| Date |
Details |
| 01/23/2018 |
Orientation and logistics |
|
Review assignment:
• None! Please make sure to attend class, as we will be planning the schedule for the semester-- together!
Suggested reading:
•
Introduction to Information Assurance
|
| 01/25/2018 |
Intro to Crypto I |
|
Review assignment:
• None! Work on your project proposals!
|
| 01/30/2018 |
Intro to Crypto II |
|
Review assignment:
• None! Work on your project proposals!
|
| 02/01/2018 |
Overview of NDSS'2018 |
|
Review assignment:
• Pick a paper from
NDSS'18 program and submit a review. You should Google the title of the paper you'd like to review to find the paper's PDF. We will be overviewing the program.
|
| 02/06/2018 |
Anonymous Communications |
|
Review assignment (pick one):
•
Tor: The Second-Generation Onion Router
•
RAPTOR: Routing Attacks on Privacy in Tor
•
Dissent: Accountable Anonymous Group Messaging
|
| 02/08/2018 |
Project Proposal Day |
|
Tasks:
• Submit your 1-page project proposal on Moodle (before class)
• Introduce your project in class in 2-3 minutes to get feedback and suggestion from others.
|
| 02/13/2018 |
Bitcoin and Blockchain |
|
Review assignment:
•
Hijacking Bitcoin: Routing Attacks on Cryptocurrencies (Justin Svegliato)
•
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network (Aditya Shastry)
•
Catena: Efficient Non-equivocation via Bitcoin (Abhay Mittal)
|
| 02/15/2018 |
IoT Security and Privacy |
|
Review assignment:
•
Security Analysis of Emerging Smart Home Applications (Daksh Jotwani)
•
From the Aether to the Ethernet—Attacking the
Internet using Broadcast Digital Television (Albert Williams)
•
Watching the Watchers: Automatically Inferring TV
Content From Outdoor Light Effusions (Arian Niaki)
|
| 02/20/2018 |
Online Social Networks |
|
Review assignment:
•
IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks (Fatemeh Rezaei)
•
Automated Crowdturfing Attacks and Defenses in Online Review Systems (Sam Witty)
•
Investigating Ad Transparency Mechanisms in Social Media: A Case Study of Facebook’s Explanations (Pratik Mehta)
|
| 02/22/2018 |
Online Social Networks (continued) + Authentication |
|
Review assignment:
•
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider (Shiva Ramezani)
•
Multi-touch Authentication Using Hand Geometry and Behavioral Information (Andrew Gramigna)
•
TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication (Soha Rostaminia)
|
| 02/27/2018 |
Censorship, Surveilance, and Wiretapping |
|
Review assignment:
•
The Parrot is Dead:
Observing Unobservable Network Communications (Nidhi Mundra)
•
The Waterfall of Liberty:
Decoy Routing Circumvention that Resists Routing Attacks (David Zagreda)
•
Can They Hear Me Now?
