EE 515/IS 523: Security 101: Think Like an Adversary

Calendar (subject to change depending on schdule)

Useful Links for Reading Papers

9/3/2013

Topic: Introduction
Slides: ppt
Presenter: Yongdae Kim

9/5/2013

Topic: Introduction to Security Engineering
Presenter: Yongdae Kim
Slides: ppt
Reading List: "What is Security Engineering?" by Ross Anderson

9/10/2013

Topic: Crytography in a Nutshell
Presenter: Yongdae Kim

Slides: ppt

9/12/2013

Topic: Crytography in a Nutshell
Presenter: Yongdae Kim
Slides: ppt
Reading List: "Overview of Cryptography" in Handbook of Applied Cryptography

News Posting: Hyunwoo

9/17/2013

Topic: Access Control in a Nutshell
Presenter: Yongdae Kim
Assignment: Project Preproposal
Slides: ppt
Reading List: "Access Control" by Ross Anderson

News Posting: Ho Cheol

9/24/2013

Topic: User Interface and Psychological Failures 1
Presenter: Yongdae Kim
Slides: ppt
Reading List: "Usability and Psychology" by Ross Anderson

News Posting: Kibum

9/26/2013

Topic: User Interface and Psychological Failures 2
Assignment: Reading Report, Project Proposal
Slides:
Reading List:

Muhammad Shakil R1 A. Whitten and J. D. Tygar. "Why Johnny can't encrypt: a usability evaluation of PGP 5.0", USENIX Sec'99

Comfort R2 Abdul Serwadda, Vir Phoha, "When Kids’ Toys Breach Mobile Phone Security", ACM CCS'13

News Posting: Jaeyeong

10/1/2013

Topic: Software Engineering Failures and Malpractices
Assignment: Reading Report,
Slides:
Reading List

Yongdae R2 T. Kohno, A. Stubblefield, A. Rubin and D. Wallach, "Analysis of an Electronic Voting System", S&P'04
Hocheol R1 I. Rouf, H. Mustafa, M. Xu, W. Xu, R. Miller, and M. Gruteser, "Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems", ACM CCS 2012

News Posting: Hyunwook

10/8/2013

Topic: Peer-to-peer System Security
Assignment: Reading Report
Reading List

Yongdae R1 E. Chan-Tin, P. Wang, J. Tyra, T. Malchow, D. Foo Kune, N. Hopper, Y. Kim, "Attacking the Kad Network - Real World Evaluation and High Fidelity Simulation using DVN -", Wiley Security and Communication Networks 2009

Thales R2 E. ChanTin, V. Heorhiadi, Y. Kim, and N. Hopper, "The FrogBoiling Attack: Limitations of Secure Network Coordinate Systems", TISSEC 14(3), 2011

News Posting: Ickhyun

10/10/2013

Topic: Social Network Security and Privacy
Assignment: Reading Report
Slides:
Reading List

Hyunho R2 Z. Yang, C. Wilson, X. Wang, T. Gao, B. Y. Zhao, Y. Dai, "Uncovering Social Network Sybils in the Wild", IMC'11
Shinjo R1 S. Wolchok, S. Hofmann, N. Heninger, E. W. Felten, A. Halderman, C. Rossbach, B. Waters, and E. Witchel, "Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs", NDSS 2010

News Posting: Minjun

10/15/2013

Topic: Cellular Networks 1
Assignment: Reading Report
Reading List

Pierre R1 W. Enck, P. Traynor, P. McDaniel and T. La Porta, "Exploiting Open Functionality in SMS-Capable Cellular Networks", CCS'05
Sungjin R2 P. Traynor, P. McDaniel and T. La Porta, "On Attack Causality in Internet-Connected Cellular Networks", Usenix SEC'07

News Posting: Changhoon

10/17/2013

Topic: Cellular Networks 2
Assignment: Reading Report
Reading List

Jaehyuk R2 D. Foo Kune, J. Koelndorfer, N. Hopper, Y. Kim, "Location leaks on the GSM air interface", NDSS'12
Hyunwoo R1 N. Golde, K. Redon, R. Borgaonkar, "Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications", NDSS'12

