computer Security

Below is the calendar for this course. This is the preliminary schedule, which may be altered as the term progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Date Topic Assignments Presenter
8/29 563.0 Syllabus (slides) M. Hanson and D. McNamee.
    Efficient Reading of Papers in Science and Technology. (link)
Prof. Bates
8/31 563.1 Foundations I (slides) J. Anderson.
    Computer Security Technology Planning Study, Volume 2.
    ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA. 1972. (link)
F. J. Corbato and V. A. Vyssotsky.
    Introduction and Overview of the Multics System.
    Fall Joint Computer Conference. 1965. (link)
Prof. Bates
9/5 563.2 Foundations II (slides) P. A. Karger and R. R. Schell.
    Multics Security Evaluation: Vulnerability Analysis.
    Tech Report ESD-TR-74-193. (link)
L. J. Fraim.
    Scomp: A Solution to the Multilevel Security Problem.
    IEEE Computer. 1983. (available online via UIUC Library)
Prof. Bates
9/7 563.3 Web Privacy (slides) P. Eckersley.
    How unique is your web browser? (PETS'10) (link)
M. Andrés, N. E. Bordenabe, K. Chatzikokolakis, C. Palamadidessi.
    Geo-indistinguishability: differential privacy for location-based systems. (CCS'13)
Prof. Bates
9/12 563.4 System Intrusions (slides)
Preference Proposal Instructions
S. King and P. Chen.
    Backtracking Intrusions. (SOSP'03)
S. Ma, J. Zhai, Y. Kwon, K.H. Lee, X. Zhang, G. Ciocarlie, A. Gehani, V. Yegneswaran, D. Xu, and S. Jha.
    Kernel-Supported Cost-Effective Audit Logging for Causality Tracking. (ATC'18)
Prof. Bates
9/14 563.6 Security Measurement (slides)
P. Pearce, R. Ensafi, F. Li, N. Feamster, and V. Paxson.
    Augur: Internet-Wide Detection of Connectivity Disruptions. (Oakland'17)
V. Varadarajan, Y. Zhang, T. Ristenpart, M. Swift.
    A Placement Vulnerability Study in Multi-Tenant Public Clouds. (Security'15)
Prof. Bates
9/19 563.6 Mobile & Device Security (slides)
A. P. Felt, H. J. Wang, A. Moschchuk, S. Hanna, and E. Chin.
    Permission Re-Delegation: Attacks and Defenses. (Security'11)
G.S. Tuncay, S. Demetriou, C. A. Gunter.
    Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android. (CCS'16)
9/21 563.7 Human Factors (slides)
A. Whitten and J.D. Tygar.
    Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. (Security'99)
R. Stevens, D. Votipka, E. Redmiles, C. Ahern, P. Sweeney, and M. Mazurek.
    The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level. (Security'18)
Prof. Bates
9/26 563.8 (slides)
Discuss Preference Proposals (No Readings)
9/28 563.9 No Class Today. Open Office Hours re: Project Ideas
10/3 563.10 SYSINT, USEC
(Paper 1 slides)
(Paper 2 slides)
Paper #1: Y. Ji, S. Lee, E. Downing, W. Wang, M. Fazzini, T. Kim, A. Orso, and W. Lee
    RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking. (CCS'17)
Paper #2: A. P. Felt, R. W. Reeder, A. Ainslie, H. Harris, M. Walker, C. Thompson, M. E. Acer, E. Morant, and S. Consolvo.
    Rethinking Connection Security Indicators. (SOUPS'16).
Mohammad N.
Joshua R.
10/5 563.11 USEC, WEB+MOB
(Paper 1 slides)
(Paper 2 slides)
Paper #1: F. Fischer, K. Bottinger, H. Xiao, C. Stransky, Y. Acar, M. Backes, and S. Fahl.
    Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security. (Oakland'17)
Paper #2: I. Reyes, P. Wijesekera, J. Reardon, A. E. B. On, A. Razaghpanah, N. Vallina-Rodriguez, S. Egelman.
