CS 594: Advanced Computer Security: Readings

Week 1

Tue, Jan. 12

Introduction
No reading.

Thu, Jan. 14

Low-level system security
Reading:

Szekeres et al. SoK: Eternal War in Memory

Week 2

Tue, Jan. 19

Low-level system security
Reading:

Carlini and Wagner ROP is Still Dangerous: Breaking Modern Defenses
Schuster et al. Counterfeit Object-oriented Programming

Thu, Jan. 21

Low-level system security
Reading:

Carlini et al. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity
Hu et al. Automatic Generation of Data-Oriented Exploits

Week 3

Tue, Jan. 26

Class is cancelled
No reading.

Thu, Jan. 28

Low-level system security
Reading:

Di Federico et al. How the ELF Ruined Christmas
Bittau et al. Hacking Blind

Week 4

Tue, Feb. 02

Mobile security
Reading:

Grace et al. RiskRanker: Scalable and Accurate Zero-day Android Malware Detection
Vidas and Christin Sweetening Android Lemon Markets: Measuring and Combating Malware in Application Marketplaces

Thu, Feb. 04

Class is cancelled
No reading.

Week 5

Tue, Feb. 09

TLS
Reading:

Moller et al. This POODLE Bites: Exploiting The SSL 3.0 Fallback
Beurdouche et al. A Messy State of the Union: Taming the Composite State Machines of TLS

Thu, Feb. 11

Return of Low-level system security
Reading:

Song et al. Enforcing Kernel Security Invariants with Data Flow Integrity
Zhang et al. VTrust: Regaining Trust on Virtual Calls

Week 6

Tue, Feb. 16

TLS
Reading:

Duong and Rizzo Here Come The ⊕ Ninjas
TBD

Thu, Feb. 18

Project work day
No reading.

Week 7

Tue, Feb. 23

TLS
Reading:

Adrian et al. Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Thu, Feb. 25

VPNs
Reading:

Paper sent via email

Week 8

Tue, Mar. 01

TLS
Reading:

Garman, Paterson, and Van der Merwe Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS

Thu, Mar. 03

TLS
Reading:

Vanhoef and Piessens All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS

Week 9

Tue, Mar. 08

TLS
Reading:

Aviram et al. DROWN: Breaking TLS using SSLv2

Thu, Mar. 10

Embedded systems
Reading:

Costin et al. A Large-Scale Analysis of the Security of Embedded Firmwares

Week 10

Tue, Mar. 15

Privacy
Reading:

Polakis et al. Where's Wally? Precise User Discovery Attacks in Location Proximity Services

Thu, Mar. 17

Privacy
Reading:

Ilia et al. Face/Off: Preventing Privacy Leakage From Photos in Social Networks

Week 11

Tue, Mar. 22

Spring break
No reading.

Thu, Mar. 24

Spring break
No reading.

Week 12

Tue, Mar. 29

Integrated circuits
Reading:

Rajendran et al. Security Analysis of Integrated Circuit Camouflaging

Thu, Mar. 31

Cookies
Reading:

Paper sent via email.

Week 13

Tue, Apr. 05

Passwords
Reading:

Ur et al. Measuring Real-World Accuracies and Biases in Modeling Password Guessability

Thu, Apr. 07

Passwords
Reading:

Ur et al. Do Users’ Perceptions of Password Security Match Reality?

Week 14

Tue, Apr. 12

Misc
Reading:

Tischer et al. Users Really Do Plug in USB Drives They Find

Thu, Apr. 14

Misc
Reading:

Nakibly et al. Website-Targeted False Context Injection by Network Operators

Week 15

Tue, Apr. 19

Misc
Reading:

Georgiev and Shmatikov Gone in Six Characters: Short URLs Considered Harmful for Cloud Services

Thu, Apr. 21

Project work day
No reading.

Week 16

Tue, Apr. 26

Project work day
No reading.

Thu, Apr. 28

Project presentations
No reading.