Topics in Computer Security Readings
Clay Shields, Department of Computer Science, Georgetown University
Return to class page
Topics and Readings
Drinking from the Firehose
Date
Topic
Reading 1
Reading 2
Notes
Jan 9
Class Introduction
Jan 14
Class Intro
Security Overview
Paper Presentations
Why Information Security is Hard: An Economic Perspective
Clay
Chaper 7 of Security Engineering
Reading a Computer Science Research Paper
No presenter nor write up.
The Task of the Referee
No presenter nor write up.
Jan 16
Attacks against Systems
Security Engineering Chapter 23
No write up or presenter.
Experimental Security Analysis of a Modern Automobile
Chris
SUID Programming Part 1 Assigned
Jan 21
No class
Jan 23
Attacks against Systems
Pacemakers and Implantable Cardiac Defibrillators Software Radio Attacks and Zero-Power Defenses
Chris
Weaponizing Femtocells The Effect of Rogue Devices on Mobile Telecommunication
Weitong
SUID Programming Part 1 Due
Project Ideas Out
Jan 28
Attacks against Systems
Chip and PIN is Broken
Chris
OpenConflict Preventing Real Time Map Hacks in Online Games
Henry
SUID Programming Part 2 Assigned
Jan 30
Attacks against Systems
How to Shop for Free Online
Weitong
Class ends early
Feb 4
Responding to attacks
Building an Encrypted and Searchable Audit Log
Xi
NoisyKey Tolerating Keyloggers via Keystrokes Hiding
Henry
Project Proposals Due
Feb 6
Responding to attacks
High Accuracy Attack Provenance via Binary-based Execution Partition
Chris
Inspector Gadget Automated Extraction of Proprietary Gadgets from Malware Binaries
Mark
SUID Programming Part 2 Due
Feb 11
Response/Attacks
Input Generation via Decomposition and Re-Stitching Finding Bugs in Malware
Henry
Buffer Overflows Attacks and Defenses for the Vulnerability of the Decade
Mark
Read
Chapter 4 of Security Engineering
Feb 13
Attacks
Return-Oriented Programming Systems Languages and Applications
Weitong
Automatic Reverse Engineering of Malware Emulators
Clay
Feb 18
No class
Feb 20
Project Proposal Presentations
SUID Programming Part 3 Assigned
Feb 25
Attacks
Before We Knew It An Empirical Study of Zero-Day Attacks In The Real World
Clay
Automatic Patch-Based Exploit Generation is Possible Techniques and Implications
Xi
Feb 27
Attacks
Lest We Remember Cold Boot Attacks on Encryption Keys
Mark
When Firmware Modifications Attack A Case Study of Embedded Exploitation
Xi
Read
Chapter 16 of Security Engineering
Mar 4
No Class
Mar 6
No class
Mar 11
Silencing Hardware Backdoors
Clay
Keyboard Acoustic Emanations Revisited
Mark
Mar 13
Collaborative TCP Sequence Number Inference Attack How to Crack Sequence Number Under A Second
Weitong
Bootstrapping Trust in Commodity Computers
Henry
Mar 18
Native Client- A Sandbox for Portable, Untrusted x86 Native Code
Weitong
User-Driven Access Control Rethinking Permission Granting in Modern Operating Systems
Clay
SUID Programming Part 4 Assigned
Mar 20
Project Presentations
Mar 25
Operating System Framed in Case of Mistaken Identity
Xi
None
Mar 27
Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords
Henry
The Security of Modern Password Expiration An Algorithmic Framework and Empirical Analysis
Chris
Apr 1
No class
Apr 3
A Survey of Mobile Malware in the Wild
Clay
SubVirt- Implementing malware with virtual machines
Weitong
Apr 8
Measuring Pay-per-Install- The Commoditization of Malware Distribution
Chris
Spamalytics An Empirical Analysis of Spam Marketing Conversion
Mark
Apr 10
Dispatcher Enabling Active Botnet Infiltration using Automatic Protocol Reverse-Engineering
Xi
Your Botnet is My Botnet Analysis of a Botnet Takeover
Mark
Apr 15
Above the Clouds A Berkeley View of Cloud Computing
Chris
Hey You Get Off of My Cloud Exploring Information Leakage in Third-Party Compute Clouds
Henry
Apr 17
Resource-Freeing Attacks Improve Your Cloud Performance
Xi
Tor HTTP Usage and Information Leakage
Mark
Apr 22
Fully distributed authentication with locality exploitation for the CoDiP2P peer-to-peer computing platform
Weitong
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
Henry
Apr 24
Clickjacking: Attacks and Defenses
Xi
Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security
Chris
Apr 29
Project Presentations