Schedule #
Note: You should never need to pay to download an article from the reading (e.g., from the ACM Digital Library). If you are on campus, you wonโt be prompted to purchase articles. If you are off campus, you can go through the University Library. Alternatively, you can use the library’s EZproxy. You can even define a Chrome bookmark in your bookmark bar to automatically redirect the current page through the EZProxy.
|
|
Deadlines #
- Intro: Fri, Aug 30 - 11:59pm (in
- Midterm: Wed, Oct 9 - 11:45am (in
- Final: Mon, Dec 9 - 12:00pm (in
- Mini-Projects:
- Research Project:
Week 1 #
Monday, 2024-08-19 - Friday, 2024-08-23
- ๐ Ken Thompson, Reflections on Trusting Trust., Turing Award Lecture, 1983.
- ๐ Michael J. Hanson, Efficient Reading of Papers in Science and Technology, University of Washington, 1989.
- ๐ฎ Tools and Jewels, Ch 1
- ๐ Pfleeger and Cunningham, Why Measuring Security Is Hard, IEEE Security & Privacy Magazine, Volume 8, Issue 4, 2010.
Week 2 #
Monday, 2024-08-26 - Friday, 2024-08-30
- ๐ Egele et al., An Empirical Study of Cryptographic Misuse in Android Applications, ACM CCS, 2013.
- ๐ฎ Tools and Jewels, Ch 2.1-2.2
- ๐ R. Anderson, Why cryptosystems fail, ACM CCS, 1993.
- ๐ Namprempre et al., Reconsidering Generic Composition, EuroCrypt, 2014.
- ๐ฎ Tools and Jewels, Ch 2.5-2.7
Week 3 #
Monday, 2024-09-02 - Friday, 2024-09-06
- ๐ฎ Tools and Jewels, Ch 2.3-2.4
- ๐ Boneh, Twenty years of attacks on the RSA cryptosystem, Notices of AMS, 46(2), 1999.
Week 4 #
Monday, 2024-09-09 - Friday, 2024-09-13
- ๐ Adrian et al., Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice, ACM CCS, 2015.
- ๐ฎ Tools and Jewels, Ch 4.3, Ch 8
- ๐ Stark et al., Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate., IEEE S&P, 2019.
- ๐ Li et al., The Emperorโs New Password Manager: Security Analysis of Web-based Password Managers., USENIX Security, 2014.
- ๐ฎ Tools and Jewels, Ch 3
- ๐ Kelley et al., Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms., IEEE S&P, 2012.
- ๐ Florencio et al., An Administrator's Guide to Internet Password Research., LISA, 2014.
Week 5 #
Monday, 2024-09-16 - Friday, 2024-09-20
- ๐ Fett et al., A Comprehensive Formal Security Analysis of OAuth 2.0, ACM CCS, 2016.
- ๐ฎ Tools and Jewels, Ch 4
- ๐ Designing an Authentication System: A Dialogue in Four Scenes
- ๐ Lowe, An attack on the Needham-Schroeder public-key authentication protocol, Information Processing Letters. 56(3), 1995.
- ๐ Neuman and Ts'o, Kerberos: An Authentication Service for Computer Networks, IEEE Communications, 32(9), 1994.
- ๐ Jero et al., Identifier Binding Attacks and Defenses in Software-Defined Networks, USENIX Security, 2017.
- ๐ฎ Tools and Jewels, Ch 11.3-11.7
- ๐ Saltzer et al., End-to-end arguments in system design, ACM ToCS. 2(4), 1984.
Week 6 #
Monday, 2024-09-23 - Friday, 2024-09-27
- ๐ Cremers et al., A Comprehensive Symbolic Analysis of TLS 1.3, ACM CCS, 2017.
- ๐ฎ Tools and Jewels, Ch 9.2
- ๐ The Illustrated TLS Connection
- ๐ Goldberg, Why is it Taking so Long to Secure Internet Routing?, Communications of the ACM. 57(10), 2014.
Week 7 #
Monday, 2024-09-30 - Friday, 2024-10-04
- ๐ Man et al., DNS Cache Poisoning Attack: Resurrections with Side Channels, ACM CCS, 2021.
- ๐ Wool, A quantitative study of firewall configuration errors, IEEE Computer, 37(6), 2005.