    “Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale. (PoPETS'18)
Kevin L.
Yasha M.
10/10 563.12 SYSINT, USEC
(Paper 1 slides)
(Paper 2 slides)
Paper #1: S. A. Crosby and D. S. Wallach.
    Efficient data structures for tamper-evident logging. (USENIX'09)"
Paper #2: D. Oliveira, H. Rocha, H. Yang, D. Ellis, S. Dommaraju, and M. Muradoglu
     Dissecting spear phishing emails for older vs young adults:
    On the interplay of weapons of influence and life domains in predicting susceptibility to phishing. (CHI 2017)
Riccardo P.
Cam M.
10/12 563.13 CCS'18 Preview Day K. Ganju, Q. Wang, W. Yang, C. Gunter, and N. Borisov.
    Property Inference Attacks on Fully Connected Neural Networks using Permutation Invariant Representations. (CCS'18) (link)
B. Ujcich, S. Jero, A. Edmunson, Q. Wang, R. Skowyra, J. Landry, A. Bates, W. Sanders, C. Nita-Rotaru, H. Okravi.
    Cross-App Poisoning in Software-Defined Networking. (CCS'18)(link)
K. Ganju
B. Ujcich
10/17 563.14 USEC, SYSINT
(Paper 1 slides)
(Paper 2 slides)
Paper #1: S. Lyastani, M. Schilling, S. Fahl, S. Bugiel, M. Backes.
    Studying the Impact of Managers on Password Strength and Reuse. (USENIX'18)
Paper #2: D. Kirat, G. Vigna, and C. Kruegel.
    BareCloud: Bare-metal Analysis-based Evasive Malware Detection (Security'14)
Nomaan D.
Kevin C.
10/19 563.15 WEB+MOB x 2
(Paper 1 slides)
(Paper 2 slides)
Paper #1: H. Birge-Lee, Y. Sun, A. Edmundson, J. Rexford, and P. Mittal.
    Bamboozling certificate authorities with BGP. (Security'18)
Paper #2: J. Zhang, P. Porras, and J. Ullrich.
    Highly predictive blacklisting. (Security'08).
Chester C.
John B.
10/24 563.16 WEB+MOB x 2
(Paper 1 slides)
(Paper 2 slides)
Paper #1: Z. Durumeric, Z. Ma, D. Springall, R. Barnes, N. Sullivan, E. Bursztein, M. Bailey, J. A. Halderman, and V. Paxson.
    The Security Impact of HTTPS Interception (NDSS'17)
Paper #2: N Roy, S. Shen, H. Hassanieh, R. R. Choudhury.
    Inaudible Voice Commands: The Long-Range Attack and Defense. (NSDI'18)
Sanjeev R.
Shivam B.
10/26 563.17 WEB+MOB, SYSINT
(Paper 1 slides)
(Paper 2 slides)
Paper #1: J. Ren, A. Rao, M. Lindorfer, A. Legout, D. Choffnes.
    ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. (MobiSys ’16)
Paper #2: S. Ma, K. H. Lee, C. H. Kim, J. Rhee, X. Zhang, and D. Xu.
    Accurate, low cost and instrumentation-free security audit logging for windows. (ACSAC ’15)
Umar F.
Noor M.
10/31 563.18 WEB+MOB, SYSINT
(Paper 1 slides)
(Paper 2 slides)
Paper #1: B. Gras, K. Razavi, H. Bos, and C. Giuffrida.
    Translation leak-aside buffer: Defeating cache side-channel protections with TLB attacks. (Security'18)
Paper #2: G. Chen, W. Wang, T. Chen, S. Chen, Y. Zhang, X. Wang, T. Lai, and D. Lin.
    Racing in hyperspace: closing hyper-threading side channels on SGX with contrived data races. (Oakland'18)
Ayoosh B.
Young L.