News Posting: Kyeongtae

10/22/2013

No Class: Midterm

10/24/2013

No Class: Midterm

10/29/2013

Topic: Cellular Networks 3
Assignment: Reading Report
Reading List

Hyunwook R1 N. Golde, K. Redon, and J.-P. Seifert,"Let Me Answer That For You: Exploiting Broadcast Information in Cellular Networks"(Search PDF in the page), USENIX Sec'13
Jaehyun R2 Y. Go, D. Foo Kune, S. Woo, K. Park, and Y. Kim, "Towards Accurate Accounting of Cellular Data for TCP Retransmission", HotMobile'13

News Posting: Ilgu

10/31/2013

Topic: Botnets
Assignment: Reading Report, Project Midterm Report
Reading List

Ickhyun R2 E. Stinson, J. C. Mitchell, "Towards Systematic Evaluation of the Evadability of Bot/Botnet Detection Methods", WOOT'08
Changhoon R1 A. Juels and T.-F. Yen, "Sherlock Holmes and the Case of the Advanced Persistent Threat", LEET'12

News Posting: Muhammad Shakil

11/5/2013

Topic: EMI
Assignment: Reading Report
Reading List

Marta R2 M. Enev, S. Gupta, T. Kohno, S. N. Patel. "Televisions, video privacy, and powerline electromagnetic interference", CCS'11
Benjamin R1 M. Vuagnoux and S. Pasini, "Compromising Electromagnetic Emanations of Wired and Wireless Keyboards", USENIX Sec'09

News Posting: Jaehyuk, Martijn

11/7/2013: No Class (Make up class will be provided)

11/12/2013

Topic: Cloud Computing
Assignment: Reading Report
Reading List

Taejun R1 T. Ristenpart, E. Tromer, H. Shacham, S. Savage. "Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds", ACM CCS'09
Minsu R2 Z. Wu, Z. Xu, H. Wang, "Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud", Usenix Sec'12

News Posting: Hyunho

11/14/2013

Topic: Internet Control Plane 1
Assignment: Reading Report
Reading List

Yongdae R2 M. Schuchard, E. Y. Vasserman, A. Mohaisen, D. Foo Kune, N. Hopper, Y. Kim, "Losing control of the Internet: Using the data plane to attack the control plane", NDSS'11
Yongdae R1 M. Schuchard, C. Thompson, N. Hopper, Y. Kim, "Taking Routers Off Their Meds: Unstable Routers and the Buggy BGP Implementations That Cause Them", UMN TR

News Posting: Minsu

11/19/2013

Topic: Internet Control Plane 2
Assignment: Reading Report
Reading List

Hyunwoo R1 M. S. Kang, S. B. Lee, and V. D. Gligor. 2013. "The Crossfire Attack". S&P '13
Joonseok R2 S. Shin and G. Gu. "Attacking Software-Defined Networks: The First Feasibility Study", HotSDN'13

News Posting: Daegyeong, Sungjin

11/21/2013

Topic: Medical Devices and Health 1
Assignment: Reading Report
Reading List

Guillaume R1 D. Halperin, T. Heydt-Benjamin, B. Ransford, S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, W.Maisel, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses". S&P '08
Yongdae R2 D. Foo Kune, J. Backes, S. Clark, D. Kramer, M. Reynolds, K. Fu, Y. Kim, W. Xu, "Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors", S&P'13

News Posting: Jaehyun, Guillaume

11/26/2013

Topic: Medical Devices and Health 2
Assignment: Reading Report
Reading List

Ilgu R2 N. O. Tippenhauer, L. Malisa, A. Ranganathan, and S. Capkun, "On Limitations of Friendly Jamming for Confidentiality", S&P'13
Eugene R1 I. Martinovic, D. Davies, M. Frank, D. Perito, T. Ros, D. Song, "On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces", USENIX Sec 2012

