EE 515/IS 523: Security 101: Think Like an Adversary

Calendar (subject to change depending on schdule)

Useful Links for Reading Papers

9/1/2014

Topic: Introduction
Slides: ppt
Presenter: Yongdae Kim

9/3/2014

Topic: Introduction to Security Engineering
Presenter: Yongdae Kim
Slides: ppt
Reading List: "What is Security Engineering?" by Ross Anderson

9/8/2014

No Class: Korean Thanksgiving Holiday

9/10/2014

No Class: Korean Thanksgiving Holiday

9/15/2014

Topic: Crytography in a Nutshell
Presenter: Yongdae Kim

Slides: ppt

9/17/2014

Topic: Crytography in a Nutshell
Presenter: Yongdae Kim
Slides: ppt
Reading List: "Overview of Cryptography" in Handbook of Applied Cryptography

9/22/2014

Topic: Access Control in a Nutshell
Presenter: Yongdae Kim
Slides: ppt
Reading List: "Access Control" by Ross Anderson

9/24/2014

Topic: User Interface and Psychological Failures 1
Presenter: Yongdae Kim
Assignment: Project Preproposal
Slides: ppt
Reading List: "Usability and Psychology" by Ross Anderson

9/29/2014

Topic: User Interface and Psychological Failures 2, Software Engineering Failures and Malpractices
Slides: ppt
Reading List:

A. Whitten and J. D. Tygar. "Why Johnny can't encrypt: a usability evaluation of PGP 5.0", USENIX Sec'99

T. Kohno, A. Stubblefield, A. Rubin and D. Wallach, "Analysis of an Electronic Voting System", S&P'04

10/1/2014

Topic: Security of Korean Embedded Systems
Slides: ppt
Presenter: Yongdae Kim

10/6/2014

Topic: Peer-to-peer System Security
Presenter: Yongdae Kim
Slides: ppt
Assignment: Reading Report, Project Proposal
Reading List

R1 E. Chan-Tin, P. Wang, J. Tyra, T. Malchow, D. Foo Kune, N. Hopper, Y. Kim, "Attacking the Kad Network - Real World Evaluation and High Fidelity Simulation using DVN -", Wiley Security and Communication Networks 2009

R2 E. ChanTin, V. Heorhiadi, Y. Kim, and N. Hopper, "The FrogBoiling Attack: Limitations of Secure Network Coordinate Systems", TISSEC 14(3), 2011

10/8/2014

Topic: Reverse Engineering Android Apps
Slides: ppt
Presenter: Yongdae Kim

10/13/2014

Topic: Cellular Networks 1
Slides: ppt
Assignment: Reading Report
Reading List

R2 W. Enck, P. Traynor, P. McDaniel and T. La Porta, "Exploiting Open Functionality in SMS-Capable Cellular Networks", CCS'05
R1 P. Traynor, P. McDaniel and T. La Porta, "On Attack Causality in Internet-Connected Cellular Networks", Usenix SEC'07

10/15/2014

Topic: Security of Korean Cellular Networks
Presenter: Yongdae Kim

10/20/2014

No Class: Midterm

10/22/2014

No Class: Midterm

10/27/2014

Topic: Cellular Networks 1
Slides: ppt
Assignment: Reading Report
Reading List

R2 W. Enck, P. Traynor, P. McDaniel and T. La Porta, "Exploiting Open Functionality in SMS-Capable Cellular Networks", CCS'05
R1 P. Traynor, P. McDaniel and T. La Porta, "On Attack Causality in Internet-Connected Cellular Networks", Usenix SEC'07

10/29/2014

Topic: Cellular Networks 2
Assignment: Reading Report
Slides: ppt
Reading List

R1 D. Foo Kune, J. Koelndorfer, N. Hopper, Y. Kim, "Location leaks on the GSM air interface", NDSS'12
R2 N. Golde, K. Redon, R. Borgaonkar, "Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications", NDSS'12

11/3/2014

Topic: Cellular Networks 3
Assignment: Reading Report
Slides: ppt
Reading List

R2 N. Golde, K. Redon, and J.-P. Seifert,"Let Me Answer That For You: Exploiting Broadcast Information in Cellular Networks"(Search PDF in the page), USENIX Sec'13
R1 Y. Go, D. Foo Kune, S. Woo, K. Park, and Y. Kim, "Towards Accurate Accounting of Cellular Data for TCP Retransmission", HotMobile'13

11/5/2014

Topic: Korean Cellular Network Security
Assignment: Reading Report, Project Midterm Report
Slides: ppt

