CS 343 Lectures

Course Schedule

Date	Lectures Topics	Presenter	Reading	Assignment
Tue 8/25	Class overview, motivation and overview of computer security	Dr. Yinzhi Cao [ppt]
Thu 8/27	Software Vulnerability I	Dr. Yinzhi Cao [ppt]
Tue 9/1	Software Vulnerability II	Dr. Yinzhi Cao		HW1 Shellcode out
Thu 9/3	Software Vulnerability Paper Presentation	Defense: Zixun Yang Offense: Tingzhe Zhou	[Primary] Code-Pointer Integrity, Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer,George Candea, R. Sekar, Dawn Song, OSDI, 2014. [Secondary] Missing the Point(er): On the Effectiveness of Code Pointer Integrity, Isaac Evans, Sam Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, Hamed Okhravi, IEEE Security and Privacy (Oakland), 2015.
Tue 9/8	Web Security and Privacy I	Dr. Yinzhi Cao [ppt]
Thu 9/10	Web Security and Privacy II	Dr. Yinzhi Cao		HW1 Shellcode in
Tue 9/15	Web Paper Presentation I	Defense: Jon Merwine Offense: Andrew Kline	[Primary] Understanding and Monitoring Embedded Web Scripts, Yuchen Zhou, David Evans, IEEE Security and Privacy (Oakland), 2015. [Secondary] You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions, Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna, 19th ACM Conference on Computer and Communications Security (CCS), 2012.	HW2 Buffer overflow out
Thu 9/17	Web Paper Presentation II	Defense: Kavita Jain-Cocks Offense: Xiang Gao	Ad Injection at Scale: Assessing Deceptive Advertisement Modifications, Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, Moheeb Abu Rajab, IEEE Security and Privacy (Oakland), 2015.
Tue 9/22	Mobile Security and Privacy	Dr. Yinzhi Cao [ppt]
Thu 9/24	Mobile Paper Presentation I	Defense: Varun Sharma Offense: Zixun Yang	EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning, Ruowen Wang, William Enck, Douglas Reeves, Xinwen Zhang, Peng Ning, Dingbang Xu, Wu Zhou, and Ahmed M. Azab, USENIX Security 2015.
Tue 9/29	Mobile Paper Presentation II	Defense: Jinbu Wang Offense: Eric Stahl	Effective Real-time Android Application Auditing, Mingyuan Xia, Lu Gong, Yuanhao Lyu, Zhengwei Qi, and Xue Liu, IEEE Security and Privacy (Oakland), 2015.	HW2 Buffer overflow in
Thu 10/1	Mobile Paper Presentation III	Defense: Jon Merwine Offense: Tyler Lewski	PiOS: Detecting Privacy Leaks in iOS Applications, Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna, in Network and Distributed System Security Symposium, NDSS 2011, San Diego, CA, USA, 2011
Tue 10/6	Software-defined Network (SDN)	Dr. Yinzhi Cao [ppt]
Thu 10/8	SDN Paper Presentation	Defense: Tyler Lewski Offense: James Lamberti	[Primary] Securing the Software-Defined Network Control Layer, Phillip Porras, et al., in NDSS'15. [Secondary] AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks, Seungwon Shin et al, in the Proc. of ACM CCS 2013.
Tue 10/13	Pacing Break
Thu 10/15	Mid-term Project Presentation	TBA
Tue 10/20	TLS/SSL	Dr. Yinzhi Cao [ppt]		HW3 XSS out
Thu 10/22	TLS/SSL Paper Presentation I	Defense: Shen Liu Offense: Zihan Tang	Protocol State Fuzzing of TLS Implementations Joeri de Ruiter, Erik Poll, USENIX Security 2015.
Tue 10/27	TLS/SSL Paper Presentation II	Defense: Song Li Offense: Robert Brotzman - Smith	Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations, Chad Brubaker, Suman Jana, Baishakhi Ray, Sarfraz Khurshid, Vitaly Shmatikov, IEEE Security and Privacy (Oakland), 2014.
Thu 10/29	Social Network Security and Firewalls	Dr. Yinzhi Cao [ppt]		HW3 XSS in
Tue 11/3	Social Network Security Paper Presentation	Defense: Andrew Kline Offense: Kavita Jain-Cocks	Whispers in the Dark: Analysis of an Anonymous Social Network, Gang Wang, Bolun Wang, Tianyi Wang, Ana Nika, Haitao Zheng, Ben Y. Zhao Proceedings of the 14th ACM SIGCOMM Internet Measurement Conference (IMC).	HW4 Firewall out
Thu 11/5	Machine Learning Security	Dr. Yinzhi Cao [ppt]
Tue 11/10	Machine Learning Security Paper Presentation I	Defense: Tingzhe Zhou Offense: Varun Sharma	Practical Evasion of a Learning Based Classifier: A Case Study, Nedim Srndic and Pavel Laskov, IEEE Security and Privacy, 2015.
Thu 11/12	Machine Learning Security Paper Presentation II	Defense: Robert Brotzman - Smith Offense: Song Li	Casting out Demons: Sanitizing Training Data for Anomaly Sensors, Gabriela F. Cretu, Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo, Angelos D. Keromytis, in Proceedings of the IEEE Symposium on Security and Privacy, 2008.
Tue 11/17	Machine Learning Security Paper Presentation III	Defense: Zihan Tang Offense: Jinbu Wang	Privacy-Preserving Deep Learning, Reza Shokri and Vitaly Shmatikov, CCS 2015.	HW4 Firewall in
Thu 11/19	Privacy	Dr. Yinzhi Cao [ppt]
Tue 11/24	Privacy Paper Presentation	Defense: Xiang Gao Offense: James Lamberti	RAPTOR: Routing Attacks on Privacy in Tor, Yixin Sun, Anne Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, and Prateek Mittal, USENIX Security 2015.
Thu 11/26	Holiday
Tue 12/1	Final Project Presentation I			Final Report and Deliverable Due
Thu 12/3	Final Project Presentation II