News Posting: Seungyong

11/28/2013

Topic: Automobiles 1
Assignment: Reading Report
Reading List

Kyeongtae R1 K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. "Experimental security analysis of a modern automobile", S&P'11
Kibum R2 I. Rouf, R. Miller, H. Mustafa, T. Taylor, S. Oh, W. Xu, M. Gruteser, W. Trappe, and I. Seskar. "Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study". Usenix SEC'10

News Posting: Joonseok, Thales

11/30/2013

Topic: Everything Else
Assignment: Reading Report
Reading List

Seungyong R1 J. Mason, S. Small, F. Monrose, and G. MacManus. 2009. "English shellcode". CCS '09
Juhwan R2 N. O. Tippenhauer, C. P?pper, K. B. Rasmussen, S. Capkun, "On the Requirements for Successful GPS Spoofing Attacks", CCS'11
Minjun R1 R. Kotcher, Y. Pei, P. Jumde, C. Jackson, "Stealing cross-origin pixels: Timing attacks on CSS filters and shaders", ACM CCS'13
Daegyeong R2 X. Xing, W. Meng, D. Doozan, A. C. Snoeren, N. Feamster, W. Lee. "Take This Personally: Pollution Attacks on Personalized Services", Usenix Sec'13

News Posting: Marta, Taejun, Benjamin

12/3/2013

Topic: Automobiles 2
Assignment: Reading Report
Reading List

Seunghyeon R2 S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, T. Kohno, "Comprehensive Experimental Analyses of Automotive Attack Surfaces", Usenix Sec'11
Martijn R1 R. Verdult, F. D. Garcia, J. Balasch, "Gone in 360 Seconds: Hijacking with Hitag2", Usenix SEC'12

News Posting: Seunghyeon, Quentin

12/5/2013

Topic: Crypto Implementation
Assignment: Reading Report
Reading List

Yongjae R1 N. Heninger, Z. Durumeric, E. Wustrow, J. A. Halderman, "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices", Usenix SEC'12
Quentin R2 R. Wang, Y. Shoshitaishvili, C. Kruegel, G. Vigna, "Steal This Movie: Automatically Bypassing DRM Protection in Streaming Media Services", USENIX Sec`13

News Posting: Yongjae, Mikaël

12/7/2013

Topic: Project Presentation

12/10/2013

Topic: Hardware
Assignment: Reading Report
Reading List

Mikaël R2 C. Sturton, M. Hicks, D. Wagner, S. T. King. "Defeating UCI: Building Stealthy and Malicious Hardware", S&P'12
Jaeyeong R1 C. Helfmeier, D. Nedospasov, C. Tarnovsky, J. Krissler, C. Boit, J.-P. Seifert, "Breaking and Entering through the Silicon", ACM CCS'13

News Posting: Comfort, Pierre

12/12/2013 No Class

Topic: Project Final Report

Useful Links (Borrowed from Zhi-Li Zhang's 8211 web page)

"Effective Reading of Papers in Science and Technology", by Michael Hanson and Dylan McNameee
"An Evaluation of the Ninth SOSP Submissions or How (and How Not) to Write a Good Systems Paper", R. Levin, and D. D. Redell, ACM Operating Systems Review, 17 (3), July 1983, pp 35-40.
"How to Increase the Chances Your Paper is Accepted at ACM SIGCOMM", by Craig Partridge
"How to write a good research paper and give a good research talk", S. L. Peyton Jones, J. Hughes, and J. Launchbury, ACM SIGPLAN Notices 28 (11) Nov 1993.
"The art of Speaking", by Mike Dahlin
"Should Computer Scientists Experiment More?", by Walter Tichy
"A guide for new referees in theoretical computer science", by Ian Parberry
"How to have a bad career in research/academia", by David Patterson
"A Ph.D is Not Enough: A Guide to Survival in Science", by Peter J. Feibelman (every science/engineer Ph.D student who is serious about a research career should read this book!)

You can also explore the CMU's Advice on Research and Writing webpage and Armando Fox's webpage on paper writing and presentations. Computer Research Association (CRA) also has a site for students with a lot of useful information.