11/10/2014

Topic: Botnets
Slides: ppt
Reading List

R2 E. Stinson, J. C. Mitchell, "Towards Systematic Evaluation of the Evadability of Bot/Botnet Detection Methods", WOOT'08
R1 A. Juels and T.-F. Yen, "Sherlock Holmes and the Case of the Advanced Persistent Threat", LEET'12

11/12/2014

Topic: Internet Control Plane 1
Assignment: Reading Report
Slides: ppt
Reading List

R2 M. Schuchard, E. Y. Vasserman, A. Mohaisen, D. Foo Kune, N. Hopper, Y. Kim, "Losing control of the Internet: Using the data plane to attack the control plane", NDSS'11
R1 M. Schuchard, C. Thompson, N. Hopper, Y. Kim, "Taking Routers Off Their Meds: Unstable Routers and the Buggy BGP Implementations That Cause Them", UMN TR

11/17/2014

Topic: Medical Devices and Health 1
Slides: ppt
Assignment: Reading Report
Reading List

R1 D. Halperin, T. Heydt-Benjamin, B. Ransford, S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, W.Maisel, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses". S&P '08
R2 D. Foo Kune, J. Backes, S. Clark, D. Kramer, M. Reynolds, K. Fu, Y. Kim, W. Xu, "Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors", S&P'13

11/19/2014

No Class: Official University Holiday

11/24/2014

Topic: Medical Devices and Health 2
Slides: ppt
Assignment: Reading Report
Reading List

R2 N. O. Tippenhauer, L. Malisa, A. Ranganathan, and S. Capkun, "On Limitations of Friendly Jamming for Confidentiality", S&P'13
R1 I. Martinovic, D. Davies, M. Frank, D. Perito, T. Ros, D. Song, "On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces", USENIX Sec 2012

11/26/2014

No Class

12/1/2014

Topic: Automobiles 1
Slides: ppt
Assignment: Reading Report
Reading List

R1 K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. "Experimental security analysis of a modern automobile", S&P'11
R2 I. Rouf, R. Miller, H. Mustafa, T. Taylor, S. Oh, W. Xu, M. Gruteser, W. Trappe, and I. Seskar. "Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study". Usenix SEC'10

12/3/2014

Topic: Reversing Flash
Presenter: Ben
Slides: pdf1 pdf2 pdf3
Reading List

Matt Oh, "Reverse Engineering Flash Memory for Fun and Benefit", Blackhat'14

12/8/2014

Topic: Everything Else
Assignment: Reading Report
Slides: ppt
Reading List

R1 N. Heninger, Z. Durumeric, E. Wustrow, J. A. Halderman, "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices", Usenix SEC'12
R2 N. O. Tippenhauer, C. P?pper, K. B. Rasmussen, S. Capkun, "On the Requirements for Successful GPS Spoofing Attacks", CCS'11

12/10/2014

Topic: Hardware
Presenter: Karim Charfi
Assignment: Reading Report
Reading List

C. Helfmeier, D. Nedospasov, C. Tarnovsky, J. Krissler, C. Boit, J.-P. Seifert, "Breaking and Entering through the Silicon", ACM CCS'13

12/13/2014

Topic: Project Presentation

Topic: Project Final Report

Useful Links (Borrowed from Zhi-Li Zhang's 8211 web page)

"Effective Reading of Papers in Science and Technology", by Michael Hanson and Dylan McNameee
"An Evaluation of the Ninth SOSP Submissions or How (and How Not) to Write a Good Systems Paper", R. Levin, and D. D. Redell, ACM Operating Systems Review, 17 (3), July 1983, pp 35-40.
"How to Increase the Chances Your Paper is Accepted at ACM SIGCOMM", by Craig Partridge
"How to write a good research paper and give a good research talk", S. L. Peyton Jones, J. Hughes, and J. Launchbury, ACM SIGPLAN Notices 28 (11) Nov 1993.
"The art of Speaking", by Mike Dahlin
"Should Computer Scientists Experiment More?", by Walter Tichy
"A guide for new referees in theoretical computer science", by Ian Parberry
"How to have a bad career in research/academia", by David Patterson
"A Ph.D is Not Enough: A Guide to Survival in Science", by Peter J. Feibelman (every science/engineer Ph.D student who is serious about a research career should read this book!)

You can also explore the CMU's Advice on Research and Writing webpage and Armando Fox's webpage on paper writing and presentations. Computer Research Association (CRA) also has a site for students with a lot of useful information.