Return to class page

Topics and Readings

Date Topic Reading 1 Reading 2 Notes
8/28/14 Class Intro

 
9/2/14 Class Intro
Security Overview
Paper Presentations
Why Information Security is Hard: An Economic Perspective
Clay

Chapter 7 of Security Engineering

Reading a Computer Science Research Paper
No presenter nor write up.

The Task of the Referee
No presenter nor write up.

 
9/4/14 Attacks against systems Experimental Security Analysis of a Modern Automobile
Tavish
Chapter 23 of Secuirty Engineering
 
9/9/14   Pacemakers and Implantable Cardiac Defibrillators Software Radio Attacks and Zero-Power Defenses
Akshaya
Weaponizing Femtocells The Effect of Rogue Devices on Mobile Telecommunication
SUID Project Part 1 Assigned
9/11/14   Chip and Pin is Broken
Yuankai
Security Analysis of the Estonian Internet Voting System
 
9/16/14   From the Aether to the Ethernet-Attacking the Internet using Broadcast Digital Television
Brendan
Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse
Fa
Project Ideas out
9/18/14 Responses Building an Encrypted and Searchable Audit Log
Mohammed
Noisy Key: Tolerating Keyloggers via Keystroke Hiding
Diwen
Read Chapter 4 of Security Engineering
SUID Project Part 1 In
SUID Project Part 2 out
9/23/14   Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries Inspector Gadget:Automated Extraction of Proprietary Gadgets from Malware Binaries
Zimo
Input Generation via Decomposition and Re-Stitching:Finding Bugs in Malware
Elchin
Read Chapter 18 of Security Engineering
9/25/14 Software Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
Yingyu
Return-Oriented Programming:Systems, Languages, and Applications
Clay
Avoiding the top 10 Software Security Flaws
9/30/14   Hacking Blind
Brendan
ROP is Still Dangerous: Breaking Modern Defenses
Shiqi
 
10/2/14   ROPecker: A Generic and Practical Approach for Defending Against ROP Attacks
Zimo
Code Breaking
Clay
Project Proposals due
SUID Project part 2 in
SUID project part 3 out
10/7/14 No Class

 
10/9/14 No Class

 
10/14/14   Before We Knew It:An Empirical Study of Zero-Day Attacks In The Real World
Jie
Automatic Patch-Based Exploit Generation is Possible:Techniques and Implications
Akshaya
 
10/16/14 Firmware When Firmware Modifications Attack:A Case Study of Embedded Exploitation
Hongkai
Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks
Shaochen
SUID project part 3 in
Read Chapter 16 of Security Engineering
10/21/14   A Large-Scale Analysis of the Security of Embedded Firmwares
Brendan
iSeeYou: Disabling the MacBook Webcam Indicator LED
Yuankai
 
10/23/14 Hardware Lest We Remember: Cold Boot Attacks on Encryption Keys
Fa
Silencing Hardware Backdoors
Zhengning
 
10/28/14 Passwords Bootstrapping Trust in Commodity Computers
Yingyu
Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords
Jie
 
10/30/14   Password Managers: Attacks and Defenses
Shaochen
The Tangled Web of Password Reuse
Hongkai
SUID project part 4 out
11/4/14 Side channels From Very Weak to Very Strong:Analyzing Password-Strength Meters
Yunyun
Keyboard Acoustic Emanations Revisited
Diwen
Read Chapter 17 of Security Engineering
11/6/14   AccelPrint- Imperfections of Accelerometers Make Smartphones Trackable
Yuankai
Do You Hear What I Hear? Fingerprinting Smart Devices Through Embedded Acoustic Components
Zhengning
 
11/11/14 Malware Persistent Data-only Malware- Function Hooks without Code.pdf
Yunyun
SubVirt: Implementing malware with virtual machines
Tavish
Project Progress Report due
11/13/14   Your Botnet is My Botnet: Analysis of a Botnet Takeover
Mohammed
Measuring Pay-per-Install: The Commoditization of Malware Distribution
Akshaya
SUID project Part 4 in
11/18/14 Currencies Smartphones as Practical and Secure Location Verification Tokens for Payments
Shiqi
Deanonymisation of clients in Bitcoin P2P network
Tavish
 
11/20/14 PhD Student Selected Papers Zerocoin: Anonymous Distributed E-Cash from Bitcoin
Elchin
DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse
Akshaya
11/25/14   The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software
Mohammad
Watching the Watchers: Automatically Inferring TV Content From Outdoor Light Effusions
Tavish
E-Passport: Cracking Basic Access Control Keys
Elchin
11/27/14 No Class - Thanksgiving break

 
12/2/14   Code-Pointer Integrity
Brendan
A11y Attacks: Exploiting Accessibility in Operating Systems
Yuankai
 
12/4/14  

Project presentations
12/5/14, 1 - 3:30  

Project presentations
12/19/14, 10:00  

Project reports due