| Feb 2 |
Syllabus Discussion, Introduction
No required reading |
|
| Feb 7 |
Buffer Overflow
No Required reading |
|
| Feb 9 |
Control Flow Hijacking
Assigned Readings:
Return-Oriented Programming
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls |
|
| Feb 14 |
Access Control Models
No Required Reading
Optional Readings:
Lattice-based access control models
Analyzing Integrity Protection in the SELinux Example Policy |
|
| Feb 16 |
Pitch your project to class! |
Project Proposal Due |
| Feb 19 |
|
1st MP release |
| Feb 21 |
Access Control and Reference Monitors
No Required Reading |
|
| Feb 23 |
Access Control in IoT
Assigned Readings:
Security Analysis of Emerging Smart Home Applications
Rethinking Access Control and Authentication for the Home Internet of Things (IoT) |
|
| Feb 28 |
Access Control in Distributed Systems
Assigned Readings:
Automatic Policy Generation for Inter-Service Access Control of Microservices
Shamon: A System for Distributed Mandatory Access Control |
|
| Mar 1 |
Access Policy Misconfigurations
Assigned Readings:
Detecting and resolving policy misconfigurations in access-control systems
Baaz: A System for Detecting Access Control Misconfigurations
Improving Logging to Reduce Permission Over-Granting Mistakes |
|
| Mar 4 |
|
1st MP due
2nd MP release |
| Mar 6 |
Information Flow Control
Assigned Readings:
A Decentralized Model for Information Flow Control |
|
| Mar 8 |
Dynamic Information Flow Control
Assigned Readings:
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
Secure Serverless Computing using Dynamic Information Flow Control |
|
| Mar 13 |
Information Flow Control in IoT
Assigned Readings:
FlowFence: Practical Data Protection for Emerging IoT Application Frameworks |
|
| Mar 15 |
Information Flow - Attack Detection
Assigned Reading:
Fear and Logging in the Internet of Things
UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats |
|
| Mar 20 |
Spring Recess - No Class |
|
| Mar 22 |
Spring Recess - No Class |
|
| Mar 27 |
Cloud Security
Assigned Reading:
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds |
MP2 due |
| Mar 29 |
Cloud Security
Assigned Readings:
Cloud Programming Simplified: A Berkeley View on Serverless Computing
Peeking Behind the Curtains of Serverless Platforms |
|
| Apr 3 |
Please work on your class projects |
|
| Apr 5 |
Midterm Project Progress Presentation |
Midterm project progress report due |
| Apr 10 |
Cloud Security
Assigned Readings:
Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups
Security Namespace: Making Linux Security Frameworks Available to Containers |
|
| Apr 12 |
No Class
Monday class schedule will be followed |
|
| Apr 17 |
Sequence-based intrusion detection
Assigned Readings:
A Sense of Self for UNIX Processes
Mimicry Attacks on Host-Based Intrusion Detection Systems |
|
| Apr 19 |
Endpoint Detection & Response
Assigned Readings:
HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows
Tactical Provenance Analysis for Endpoint Detection and Response Systems |
|
| Apr 24 |
ML-based EDR
Assigned Readings:
DrSec: Flexible Distributed Representations for Efficient Endpoint Security
FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning |
|
| Apr 26 |
Class on Zoom:
Guest lecture by Muhammad Adil Inam, UIUC PhD candidate |
|
| May 1 |
Student Presentations
Assigned Readings:
Security and Privacy Analysis of Samsung’s Crowd-Sourced Bluetooth Location Tracking System (presented by Evan)
Unveiling Internet Censorship: Analysing the Impact of Nation States’ Content Control Efforts on Internet Architecture and Routing Patterns (presented by Zach) |
|
| May 3 |
Student Presentations
Assigned Readings:
A blockchain based lightweight and secure access control framework for IoT-enabled supply chain (presented by Aarthi)
Understanding and Improving Security and Privacy in Multi-User Smart Homes: A Design Exploration and In-Home User Study (presented by Katie) |
|
| May 8 |
Final Project Presentations |
|
| May 10 |
Final Project Presentations |
|
|
|
May 15 Final Project Reports due |