CS 668: Advanced Topics in Software Security: Syllabus

Week 1

Tue, Jan. 29

No class
No reading.

Thu, Jan. 31

No class
No reading.

Week 2

Tue, Feb. 05

Introduction
No reading.

Thu, Feb. 07

Michael Rushanan
Reading:

K. Bhargavan and A. Delignat-Lavaud Web-based Attacks on Host-Proof Encrypted Storage

Week 3

Tue, Feb. 12

Christina Garman
Reading:

C.V. Wright et al. Spot me if you can: Uncovering spoken phrases in encrypted VoIP conversations
C.V. Wright et al. Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? (no summary required)
A. White et al. Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks (no summary required)

Thu, Feb. 14

Paul Martin
Reading:

J. Jiang et al. ~~Ghost Domain Names: Revoked Yet Still Resolvable~~
D. Dagon et al. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority (no summary required)

Week 4

Tue, Feb. 19

Kieran Magee
Reading:

G. Nakibly et al. Persistent OSPF Attacks

Thu, Feb. 21

Steven Presser
Reading:

N. Golde et al. Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications

Week 5

Tue, Feb. 26

Aditya Kamalakkannan
Reading:

H. Lee et al. Gatling: Automatic Attack Discovery in Large-Scale Distributed Systems

Thu, Feb. 28

Matt Brocker
Reading:

B. Driessen et al. Don't Trust Satellite Phones: A Security Analysis of Two Satphone Standards

Week 6

Tue, Mar. 05

Madeline Stone
Reading:

S. Jana and V. Shmatikov Memento: Learning Secrets from Process Footprints

Thu, Mar. 07

No class
No reading.

Week 7

Tue, Mar. 12

Kartik Thapar
Reading:

MDSec ~~iOS Application (In)Security~~
D. Blazakis ~~The Apple Sandbox~~ (no summary required)

Thu, Mar. 14

Stephen Checkoway
Reading:

S. Checkoway and H. Shacham. Iago Attacks: Why The System Call API Is a Bad Untrusted RPC Interface

Week 8

Tue, Mar. 19

Spring break
No reading.

Thu, Mar. 21

Spring break
No reading.

Week 9

Tue, Mar. 26

Ankur Almadi
Reading:

L.-S. Huang et al. Clickjacking: Attacks and Defenses

Thu, Mar. 28

Balaji Dhamodharaswamy
Reading:

C. Giuffrida et al. Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization

Week 10

Tue, Apr. 02

Bakul Singhal
Reading:

N. Carlini et al. An Evaluation of the Google Chrome Extension Security Architecture

Thu, Apr. 04

Anupam Mehta
Reading:

N. Heninger et al. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

Week 11

Tue, Apr. 09

Sandeep Savarala
Reading:

L. Liu et al. Chrome Extensions: Threat Analysis and Countermeasures

Thu, Apr. 11

Lalit Jagotra
Reading:

V. Pappas et al. Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization

Week 12

Tue, Apr. 16

Deeba Azmath
Reading:

T. Nighswander et al. GPS Software Attacks

Thu, Apr. 18

Yashvier Kosaraju
Reading:

N.J. AlFardan and K.G. Paterson Lucky Thirteen: Breaking the TLS and DTLS Record Protocols

Week 13

Tue, Apr. 23

Amritha Kalathummarath
Reading:

Z. Qian and Z.M. Mao Off-Path TCP Sequence Number Inference Attack: How Firewall Middleboxes Reduce Security

Thu, Apr. 25

No class
No reading.

Week 14

Tue, Apr. 30

Kartik Thapar
Reading:

C. Grier et al. @spam: The Underground on 140 Characters or Less

Thu, May. 02

Ian Miers
Reading:

I. Miers et al. Zerocoin: Anonymous Distributed E-Cash from Bitcoin