11/2 563.19 WEB+MOB
(Paper 1 slides)
Paper #1: A. Razaghpanah, R. Nithyanand, N. Vallina-Rodriguez, S. Sundaresan, M. Allman, C. Kreibich, P. Gill
    Apps, Trackers, Privacy, and Regulators A Global Study of the Mobile Tracking Ecosystem (NDSS'18)
Paper #2: Only one paper today!
Xueqing L
11/7 563.20 SYSINT, WEB+MOB
(Paper 1 slides)
(Paper 2 slides)
Paper #1: R. Pandita, X. Xiao, W. Yang, W. Enck, T. Xie.
    WHYPER: Towards Automating Risk Assessment of Mobile Applications (Security'13)
Paper #2: A. M. Piotrowska, J. Hayes, T. Elahi, S. Meiser, and G. Danezis.
    The loopix anonymity system. (Security '17)
Jingyu Q.
11/9 563.21 WEB+MOB, SYSINT
(Paper 1 slides)
(Paper 2 slides)
Paper #1: M. Abadi, A. Chu, I. Goodfellow, H. B. McMahan, I. Mironov, K. Talwar, and L. Zhang.
    Deep learning with differential privacy. (CCS'16)
Paper #2: R. Skowyra, L. Xu, G. Gu, V. Dedhia, T. Hobson, H. Okravi, J. Landry.
    Effective Topology Tampering Attacks and Defenses in Software-Defined Networks. (DSN'18)
Xiaojun X.
Evan J.
11/14 563.22 WEB+MOB
(Paper 1 slides)
Paper #1: Z. Wang, Y. Cao, Z. Qian, C. Song, S. Krishnamurthy.
    Your state is not mine: a closer look at evading stateful internet censorship. (IMC’17) Paper #2: Only one paper today!
Yuanshan Z.
11/16 563.23 WEB+MOB x 2
(Paper 1 slides)
(Paper 2 slides)
Paper #1: G. Zhang, C. Yan, X. Ji, T. Zhang, T. Zhang, and W. Xu.
    Dolphinattack: Inaudible voice commands. (CCS'17)
Paper #2: T. Van Goethem, W. Joosen, and N. Nikiforakis.
    The Clock is Still Ticking: Timing Attacks in the Modern Web. (CCS '15)
Huichen L
Shu L.
11/21 Thanksgiving Break (No Class)
11/23 Thanksgiving Break (No Class)
11/28 563.24 USEC, WEB+MOB
(Paper 1 slides)
(Paper 2 slides)
Paper #1: S. Karunakaran, K. Thomas, E. Bursztein, and O. Comanescu.
    Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data. (SOUPS'18)
Paper #2: I. Polakis, G. Argyros, T. Petsios, S. Sivakorn, A. D. Keromytis.
    Where's wally?: Precise user discovery attacks in location proximity services. (CCS'15)
Yingquan Y.
Joey D.
11/30 563.25 SYSINTx2
(Paper 1 slides)
(Paper 2 slides)
Paper #1: T. Yu, S. K. Fayaz, M. Collins, V. Sekar, and S. Seshan.
    PSI: Precise Security Instrumentation for Enterprise Networks. (NDSS '17)
Paper #2: C. H. Kim, T. Kim, H. Choi, Z. Gu, B. Lee, X. Zhang, and D. Xu..
    Securing Real-Time Microcontroller Systems through Customized Memory View Switching (NDSS'18)
Nicole P.
Ashish K.
12/5 563.26 WEB+MOB
(Paper 1 slides)
(Paper 2 slides)
Paper #1: J. Seo, D. Kim, D. Cho, I. Shin, and T. Kim
    FLEXDROID: Enforcing In-App Privilege Separation in Android. (NDSS'16)
Paper #2: S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer.
    The emperor’s new security indicators. (Oakland’07)
Shivansh C.
Shreya U.
12/7 563.27 Project Presentations
12/12 563.28 Project Presentations