Return to class page

Topics and Readings

Date Topic Reading 1 Reading 2 Notes
8/28/14 Class Intro

 
9/2/14 Class Intro
Security Overview
Paper Presentations		 Why Information Security is Hard: An Economic Perspective
Clay

Chapter 7 of Security Engineering

 Reading a Computer Science Research Paper
No presenter nor write up.

The Task of the Referee
No presenter nor write up.

  
9/4/14 Attacks against systems Experimental Security Analysis of a Modern Automobile
Tavish		 Chapter 23 of Secuirty Engineering
  
9/9/14   Pacemakers and Implantable Cardiac Defibrillators Software Radio Attacks and Zero-Power Defenses
Akshaya		 Weaponizing Femtocells The Effect of Rogue Devices on Mobile Telecommunication
 SUID Project Part 1 Assigned
9/11/14   Chip and Pin is Broken
Yuankai		 Security Analysis of the Estonian Internet Voting System
  
9/16/14   From the Aether to the Ethernet-Attacking the Internet using Broadcast Digital Television
Brendan		 Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse
Fa		 Project Ideas out
9/18/14 Responses Building an Encrypted and Searchable Audit Log
Mohammed		 Noisy Key: Tolerating Keyloggers via Keystroke Hiding
Diwen		 Read Chapter 4 of Security Engineering
SUID Project Part 1 In
SUID Project Part 2 out
9/23/14   Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries Inspector Gadget:Automated Extraction of Proprietary Gadgets from Malware Binaries
Zimo		 Input Generation via Decomposition and Re-Stitching:Finding Bugs in Malware
Elchin		 Read Chapter 18 of Security Engineering
9/25/14 Software Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
Yingyu		 Return-Oriented Programming:Systems, Languages, and Applications
Clay		 Avoiding the top 10 Software Security Flaws
9/30/14   Hacking Blind
Brendan		 ROP is Still Dangerous: Breaking Modern Defenses
Shiqi		  
10/2/14   ROPecker: A Generic and Practical Approach for Defending Against ROP Attacks
Zimo		 Code Breaking
Clay		 Project Proposals due
SUID Project part 2 in
SUID project part 3 out
10/7/14 No Class

 
10/9/14 No Class

 
10/14/14   Before We Knew It:An Empirical Study of Zero-Day Attacks In The Real World
Jie		 Automatic Patch-Based Exploit Generation is Possible:Techniques and Implications
Akshaya		  
10/16/14 Firmware When Firmware Modifications Attack:A Case Study of Embedded Exploitation
Hongkai		 Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks
Shaochen		 SUID project part 3 in
Read Chapter 16 of Security Engineering
10/21/14   A Large-Scale Analysis of the Security of Embedded Firmwares
Brendan		 iSeeYou: Disabling the MacBook Webcam Indicator LED
Yuankai		  
10/23/14 Hardware Lest We Remember: Cold Boot Attacks on Encryption Keys
Fa		 Silencing Hardware Backdoors
Zhengning		  
10/28/14 Passwords Bootstrapping Trust in Commodity Computers
Yingyu		 Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords
Jie		  
10/30/14   Password Managers: Attacks and Defenses
Shaochen		 The Tangled Web of Password Reuse
Hongkai		 SUID project part 4 out
11/4/14 Side channels From Very Weak to Very Strong:Analyzing Password-Strength Meters
Yunyun		 Keyboard Acoustic Emanations Revisited
Diwen		 Read Chapter 17 of Security Engineering
11/6/14   AccelPrint- Imperfections of Accelerometers Make Smartphones Trackable
Yuankai		 Do You Hear What I Hear? Fingerprinting Smart Devices Through Embedded Acoustic Components
Zhengning		  
11/11/14 Malware Persistent Data-only Malware- Function Hooks without Code.pdf
Yunyun		 SubVirt: Implementing malware with virtual machines
Tavish		 Project Progress Report due
11/13/14   Your Botnet is My Botnet: Analysis of a Botnet Takeover
Mohammed		 Measuring Pay-per-Install: The Commoditization of Malware Distribution
Akshaya		 SUID project Part 4 in
11/18/14 Currencies Smartphones as Practical and Secure Location Verification Tokens for Payments
Shiqi		 Deanonymisation of clients in Bitcoin P2P network
Tavish		  
11/20/14 PhD Student Selected Papers Zerocoin: Anonymous Distributed E-Cash from Bitcoin
Elchin		 DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse
Akshaya
11/25/14   The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software
Mohammad		 Watching the Watchers: Automatically Inferring TV Content From Outdoor Light Effusions
Tavish		 E-Passport: Cracking Basic Access Control Keys
Elchin
11/27/14 No Class - Thanksgiving break

 
12/2/14   Code-Pointer Integrity
Brendan		 A11y Attacks: Exploiting Accessibility in Operating Systems
Yuankai		  
12/4/14  

Project presentations
12/5/14, 1 - 3:30  

Project presentations
12/19/14, 10:00  

Project reports due