| Jan 29 |
Course Overview & Syllabus
No required reading |
|
| Feb 3 |
Introductory Topics
No required reading |
|
| Feb 5 |
Class cancelled |
|
| Feb 10 |
Pitch your project to class! |
|
| Feb 12 |
Cloud Security Measurements
Paper Discussions led by Prof. Datta:
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Peeking Behind the Curtains of Serverless Platforms |
Project Proposal Due on Feb 15th |
| Feb 17 |
Cloud Infrastructure Security & Heterogeneity
Assigned Readings:
•
HeteroScore: Evaluating and Mitigating Cloud Security Threats Brought by Heterogeneity
•
Zanzibar: Google’s Consistent, Global Authorization System |
|
| Feb 19 |
Monday class schedule will be followed |
|
| Feb 24 |
Cloud Access Control & Credentials
Assigned Readings:
•
Credit Karma: Understanding Security Implications of Exposed Cloud Services through Automated Capability Inference
•
Stateful Least Privilege Authorization for the Cloud |
|
| Feb 26 |
Container Isolation Attacks
Assigned Readings:
•
Cross Container Attacks: The Bewildered eBPF on Clouds
•
Attacks are Forwarded: Breaking the Isolation of MicroVM-based Containers Through Operation Forwarding |
|
| Mar 3 |
Excessive Permissions & Secret Management
Assigned Readings:
•
Take Over the Whole Cluster: Attacking Kubernetes via Excessive Permissions of Third-party Applications
•
The File That Contained the Keys Has Been Removed: An Empirical Analysis of Secret Leaks in Cloud Buckets and Responsible Disclosure Outcomes |
|
| Mar 5 |
Microservice Vulnerabilities
Assigned Readings:
•
Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Applications
•
XRay: Enhancing the Web’s Transparency with Differential Correlation |
|
| Mar 10 |
Network Attack Detection at Scale
Assigned Readings:
•
Enhancing Network Attack Detection with Distributed and In-Network Data Collection System
•
AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks |
|
| Mar 12 |
No class, Prof. Datta traveling |
|
| Mar 17 |
Spring Break |
|
| Mar 19 |
Spring Break |
|
| Mar 24 |
Midterm Project Progress Presentations |
|
| Mar 26 |
Midterm Project Progress Presentations |
Midterm Project Progress Report Due on Mar 29 |
| Mar 31 |
Enterprise Detection & SIEM
Assigned Readings:
•
You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise Networks
•
How does Endpoint Detection use the MITRE ATT&CK Framework? |
|
| Apr 2 |
ML-based EDR
Assigned Readings:
DrSec: Flexible Distributed Representations for Efficient Endpoint Security
FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning |
|
| Apr 7 |
LLM Agents & Web-Enabled Threats
Assigned Readings:
•
When LLMs Go Online: The Emerging Threat of Web-Enabled LLMs
•
Not What You’ve Signed Up For: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection |
|
| Apr 9 |
Software Supply Chain & LLM Hallucinations
Assigned Readings:
•
We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs
•
Lost at C: A User Study on the Security Implications of Large Language Model Code Assistants |
|
| Apr 14 |
LLM Training & Data Leakage at Scale
Assigned Readings:
•
Extracting Training Data from Large Language Models
•
Scalable Extraction of Training Data from (Production) Language Models |
|
| Apr 16 |
Web Application Attacks & Defenses
Assigned Readings:
•
The Web’s Identity Crisis: Understanding the Effectiveness of Website Identity Indicators
•
Same-Origin Policy: Evaluation in Modern Browsers |
|
| Apr 21 |
DDoS & Amplification Attacks
Assigned Readings:
•
Millions of targets under attack: a macroscopic characterization of the DoS ecosystem
•
Amplification Hell: Revisiting Network Protocols for DDoS Abuse |
|
| Apr 23 |
Content Delivery & Caching Security
Assigned Readings:
•
CDN Judo: Breaking the CDN DoS Protection with Itself
•
Cached and Confused: Web Cache Deception in the Wild |
|
| Apr 28 |
IoT Security at Scale
Assigned Readings:
•
All Things Considered: An Analysis of IoT Devices on Home Networks
•
Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms |
|
| Apr 30 |
Topics chosen by class |
|
| May 5 |
No Class - Work on Final Projects |
|
| May 7 |
Final Project Presentations |
|
| May 10 |
Final Project Reports Due |
|