EE 515/IS 523: Security 101: Think Like an Adversary

Calendar (subject to change depending on schdule)

9/3/2012

• Topic: Introduction
  
• Slides: ppt
  
• Presenter: Yongdae Kim
  

9/5/2012

• Topic: Introduction to Security Engineering
  
• Presenter: Yongdae Kim
• Slides: ppt
  
• Reading List: "What is Security Engineering?" by Ross Anderson
  

9/10/2012

• Topic: Attack Model/Security Economics/Legal Issues/Ethics
  
• Presenter: Yongdae Kim
  

• Slides: ppt
  
• News Posting: Sungjae Hwang
  

9/12/2012

• Topic: Crytography in a Nutshell
  
• Presenter: Yongdae Kim
  
• Slides: ppt
  
• Reading List: "Overview of Cryptography" in Handbook of Applied Cryptography
  

• News Posting: Jongil Won
  

9/17/2012

• Topic: Access Control in a Nutshell
  
• Presenter: Yongdae Kim
  
• Assignment: Project Preproposal
  
• Slides: ppt
  
• Reading List: "Access Control" by Ross Anderson
  

• News Posting: Byeong Do Hong

9/19/2012

• Topic: User Interface and Psychological Failures 1
  
• Presenter: Yongdae Kim
  
• Slides: ppt
  
• Reading List: "Usability and Psychology" by Ross Anderson

• News Posting: Juhwan Noh

9/24/2012

• Topic: User Interface and Psychological Failures 2
• Assignment: Reading Report, Project Proposal
• Slides: ppt
  
• Reading List:
  
• R1 A. Whitten and J. D. Tygar. "Why Johnny can't encrypt: a usability evaluation of PGP 5.0", USENIX Sec'99
  

• R2 S. Clark, T. Goodspeed, P. Metzger, Z. Wasserman, K. Xu, M. Blaze,"Why (Special Agent) Johnny (Still) Can't Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System", Usenix Sec'11, Actual presentation video is available from here.
  

• News Posting: Kyuyoung

9/26/2012

• Topic: Software Engineering Failures and Malpractices
  
• Assignment: Reading Report
• Slides: ppt
  
• Reading List
• Aldo R2 T. Kohno, A. Stubblefield, A. Rubin and D. Wallach, "Analysis of an Electronic Voting System", S&P'04 
• Jiseong R1 A. Feldman, J. Halderman, and E. Felten, "Security Analysis of the Diebold AccuVote-TS Voting Machine", EVT'07
  

• News Posting: Shinjo

10/1/2012

• Topic: Korean Thanksgiving (No Class)
  

10/3/2012

• Topic: Foundation Day (No Class)
  

10/8/2012

• Topic: Data mining/Machine Learning Failures 1
  
• Assignment: Reading Report
• Reading List
• ppt Kyuyoung R1 B. Nelson, M. Barreno, F. Chi, A. D. Joseph, B. Rubinstein, U. Saini, C. Sutton, J. D. Tygar, K. Xia. “Exploiting machine learning to subvert your spam filter.“, LEET'08
  
• Changho R2 M. Barreno, P. Bartlett, F. Chi, A. Joseph, B. Nelson, B. Rubinstein, U. Saini, and J. D. Tygar. “Open Problems in the Security of Learning.” AISec'08
  

• News Posting: Daehan

10/10/2012

• Topic: Data mining/Machine Learning Failures 2
  
• Assignment: Reading Report
• Reading List
• ppt Dongjae R2 B. Rubinstein, B. Nelson, L. Huang, A. Joseph, S. Lau, N. Taft, and J. D. Tygar. “Evading Anomaly Detection through Variance Injection Attacks on PCA.” RAID'08
  
• ppt Eugene R1 J. Mason, S. Small, F. Monrose, and G. MacManus. 2009. "English shellcode". CCS '09

• News Posting: Jinsoo

10/22/2012

• Topic: Peer-to-peer System Security 2
• Assignment: Reading Report
• Reading List
  
• ppt Hongil R1 E. Chan-Tin, P. Wang, J. Tyra, T. Malchow, D. Foo Kune, N. Hopper, Y. Kim, "Attacking the Kad Network - Real World Evaluation and High Fidelity Simulation using DVN -", Wiley Security and Communication Networks 2009
  

• ppt Seunghoon R2 E. ChanTin, V. Heorhiadi, Y. Kim, and N. Hopper, "The FrogBoiling Attack: Limitations of Secure Network Coordinate Systems", TISSEC 14(3), 2011
  

