Below is the calendar for this course. This is the preliminary schedule, which may be altered as the term progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).
Date | Topic | Assignments | Presenter |
8/29 |
|
Efficient Reading of Papers in Science and Technology. (link) |
|
8/31 |
|
Computer Security Technology Planning Study, Volume 2. ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA. 1972. (link) F. J. Corbato and V. A. Vyssotsky. Introduction and Overview of the Multics System. Fall Joint Computer Conference. 1965. (link) |
|
9/5 |
|
Multics Security Evaluation: Vulnerability Analysis. Tech Report ESD-TR-74-193. (link) L. J. Fraim. Scomp: A Solution to the Multilevel Security Problem. IEEE Computer. 1983. (available online via UIUC Library) |
|
9/7 |
|
How unique is your web browser? (PETS'10) (link) M. Andrés, N. E. Bordenabe, K. Chatzikokolakis, C. Palamadidessi. Geo-indistinguishability: differential privacy for location-based systems. (CCS'13) |
|
9/12 |
Preference Proposal Instructions |
Backtracking Intrusions. (SOSP'03) S. Ma, J. Zhai, Y. Kwon, K.H. Lee, X. Zhang, G. Ciocarlie, A. Gehani, V. Yegneswaran, D. Xu, and S. Jha. Kernel-Supported Cost-Effective Audit Logging for Causality Tracking. (ATC'18) |
|
9/14 |
|
Augur: Internet-Wide Detection of Connectivity Disruptions. (Oakland'17) V. Varadarajan, Y. Zhang, T. Ristenpart, M. Swift. A Placement Vulnerability Study in Multi-Tenant Public Clouds. (Security'15) |
|
9/19 |
|
Permission Re-Delegation: Attacks and Defenses. (Security'11) G.S. Tuncay, S. Demetriou, C. A. Gunter. Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android. (CCS'16) |
|
9/21 |
|
Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. (Security'99) R. Stevens, D. Votipka, E. Redmiles, C. Ahern, P. Sweeney, and M. Mazurek. The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level. (Security'18) |
|
9/26 |
|
|
|
9/28 |
|
|
|
10/3 |
(Paper 1 slides) (Paper 2 slides) |
RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking. (CCS'17) Paper #2: A. P. Felt, R. W. Reeder, A. Ainslie, H. Harris, M. Walker, C. Thompson, M. E. Acer, E. Morant, and S. Consolvo. Rethinking Connection Security Indicators. (SOUPS'16). |
Joshua R. |
10/5 |
(Paper 1 slides) (Paper 2 slides) |
Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security. (Oakland'17) Paper #2: I. Reyes, P. Wijesekera, J. Reardon, A. E. B. On, A. Razaghpanah, N. Vallina-Rodriguez, S. Egelman. “Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale. (PoPETS'18) |
Yasha M. |
10/10 |
(Paper 1 slides) (Paper 2 slides) |
Efficient data structures for tamper-evident logging. (USENIX'09)" Paper #2: D. Oliveira, H. Rocha, H. Yang, D. Ellis, S. Dommaraju, and M. Muradoglu Dissecting spear phishing emails for older vs young adults: On the interplay of weapons of influence and life domains in predicting susceptibility to phishing. (CHI 2017) |
Cam M. |
10/12 |
|
Property Inference Attacks on Fully Connected Neural Networks using Permutation Invariant Representations. (CCS'18) (link) B. Ujcich, S. Jero, A. Edmunson, Q. Wang, R. Skowyra, J. Landry, A. Bates, W. Sanders, C. Nita-Rotaru, H. Okravi. Cross-App Poisoning in Software-Defined Networking. (CCS'18)(link) |
B. Ujcich |
10/17 |
(Paper 1 slides) (Paper 2 slides) |
