Course Schedule


Lectures Topics




Tue 8/25 

Class overview, motivation and overview of computer security

Dr. Yinzhi Cao



Thu 8/27 

Software Vulnerability I

Dr. Yinzhi Cao



Tue 9/1 

Software Vulnerability II

Dr. Yinzhi Cao

 HW1 Shellcode out

Thu 9/3

Software Vulnerability Paper Presentation

Defense: Zixun Yang

Offense: Tingzhe Zhou

[Primary] Code-Pointer Integrity, Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer,George Candea, R. Sekar, Dawn Song, OSDI, 2014.


[Secondary] Missing the Point(er): On the Effectiveness of Code Pointer Integrity, Isaac Evans, Sam Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, Hamed Okhravi, IEEE Security and Privacy (Oakland), 2015.

Tue 9/8

Web Security and Privacy I

Dr. Yinzhi Cao


Thu 9/10

Web Security and Privacy II

Dr. Yinzhi Cao


 HW1 Shellcode in

Tue 9/15

Web Paper Presentation I

Defense: Jon Merwine

Offense: Andrew Kline

[Primary] Understanding and Monitoring Embedded Web Scripts, Yuchen Zhou, David Evans, IEEE Security and Privacy (Oakland), 2015.


[Secondary] You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions,
Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna, 19th ACM Conference on Computer and Communications Security (CCS), 2012.

HW2 Buffer overflow out

Thu 9/17

Web Paper Presentation II

Defense: Kavita Jain-Cocks

Offense: Xiang Gao

Ad Injection at Scale: Assessing Deceptive Advertisement Modifications, Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, Moheeb Abu Rajab, IEEE Security and Privacy (Oakland), 2015.


Tue 9/22

Mobile Security and Privacy

 Dr. Yinzhi Cao



Thu 9/24

Mobile Paper Presentation I

Defense: Varun Sharma

Offense: Zixun Yang

EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning, Ruowen Wang, William Enck, Douglas Reeves, Xinwen Zhang,  Peng Ning, Dingbang Xu, Wu Zhou, and Ahmed M. Azab, USENIX Security 2015.  

Tue 9/29 

Mobile Paper Presentation II

Defense: Jinbu Wang

Offense: Eric Stahl

Effective Real-time Android Application Auditing, Mingyuan Xia, Lu Gong, Yuanhao Lyu, Zhengwei Qi, and Xue Liu, IEEE Security and Privacy (Oakland), 2015.

 HW2 Buffer overflow in

Thu 10/1 

Mobile Paper Presentation III

      Defense: Jon Merwine

Offense: Tyler Lewski

PiOS: Detecting Privacy Leaks in iOS Applications, Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna, in Network and Distributed System Security Symposium, NDSS 2011, San Diego, CA, USA, 2011


Tue 10/6

Software-defined Network (SDN)

Dr. Yinzhi Cao


Thu 10/8 

SDN Paper Presentation

Defense: Tyler Lewski

Offense: James Lamberti

[Primary] Securing the Software-Defined Network Control Layer, Phillip Porras, et al., in NDSS'15.


[Secondary] AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks, Seungwon Shin et al, in the Proc. of ACM CCS 2013.

Tue 10/13 

Pacing Break

Thu  10/15 

Mid-term Project Presentation


Tue  10/20 


Dr. Yinzhi Cao


HW3 XSS out

Thu  10/22 

TLS/SSL Paper Presentation I

Defense: Shen Liu

Offense: Zihan Tang

Protocol State Fuzzing of TLS Implementations Joeri de Ruiter,  Erik Poll, USENIX Security 2015.

Tue  10/27 

TLS/SSL Paper Presentation II

Defense: Song Li

Offense: Robert Brotzman - Smith

Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations, Chad Brubaker, Suman Jana, Baishakhi Ray, Sarfraz Khurshid, Vitaly Shmatikov, IEEE Security and Privacy (Oakland), 2014.

Thu  10/29 

Social Network Security

and Firewalls

Dr. Yinzhi Cao


HW3 XSS in

Tue  11/3 

Social Network Security Paper Presentation

Defense: Andrew Kline

Offense: Kavita Jain-Cocks

Whispers in the Dark: Analysis of an Anonymous Social Network, Gang Wang, Bolun Wang, Tianyi Wang, Ana Nika, Haitao Zheng, Ben Y. Zhao 
Proceedings of the 14th ACM SIGCOMM Internet Measurement Conference (IMC). 

HW4 Firewall out

Thu  11/5 

Machine Learning Security

Dr. Yinzhi Cao


Tue  11/10 

Machine Learning Security Paper Presentation I

Defense: Tingzhe Zhou

Offense: Varun Sharma

Practical Evasion of a Learning Based Classifier: A Case Study, Nedim Srndic and Pavel Laskov, IEEE Security and Privacy, 2015.

Thu  11/12 

Machine Learning Security Paper Presentation II

Defense: Robert Brotzman - Smith

Offense: Song Li

Casting out Demons: Sanitizing Training Data for Anomaly Sensors, Gabriela F. Cretu, Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo, Angelos D. Keromytis, in Proceedings of the IEEE Symposium on Security and Privacy, 2008.

Tue  11/17 

Machine Learning Security Paper Presentation III

Defense: Zihan Tang

Offense: Jinbu Wang

Privacy-Preserving Deep Learning, Reza Shokri and Vitaly Shmatikov, CCS 2015.

HW4 Firewall in

Thu  11/19 


Dr. Yinzhi Cao


Tue 11/24 

Privacy Paper Presentation

       Defense: Xiang Gao

Offense: James Lamberti

RAPTOR: Routing Attacks on Privacy in Tor, Yixin Sun, Anne Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, and Prateek Mittal,  USENIX Security 2015.


Thu  11/26 


Tue  12/1 

Final Project Presentation I

Final Report and Deliverable Due

Thu  12/3 

Final Project Presentation II