• News Posting: Eunyoung

10/24/2012

• Topic: Social Network Security and Privacy
  
• Assignment: Reading Report, Project Midterm Report
• Slides: ppt
• Reading List
• Minhee R2 Z. Yang, C. Wilson, X. Wang, T. Gao, B. Y. Zhao, Y. Dai, "Uncovering Social Network Sybils in the Wild", IMC'11
• Sungjae R1 G. Wang, C. Wilson, X. Zhao, Y. Zhu, M. Mohanlal, H. Zheng, B. Y. Zhao, "Serf and Turf: Crowdturfing for Fun and Profit", WWW'12
  

• News Posting: Youngkyun

10/29/2012

• Topic: Cellular Networks 1
  
• Assignment: Reading Report
• Reading List
• ppt Changjae R1 W. Enck, P. Traynor, P. McDaniel and T. La Porta, "Exploiting Open Functionality in SMS-Capable Cellular Networks", CCS'05
• ppt Eunyoung R2 P. Traynor, P. McDaniel and T. La Porta, "On Attack Causality in Internet-Connected Cellular Networks", Usenix SEC'07
  

• News Posting: Sangyun

10/31/2012

• Topic: Cellular Networks 2
  
• Assignment: Reading Report
• Reading List
• ppt Youngkyun R2 P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, T. La Porta and P. McDaniel, "On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core", CCS'09
• ppt Dongkwan R1 W. Enck, D. Octeau, P. McDaniel, S. Chaudhuri, "A Study of Android Application Security", Usenix Sec'11
  

• News Posting: Jinho

11/5/2012

• Topic: Cellular Networks 3
  
• Assignment: Reading Report
• Reading List
• ppt Yongdae R1 D. Foo Kune, J. Koelndorfer, N. Hopper, Y. Kim, "Location leaks on the GSM air interface", NDSS'12
  

• Sungjae R2 N. Golde, K. Redon, R. Borgaonkar, "Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications", NDSS'12

• News Posting: Byungchul

11/7/2012

• Topic: Botnets
  
• Assignment: Reading Report
• Reading List
• Jong Hwan R2 E. Stinson, J. C. Mitchell, "Towards Systematic Evaluation of the Evadability of Bot/Botnet Detection Methods", WOOT'08
• Jinsoo R1 A. Juels and T.-F. Yen, "Sherlock Holmes and the Case of the Advanced Persistent Threat", LEET'12
  

• News Posting: Changho

11/12/2012

• Topic: Cloud Computing
  
• Assignment: Reading Report
• Reading List
• Dongjae R1 Z. Wu, Z. Xu, H. Wang, "Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud", Usenix Sec'12
• Seongmin R2 S. Bugiel, S. Nürnberger, T. Pöppelmann, A.-R. Sadeghi, T. Schneider. "AmazonIA: when elasticity snaps back", CCS'11
  

• News Posting: Chang-Jae

11/14/2012

• Topic: Internet Control Plane
  
• Assignment: Reading Report
• Reading List
• Sangyun R2 M. Schuchard, E. Y. Vasserman, A. Mohaisen, D. Foo Kune, N. Hopper, Y. Kim, "Losing control of the Internet: Using the data plane to attack the control plane", NDSS'11
• Daehan R1 M. Schuchard, C. Thompson, N. Hopper, Y. Kim, "Taking Routers Off Their Meds: Unstable Routers and the Buggy BGP Implementations That Cause Them", UMN TR
  

• News Posting: Aldo

11/19/2012

• Topic: Medical Devices 1
  
• Assignment: Reading Report
• Reading List
• Jinho R1 D. Halperin, T. Heydt-Benjamin, B. Ransford, S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, W.Maisel, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses". S&P '08
• Minkyu R2 S. Hanna, R. Rolles, A. Molina-Markham, P. Poosankam, K. Fu, D. Song, "Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices", HealthSec'11
  

• News Posting: Seunghoon

11/21/2012

• Topic: Medical Devices 2
  
• Assignment: Reading Report
• Reading List
• Giyoung R2 C. Li, A. Raghunathan, N. K. Jha, "Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system", IEEE Healthcom'11
• Byungchul R1 W. Burleson, S. Clark, B. Ransford, K. Fu, "Design Challenges for Secure Implantable Medical Devices", DAC'12
  

• News Posting: Hongil, Giyoung

11/26/2012

• Topic: Automobiles 1
  
• Assignment: Reading Report
• Reading List
• Juhwan R1 K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. "Experimental security analysis of a modern automobile", S&P'11
  