Studying the Impact of Managers on Password Strength and Reuse. (USENIX'18) Paper #2: D. Kirat, G. Vigna, and C. Kruegel. BareCloud: Bare-metal Analysis-based Evasive Malware Detection (Security'14) |
Kevin C. |
10/19 |
(Paper 1 slides) (Paper 2 slides) |
Bamboozling certificate authorities with BGP. (Security'18) Paper #2: J. Zhang, P. Porras, and J. Ullrich. Highly predictive blacklisting. (Security'08). |
John B. |
10/24 |
(Paper 1 slides) (Paper 2 slides) |
The Security Impact of HTTPS Interception (NDSS'17) Paper #2: N Roy, S. Shen, H. Hassanieh, R. R. Choudhury. Inaudible Voice Commands: The Long-Range Attack and Defense. (NSDI'18) |
Shivam B. |
10/26 |
(Paper 1 slides) (Paper 2 slides) |
ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic. (MobiSys ’16) Paper #2: S. Ma, K. H. Lee, C. H. Kim, J. Rhee, X. Zhang, and D. Xu. Accurate, low cost and instrumentation-free security audit logging for windows. (ACSAC ’15) |
Noor M. |
10/31 |
(Paper 1 slides) (Paper 2 slides) |
Translation leak-aside buffer: Defeating cache side-channel protections with TLB attacks. (Security'18) Paper #2: G. Chen, W. Wang, T. Chen, S. Chen, Y. Zhang, X. Wang, T. Lai, and D. Lin. Racing in hyperspace: closing hyper-threading side channels on SGX with contrived data races. (Oakland'18) |
Young L. |
11/2 |
(Paper 1 slides) |
Apps, Trackers, Privacy, and Regulators A Global Study of the Mobile Tracking Ecosystem (NDSS'18) Paper #2: Only one paper today! |
|
11/7 |
(Paper 1 slides) (Paper 2 slides) |
WHYPER: Towards Automating Risk Assessment of Mobile Applications (Security'13) Paper #2: A. M. Piotrowska, J. Hayes, T. Elahi, S. Meiser, and G. Danezis. The loopix anonymity system. (Security '17) |
PB B. |
11/9 |
(Paper 1 slides) (Paper 2 slides) |
Deep learning with differential privacy. (CCS'16) Paper #2: R. Skowyra, L. Xu, G. Gu, V. Dedhia, T. Hobson, H. Okravi, J. Landry. Effective Topology Tampering Attacks and Defenses in Software-Defined Networks. (DSN'18) |
Evan J. |
11/14 |
(Paper 1 slides) |
Your state is not mine: a closer look at evading stateful internet censorship. (IMC’17) Paper #2: Only one paper today! |
|
11/16 |
(Paper 1 slides) (Paper 2 slides) |
Dolphinattack: Inaudible voice commands. (CCS'17) Paper #2: T. Van Goethem, W. Joosen, and N. Nikiforakis. The Clock is Still Ticking: Timing Attacks in the Modern Web. (CCS '15) |
Shu L. |
11/21 |
|
|
|
11/23 |
|
|
|
11/28 |
(Paper 1 slides) (Paper 2 slides) |
Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data. (SOUPS'18) Paper #2: I. Polakis, G. Argyros, T. Petsios, S. Sivakorn, A. D. Keromytis. Where's wally?: Precise user discovery attacks in location proximity services. (CCS'15) |
Joey D. |
11/30 |
(Paper 1 slides) (Paper 2 slides) |
PSI: Precise Security Instrumentation for Enterprise Networks. (NDSS '17) Paper #2: C. H. Kim, T. Kim, H. Choi, Z. Gu, B. Lee, X. Zhang, and D. Xu.. Securing Real-Time Microcontroller Systems through Customized Memory View Switching (NDSS'18) |
Ashish K. |
12/5 |
(Paper 1 slides) (Paper 2 slides) |
FLEXDROID: Enforcing In-App Privilege Separation in Android. (NDSS'16) Paper #2: S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer. The emperor’s new security indicators. (Oakland’07) |
Shreya U. |
12/7 |
|
|
|
12/12 |
|
|
|