| Jan 30 |
Syllabus Discussion, Introduction
No required reading |
|
| Feb 4 |
Introductory Topics - Control Flow Attacks
No Required reading
Optional Readings
Return-Oriented Programming
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls |
|
| Feb 6 |
Snow Day (class cancelled) |
|
| Feb 11 |
Pitch your project to class! |
|
| Feb 13 |
Pitch your project to class! |
Project Proposal Due on Feb 16th |
| Feb 18 |
Introductory Topics - Access Control Models
No Required Reading
Optional Readings:
Lattice-based access control models
Analyzing Integrity Protection in the SELinux Example Policy |
|
| Feb 20 |
No class (Monday schedule to be followed) |
|
| Feb 25 |
Access Control in Distributed Systems
Assigned Readings:
Automatic Policy Generation for Inter-Service Access Control of Microservices
Shamon: A System for Distributed Mandatory Access Control |
|
| Feb 27 |
Access Control in IoT
Assigned Readings:
Security Analysis of Emerging Smart Home Applications
Optimistic Access Control for the Smart Home |
|
| Mar 4 |
Access Policy Misconfigurations
Assigned Readings:
Baaz: A System for Detecting Access Control Misconfigurations
Improving Logging to Reduce Permission Over-Granting Mistakes |
|
| Mar 6 |
Dynamic Information Flow Control
Assigned Readings:
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
Secure Serverless Computing using Dynamic Information Flow Control |
|
| Mar 11 |
Information Flow Control in IoT
Assigned Readings:
FlowFence: Practical Data Protection for Emerging IoT Application Frameworks
OctopusTaint: Advanced Data Flow Analysis for Detecting Taint-Based Vulnerabilities in IoT/IIoT Firmware |
|
| Mar 13 |
Information Flow Control - Misc.
Assigned Reading:
Decentralized Information-Flow Control for ROS2
UNICORN: Runtime Provenance-Based Detector for Advanced Persistent Threats |
|
| Mar 18 |
Spring Recess - No Class |
|
| Mar 20 |
Spring Recess - No Class |
|
| Mar 25 |
Midterm Project Progress Presentations |
|
| Mar 27 |
Midterm Project Progress Presentations |
Midterm project progress report due on March 30 |
| Apr 1 |
Cloud Security
Assigned Readings:
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Peeking Behind the Curtains of Serverless Platforms |
|
| Apr 3 |
Cloud Security
Assigned Readings:
Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups
Security Namespace: Making Linux Security Frameworks Available to Containers |
|
| Apr 8 |
Cloud Security
Assigned Readings:
Flamingo: Multi-Round Single-Server Secure Aggregation with Applications to Private Federated Learning
NAUTILUS: Automated RESTful API Vulnerability Detection |
|
| Apr 10 |
Sequence-based intrusion detection
Assigned Readings:
A Sense of Self for UNIX Processes
Mimicry Attacks on Host-Based Intrusion Detection Systems |
|
| Apr 15 |
Endpoint Detection & Response
Assigned Readings:
HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows
Tactical Provenance Analysis for Endpoint Detection and Response Systems |
|
| Apr 17 |
ML-based EDR
Assigned Readings:
DrSec: Flexible Distributed Representations for Efficient Endpoint Security
FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning |
|
| Apr 22 |
Cloud Security
Assigned Readings:
The File That Contained the Keys Has Been Removed: An Empirical Analysis of Secret Leaks in Cloud Buckets and Responsible Disclosure Outcomes
Growlithe: A Developer-Centric Compliance Tool for Serverless Applications |
|
| Apr 24 |
No Class, Prof. Datta traveling |
|
| Apr 29 |
Misc Topics - based on class interest |
|
| May 1 |
Final Project Presentations |
|
| May 6 |
Final Project Presentations |
|
| May 8 |
Final Project Presentations |
|
|
|
May 11 Final Project Reports due |