• Jongil R2 I. Rouf, R. Miller, H. Mustafa, T. Taylor, S. Oh, W. Xu, M. Gruteser, W. Trappe, and I. Seskar. "Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study". Usenix SEC'10
  

• News Posting: Eunsoo, Eugene

11/28/2012

• Topic: Automobiles 2
  
• Assignment: Reading Report
• Reading List
• Minhae R2 S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, T. Kohno, "Comprehensive Experimental Analyses of Automotive Attack Surfaces", Usenix Sec'11
• Eunsoo R1 R. Verdult, F. D. Garcia, J. Balasch, "Gone in 360 Seconds: Hijacking with Hitag2", Usenix SEC'12
  

• News Posting: Dongkwan, Jong Hwan

11/30/2012

• Make up class for the week of 10/15/2012
• 5:00 ~ 8:00 PM
  
• Topic: Software Security in a Nutshell, Security of Android
  
• Presenter: Jeong Yi (Sungshil U.)
  
• Reading List: TBD
• News Posting: Joonho

12/3/2012

• Topic: Crypto Implementation
• Presenter: TBD
  
• Assignment: Reading Report
• Reading List
• Byeongdo R1 N. Heninger, Z. Durumeric, E. Wustrow, J. A. Halderman, "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices", Usenix SEC'12
• Byeongdo R2 B. Driessen, R. Hund, C. Willems, C. Paar, T. Holz, "Don't Trust Satellite Phones: A Security Analysis of Two Satphone Standards", S&P'12
  

• News Posting: Minhee, Minkyu

12/5/2012

• Topic: Hardware
  
• Presenter: TBD
  
• Assignment: Reading Report
• Reading List
• Asim R2 C. Sturton, M. Hicks, D. Wagner, S. T. King. "Defeating UCI: Building Stealthy and Malicious Hardware", S&P'12
• Shinjo R1 M. Heiderich, T. Frosch, M. Jensen, T. Holz, "Crouching tiger - hidden payload: security risks of scalable vectors graphics", CCS'11
  

• News Posting: Seongmin, Seongheon

12/10/2012

• Topic: Everything Else 1
  
• Presenter: TBD
  
• Assignment: Reading Report
• Reading List
• Asim R1 L.-S. Huang, A. Moshchuk, H. J. Wang, S. Schechter, Co. Jackson, "Clickjacking: Attacks and Defenses", Usenix Sec'12
  
• Seongheon R2 N. O. Tippenhauer, C. Pöpper, K. B. Rasmussen, S. Capkun, "On the Requirements for Successful GPS Spoofing Attacks", CCS'11

• News Posting: Jiseong, Asim

12/12/2012

• Topic: Everything Else 2
  
• Presenter: TBD
  
• Assignment: Reading Report, Project Final Report
• Reading List
• Eunsoo R2 M. Enev, S. Gupta, T. Kohno, S. N. Patel. "Televisions, video privacy, and powerline electromagnetic interference", CCS'11
• Joonho R1 A. M. White, A. R. Matthews, K. Z. Snow, F. Monrose. "Hookt on Fon-iks: Phonotactic Reconstruction of Encrypted VoIP Conversations", S&P'11
  

• News Posting: Minhae, Dongjae

12/17/2012

• Topic: Project Presentation
  

12/19/2012

• Topic: Project Presentation

Useful Links (Borrowed from Zhi-Li Zhang's 8211 web page)

• "Effective Reading of Papers in Science and Technology", by Michael Hanson and Dylan McNameee
• "An Evaluation of the Ninth SOSP Submissions or How (and How Not) to Write a Good Systems Paper", R. Levin, and D. D. Redell, ACM Operating Systems Review, 17 (3), July 1983, pp 35-40.
• "How to Increase the Chances Your Paper is Accepted at ACM SIGCOMM", by Craig Partridge
• "How to write a good research paper and give a good research talk", S. L. Peyton Jones, J. Hughes, and J. Launchbury, ACM SIGPLAN Notices 28 (11) Nov 1993.
• "The art of Speaking", by Mike Dahlin
• "Should Computer Scientists Experiment More?", by Walter Tichy
• "A guide for new referees in theoretical computer science", by Ian Parberry
• "How to have a bad career in research/academia", by David Patterson
• "A Ph.D is Not Enough: A Guide to Survival in Science", by Peter J. Feibelman (every science/engineer Ph.D student who is serious about a research career should read this book!)

You can also explore the CMU's Advice on Research and Writing webpage and Armando Fox's webpage on paper writing and presentations. Computer Research Association (CRA) also has a site for students with a lot of useful information.