A Security Analysis of Law Enforcement Wiretaps (Divyesh Harit)
|
| 03/01/2018 |
Censorship (continued)+ Future Internet |
|
Review assignment:
•
Analyzing the Great Firewall of China
Over Space and Time (Ananya Suraj)
•
SCION: Scalability, Control, and Isolation on Next-Generation Networks (Hamid Mozaffari)
•
LAP: Lightweight Anonymity and Privacy (Ramteja Tadishetti)
|
| 03/06/2018 |
Covert Channels + Side-Channel Attacks |
|
Review assignment:
•
Microarchitectural Minefields: 4K-Aliasing Covert
Channel and Multi-Tenant Detection in IaaS Clouds (Sophie Koffler)
•
Hello from the Other Side: SSH over
Robust Cache Covert Channels in the Cloud (JianYi Huang)
•
Exploiting a Thermal Side Channel for Power Attacks in
Multi-Tenant Data Centers (Roy Chan)
|
| 03/08/2018 |
Side-Channel Attacks (Continued) |
|
Review assignment:
•
Beauty and the Burst:
Remote Identification of Encrypted Video Streams (Alireza Bahramali)
|
| 03/13/2018 |
Spring Break |
| 03/15/2018 |
Spring Break |
| 03/20/2018 |
No Class |
| 03/22/2018 |
Data Privacy + Location Privacy |
|
Review assignment:
•
Computer Security, Privacy, and DNA Sequencing:
Compromising Computers with Synthesized DNA,
Privacy Leaks, and More (Yash Chandak)
•
BLENDER: Enabling Local Search with
a Hybrid Differential Privacy Model (Virat Shejwalkar)
•
Quantifying Location Privacy (Chen Qu)
|
| 03/27/2018 |
Learning Security |
|
Review assignment:
•
Membership Inference Attacks Against
Machine Learning Models (Rumeng LI)
•
Privacy-Preserving Deep Learning (Suraj Subraveti)
•
Stealing Machine Learning Models via Prediction APIs (Xiang Li)
•
DeepXplore: Automated Whitebox Testing
of Deep Learning Systems (Ali Montazeralghaem)
|
| 03/29/2018 |
Intrusion Detection + Botnet Detection |
|
Review assignment:
•
Kitsune: An Ensemble of Autoencoders for Online
Network Intrusion Detection (Michael Sadler)
•
Fingerprinting Electronic Control Units
for Vehicle Intrusion Detection (Apoorva Saxena)
•
BotMiner: Clustering Analysis of Network Traffic for
Protocol- and Structure-Independent Botnet Detection (Abhiram Eswaran)
•
Understanding the Mirai Botnet (Akul Siddalingaswamy)
|
| 04/03/2018 |
Economy of Malware+ Measurements for Security |
|
Review assignment:
•
Click Trajectories: End-to-End Analysis of the Spam Value Chain (Joshua Pikovsky)
•
Apps, Trackers, Privacy, and Regulators
A Global Study of the Mobile Tracking Ecosystem (Anil Kumar Saini)
•
Encore: Lightweight Measurement of
Web Censorship with Cross-Origin Requests (Shahrooz Pouryousef)
|
| 04/05/2018 |
Hardware Security |
|
Review assignment:
•
Spectre Attacks: Exploiting Speculative Execution (John Geenty)
•
The Meltdown Attack
•
Inferring Fine-grained Control Flow Inside
SGX Enclaves with Branch Shadowing (Sadegh Rabiee)
Supplemental Reading:
•
Spectre, Meltdown and the Mill CPU
•
On the Meltdown & Spectre Design Flaws
•
Presentation
|
| 04/10/2018 |
Mobile Security + Security Protocols |
|
Review assignment:
•
TaintDroid: An Information-Flow Tracking System for Realtime Privacy
Monitoring on Smartphones (Nick Merlino)
•
MAMADROID: Detecting Android Malware by
Building Markov Chains of Behavioral Models (Jacob Downs)
•
The Most Dangerous Code in the World:
Validating SSL Certificates in Non-Browser Software (Shreyas Mishra)
•
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 (Amir Ramtin)
Supplemental Reading:
•
Intercepting Mobile Communications:
The Insecurity of 802.11
•
The Krack Attack
|
| 04/12/2018 |
Phishing + Tracking |
|
Review assignment:
•
Data Breaches, Phishing, or Malware?
Understanding the Risks of Stolen Credentials (Pardis Malekzadeh)
•
PhishEye: Live Monitoring of Sandboxed Phishing Kits (Qishen Li)
•
Cookieless Monster:
Exploring the Ecosystem of Web-based Device Fingerprinting (Sandeep Polisetty)
|
| 04/19/2018 |
Final Project Presentations |
|
| 04/24/2017 |
Final Project Presentations |
|
| 04/26/2018 |
Final Project Presentations |
|
| 05/01/2018 |
Final Project Presentations |
|
| 05/10/2018 |
Final Project Reports Due |
|
|
|