- ๐ฎ Tools and Jewels, Ch 10
Week 8 #
Monday, 2024-10-07 - Friday, 2024-10-11
Midterm Exam (11:45am) #
- 11:45am - 1:00pm (during class time)
- Allowed resources:
- One hand-written, double sided, 8.5"x11" sized sheet with personal notes
- Calculator (no internet access!)
Week 9 #
Monday, 2024-10-14 - Friday, 2024-10-18
Week 10 #
Monday, 2024-10-21 - Friday, 2024-10-25
- ๐ฎ Tools and Jewels, Ch 6
- ๐ฎ Younan et al., [Chapter 2 and Section 3.6] Code Injection in C and C++: A Survey of Vulnerabilities and Countermeasures
- ๐ NSF SEED Labs - Software Security Labs
Week 11 #
Monday, 2024-10-28 - Friday, 2024-11-01
- ๐ Krohn et al., Information Flow Control for Standard OS Abstractions, SOSP, 2007.
- ๐ฎ Jaeger, Operating System Security, Chapters 1, 2, and 5.
- ๐ Saltzer and Schroeder, [Part 1.A Only] The Protection of Information in Computer Systems., Proceedings of the IEEE, 63(9), 1975.
- ๐ Sun et al., Security Namespace: Making Linux Security Frameworks Available to Containers, USENIX Security, 2018.
- ๐ฎ Tools and Jewels, Ch 5
- ๐ฎ Jaeger, Operating System Security, Chapters 3, 4, and 10
- ๐ Karger and Schell, Thirty Years Later: Lessons from the Multics Security Evaluation, ACSAC, 2002.
- ๐ Wulf et al., HYDRA: the kernel of a multiprocessor operating system, Communications of the ACM, 17(6), 1974.
Week 12 #
Monday, 2024-11-04 - Friday, 2024-11-08
- ๐ Azad et al., Less is More: Quantifying the Security Benefits of Debloating Web Applications, USENIX Security, 2019.
- ๐ฎ Tools and Jewels, Ch 9
- ๐ Deshotels et al., SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles, ACM CCS, 2016.
- ๐ Mayrhofer et al., The Android Platform Security Model, arXiv:1904.05572, 2023.
Week 13 #
Monday, 2024-11-11 - Friday, 2024-11-15
- ๐ Arnautov et al., SCONE: Secure Linux Containers with Intel SGX, USENIX OSDI, 2016.
- ๐ฎ Jaeger, Operating System Security, Chapter 11
- ๐ Li, Shim Shimmeny: Evaluating the Security and Privacy Contributions of Link Shimming in the Modern Web, USENIX Security, 2020.
- ๐ EFF, [Part 1] Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance, 2019.
- ๐ Nikiforakis et al., Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting, IEEE S&P, 2013.
- ๐ Roesner et al., ShareMeNot: Balancing Privacy and Functionality of Third-Party Social Widgets, ;login: Magazine, 2012.
- ๐ Acar et al., The Web Never Forgets: Persistent Tracking Mechanisms in the Wild, ACM CCS, 2014.
- ๐ Privacy Violations Using Microtargeted Ads: A Case Study, ICDMW, 2010.
Week 14 #
Monday, 2024-11-18 - Friday, 2024-11-22
- ๐ Reardon et al., 50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System, USENIX Security, 2019.
- ๐ NY Times, Twelve Million Phones, One Dataset, Zero Privacy
- ๐ Enck et al., TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, OSDI, 2010.
- ๐ Wei et al., Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps., ACM TOPS, 2018.
- ๐ Perta et al., A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients., PETS, 2015.
- ๐ Dingledine et al., Tor: The second-generation onion router, USENIX Security, 2004.
Week 15 #
Monday, 2024-11-25 - Friday, 2024-11-29
Week 16 #
Monday, 2024-12-02 - Friday, 2024-12-06
Week 17 #
Monday, 2024-12-09 - Friday, 2024-12-13
Final Exam (12:00n – 2:30pm) #
- 150 min exam duration
- Final exam is cumulative
- 1230 Engineering Building 2 (same room as class)
- Allowed resources:
- Two hand-written, double sided, 8.5"x11" sized sheet with personal notes
- Calculator (no internet access!)