Schedule

This schedule is subject to change. Please check back frequently.


Date Topics and Readings Deadlines
Jan 29 Course Overview & Syllabus
No required reading
Feb 3 Introductory Topics
No required reading
Feb 5 Class cancelled
Feb 10 Pitch your project to class!
Feb 12 Cloud Security Measurements
Paper Discussions led by Prof. Datta:
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Peeking Behind the Curtains of Serverless Platforms
Project Proposal Due on Feb 15th
Feb 17 Cloud Infrastructure Security & Heterogeneity
Assigned Readings:
HeteroScore: Evaluating and Mitigating Cloud Security Threats Brought by Heterogeneity
Zanzibar: Google’s Consistent, Global Authorization System
Feb 19 Monday class schedule will be followed
Feb 24 Cloud Access Control & Credentials
Assigned Readings:
Credit Karma: Understanding Security Implications of Exposed Cloud Services through Automated Capability Inference
Stateful Least Privilege Authorization for the Cloud
Feb 26 Container Isolation Attacks
Assigned Readings:
Cross Container Attacks: The Bewildered eBPF on Clouds
Attacks are Forwarded: Breaking the Isolation of MicroVM-based Containers Through Operation Forwarding
Mar 3 Excessive Permissions & Secret Management
Assigned Readings:
Take Over the Whole Cluster: Attacking Kubernetes via Excessive Permissions of Third-party Applications
The File That Contained the Keys Has Been Removed: An Empirical Analysis of Secret Leaks in Cloud Buckets and Responsible Disclosure Outcomes
Mar 5 Microservice Vulnerabilities
Assigned Readings:
Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Applications
XRay: Enhancing the Web’s Transparency with Differential Correlation
Mar 10 Network Attack Detection at Scale
Assigned Readings:
Enhancing Network Attack Detection with Distributed and In-Network Data Collection System
AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks
Mar 12 No class, Prof. Datta traveling
Mar 17 Spring Break
Mar 19 Spring Break
Mar 24 Midterm Project Progress Presentations
Mar 26 Midterm Project Progress Presentations Midterm Project Progress Report Due on Mar 29
Mar 31 Enterprise Detection & SIEM
Assigned Readings:
You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise Networks
How does Endpoint Detection use the MITRE ATT&CK Framework?
Apr 2 ML-based EDR
Assigned Readings:
DrSec: Flexible Distributed Representations for Efficient Endpoint Security
FLASH: A Comprehensive Approach to Intrusion Detection via Provenance Graph Representation Learning
Apr 7 LLM Agents & Web-Enabled Threats
Assigned Readings:
When LLMs Go Online: The Emerging Threat of Web-Enabled LLMs
Not What You’ve Signed Up For: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection
Apr 9 Software Supply Chain & LLM Hallucinations
Assigned Readings:
We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs
Lost at C: A User Study on the Security Implications of Large Language Model Code Assistants
Apr 14 LLM Training & Data Leakage at Scale
Assigned Readings:
Extracting Training Data from Large Language Models
Scalable Extraction of Training Data from (Production) Language Models
Apr 16 Web Application Attacks & Defenses
Assigned Readings:
The Web’s Identity Crisis: Understanding the Effectiveness of Website Identity Indicators
Same-Origin Policy: Evaluation in Modern Browsers
Apr 21 DDoS & Amplification Attacks
Assigned Readings:
Millions of targets under attack: a macroscopic characterization of the DoS ecosystem
Amplification Hell: Revisiting Network Protocols for DDoS Abuse
Apr 23 Content Delivery & Caching Security
Assigned Readings:
CDN Judo: Breaking the CDN DoS Protection with Itself
Cached and Confused: Web Cache Deception in the Wild
Apr 28 IoT Security at Scale
Assigned Readings:
All Things Considered: An Analysis of IoT Devices on Home Networks
Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms
Apr 30 Topics chosen by class
May 5 No Class - Work on Final Projects
May 7 Final Project Presentations
May 10 Final Project Reports Due

Next