| Date |
Details |
| 01/20/2015
| Orientation and logistics [slides] |
|
Required reading:
• None
Suggested reading:
•
Introduction to Information Assurance
|
| 01/22/2015
| Information Hiding: Watermarking and Steganography [slides] |
|
Required reading:
• Information Hiding--A Survey (Read Sections I and II only)
|
| 01/27/2015
| Snow Day - University Closed |
|
|
| 01/29/2015
| Information Hiding: Covert Channels [slides] |
|
Required reading:
• Embedding Covert Channels into TCP/IP
Suggested reading:
• Detection of Covert Channel Encoding in Network Packet Delays
• CoCo: coding-based covert timing channels for
network flows
|
| 02/03/2015
| Information Leakage: Side Channels [slides1, slides2] |
|
Required reading:
• Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow
Suggested reading:
• Preventing Side-Channel Leaks in Web Traffic: A Formal Approach
• Cross-VM Side Channels and Their Use to Extract
Private Keys
|
| 02/05/2015
| Anonymous Communication: Mixes, Tor, etc. [slides] |
|
Required reading:
• Tor: The Second-Generation Onion Router
Suggested reading:
• Mixminion: Design of a Type III Anonymous Remailer Protocol
• Shining Light in Dark Places:
Understanding the Tor Network
|
| 02/10/2015
| Deadline for project proposals |
| 02/10/2015
| Censorship Resistance: Parrots [slides] |
|
Required reading:
• SkypeMorph: Protocol Obfuscation for Tor Bridges
Suggested reading:
• The Parrot is Dead: Observing Unobservable Network Communications
• I want my voice to be heard: IP over Voice-over-IP for unobservable censorship circumvention
|
| 02/12/2015
| Censorship Resistance: Decoy Routing [slides] |
|
Required reading:
• Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability
Suggested reading:
• Telex: Anticensorship in the Network Infrastructure
• No Direction Home: The True Cost of Routing Around Decoys
|
| 02/17/2015
| No Class (Presidents' Day) |
|
|
| 02/19/2015
| Privacy-preserving Services: Social Networks [slides1,slides2] |
|
Required reading:
• Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider
Suggested reading:
• Persona: an online social network with user-defined privacy
• EASiER: Encryption-based Access Control in Social Networks with Efficient Revocation
|
| 02/24/2015
| Privacy-preserving Services: Storage [slides1,slides2] |
|
Required reading:
• Vanish: Increasing Data Privacy with Self-Destructing Data
Suggested reading:
• Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs
• FADE: Secure Overlay Cloud Storage with File Assured Deletion
|
| 02/26/2015
| Privacy in the Cloud: PIR and ORAM [slides] |
|
Required reading:
• PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval
Suggested reading:
• Private Information Retrieval
• ObliviStore: High Performance Oblivious Cloud Storage
|
| 03/03/2015
| Privacy of Emerging Technologies [slides] |
|
Required reading:
• A Scanner Darkly: Protecting User Privacy from Perceptual Applications
Suggested reading:
• Robust De-anonymization of Large Sparse Datasets
• Private-by-Design Advertising Meets the Real World
|
| 03/05/2015
| Midterm Exam (Includes lectures before 03/03/2015. Only from the content discussed in the class.) |
|
|
| 03/10/2015
| Usable Security: Passwords [slides] |
|
Required reading:
• How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation
Suggested reading:
• A Second Look at the Usability of Click-Based Graphical Passwords
• The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers
|
| 03/12/2015
| Web Security: JavaScript (Guest lecture by Prof. Guha ) |
|
Required reading:
• Type-based Verification of JavaScript Sandboxing
Suggested reading:
• Privilege Separation in HTML5 Applications
• Automated Analysis of Security-Critical JavaScript APIs
|
| 03/17/2015
| No Class (Spring Break) |
|
|
| 03/19/2015
| No Class (Spring Break) |
|
|
| 03/24/2015
| Project progress reports are due |
| 03/24/2015
| Security and Privacy of Future Internet Architectures: Named-Data Networking [slides] |
|
Required reading:
• ANDaNA: Anonymous Named Data Networking Application
Suggested reading:
• Privacy in Content-Oriented Networking: Threats and Countermeasures
• Named Data Networking
|
| 03/26/2015
| Secure Digital Currency: Bitcoin [slides] |
|
Required reading:
• Zerocoin: Anonymous Distributed E-Cash from Bitcoin
Suggested reading:
• Bitcoin : A Peer-to-Peer Electronic Cash System
• Sybil-Resistant Mixing for Bitcoin
|
| 03/31/2015
| Hardware Security: Trusted Platform Module [slides] |
|
Required reading:
• cTPM: A Cloud TPM for Cross-Device Trusted Applications
Suggested reading:
• Design and Implementation of a TCG-based Integrity Measurement Architecture
• vTPM: Virtualizing the Trusted Platform Module
|
| 04/02/2015
| Mobile Security: Android [slides] |
|
Required reading:
• TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
Suggested reading:
• A Study of Android Application Security
• Hey, You, Get Off of My Market:
Detecting Malicious Apps in Official and Alternative Android Markets
|
| 04/07/2015
| Economics of Malware: Spam [slides] |
|
Required reading:
• Click Trajectories: End-to-End Analysis of the Spam Value Chain
Suggested reading:
• Show Me the Money: Characterizing Spam-advertised Revenue
• Knock It Off: Profiling the Online Storefronts
of Counterfeit Merchandise
|
| 04/09/2015
| Online Tracking [slides] |
|
Required reading:
• Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting
Suggested reading:
• The Web Never Forgets: Persistent Tracking Mechanisms in the Wild
• Third-Party Web Tracking: Policy and Technology
|
| 04/14/2015
| Botnet Detection [slides] |
|
Required reading:
• BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection
Suggested reading:
• BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic
• BotHunter Detecting Malware Infection Through IDS-Driven Dialog Correlation
|
| 04/16/2015
| Traffic Analysis: Flow Correlation [slides] |
|
Required reading:
• RAINBOW: A Robust And Invisible Non-Blind Watermark for Network Flows
Suggested reading:
• Timing analysis in low-latency mix networks: Attacks and defenses
• Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet
|
| 04/21/2015
| Project Presentations |
|
• Armand, Side channel attacks in games
• Benjamin, Cloud services security
|
| 04/23/2015
| Project Presentations |
|
• Manuel, Security and Privacy in the Internet of Things
• Roman, Privacy in next-generation Internet architectures
• David, Identity theft
|
| 04/28/2015
| Project Presentations |
|
• Christopher, Multi-Key Cryptosystems and Key Management
• Cody, Cryptocurrencies
• Dylan, Authentication and Passwords
|
| 5/4/2015
| Final Exam |
|
Time: 10:30AM - 12:30PM, location: CS 140
|
| 05/08/2015
| Project reports are due |
|
|