EE515/IS523: Security 101: Think Like an Adversary

• EE515/IS523 Home
• Syllabus
• Calendar
• Project Information
• Reading Report
• News Report
• Presentation

8/31/2015

• Topic: Course Introduction & Introduction to Security Engineering
• Presenter: Yongdae Kim
• Slides: ppt
• Reading List: "What is Security Engineering?" by Ross Anderson
  

9/2/2015

• Topic: Cryptography in a Nutshell
• Presenter: Yongdae Kim
• Slides: ppt
• Reading List: "Overview of Cryptography" in Handbook of Applied Cryptography
  

9/7/2015

• Topic: Cryptography in a Nutshell
• Presenter: Yongdae Kim
• Slides: ppt
• Reading List: "Overview of Cryptography" in Handbook of Applied Cryptography
  
• News Posting: 오근휘

9/9/2015

• Topic: Access Control in a Nutshell
• Presenter: Yongdae Kim
• Slides:
• Reading List: "Access Control" by Ross Anderson
  

9/14/2015

• Topic: User Interface and Psychological Failures
• Assignment: Reading Report
• Reading List:
  • 정시훈 R2 A. Whitten and J. D. Tygar, "Why Johnny can't encrypt: a usability evaluation of PGP 5.0", USENIX Sec'99
  • 한형석 R1 Z. Xu, K. Bai, S. Zhu, "TapLogger: Inferring User Inputs On Smartphone Touchscreens Using On-board Motion Sensors", WISEC'12
• News Posting: 홍진아

9/16/2015

• Topic: Software Engineering Failures and Malpractices
• Assignment: Reading Report, Project Preproposal
• Reading List:
  • 강지현 R1 A. Feldman, J. Halderman, and E. Felten, "Security Analysis of the Diebold AccuVote-TS Voting Machine", EVT'07
  • 김수련 R2 I. Rouf, H. Mustafa, M. Xu, W. Xu, R. Miller, and M. Gruteser, "Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems", ACM CCS'12
• News Posting: 허원영

9/21/2015

• Topic: Embedded Devices Security
• Assignment: Reading Report
• Reading List:
  • 손윤목@SYSSEC R1, R2 A. Cui, M. Costello, S. J. Stolfo, "When Firmware Modifications Attack: A Case Study of Embedded Exploitation", NDSS'13
• News Posting: 신유정

9/23/2015

• Topic: Automobile and IoT Security
• Assignment: Reading Report
• Reading List:
  • 김호빈 R1, R2 S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, T. Kohno, "Comprehensive Experimental Analyses of Automotive Attack Surfaces", USENIX Sec'11
  • 김용대 Introduction to IoT Security
• News Posting: 이상록

9/28/2015

No Class: Mid-Autumn Festival Day 3

9/30/2015 -> 10/1/2015 4:00 p.m.

• Topic: Peer-to-Peer System Security
• Assignment: Reading Report
• Reading List:
  • 김용대 R2 E. Chan-Tin, P. Wang, J. Tyra, T. Malchow, D. Foo Kune, N. Hopper, Y. Kim, "Attacking the Kad Network - Real World Evaluation and High Fidelity Simulation using DVN", Wiley Security and Communication Networks 2009
  • 최우현 R1 E. Heilman, A. Kendler, A. Zohar, S. Goldberg, "Eclipse Attacks on Bitcoin's Peer-to-Peer Network", USENIX Sec'15
• News Posting: 채종욱

10/5/2015

• Topic: Internet Control Plane
• Presenter: Yongdae Kim
• Assignment: Reading Report, Project Proposal
• Reading List:
  • R1 M. Schuchard, E. Y. Vasserman, A. Mohaisen, D. Foo Kune, N. Hopper, Y. Kim, "Losing control of the Internet: Using the data plane to attack the control plane", NDSS'11
  • R2 M. Schuchard, C. Thompson, N. Hopper, Y. Kim, "Taking Routers Off Their Meds: Unstable Routers and the Buggy BGP Implementations That Cause Them", UMN TR
• News Posting: 김수련

10/7/2015

• Topic: RF Security
• Presenter: 최기범@SYSSEC (Introduction to RF Security)
• Assignment: Reading Report
• Reading List:
  • 손준영 R1, R2 N. O. Tippenhauer, L. Malisa, A. Ranganathan, and S. Capkun, "On Limitations of Friendly Jamming for Confidentiality", IEEE S&P'13
• News Posting: 정시훈

10/12/2015

• Topic: Cloud Computing
• Assignment: Reading Report
• Reading List:
  • 홍진아 R1 T. Ristenpart, E. Tromer, H. Shacham, S. Savage, "Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds", ACM CCS'09
  • 강지윤 R2 V. Varadarajan, Y. Zhang, T. Ristenpart, M. Swift "A Placement Vulnerability Study in Multi-Tenant Public Clouds", USENIX Sec'15
• News Posting: 강지현

10/14/2015 -> 10/15/2015 4:00 p.m.

• Topic: Introduction to Cellular Network
• Presenter: Yongdae Kim
• Assignment: Reading Report
• Reading List:
  • R2 D. Foo Kune, J. Koelndorfer, N. Hopper, Y. Kim, "Location leaks on the GSM air interface", NDSS'12
  • R1 N. Golde, K. Redon, R. Borgaonkar, "Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications", NDSS'12
• News Posting: 이장준

10/19/2015

No Class: Midterm Exam

10/21/2015

No Class: Midterm Exam

10/26/2015

• Topic: Mobile Device Baseband
• Assignment: Reading Report
• Reading List:
  • 계정오 R1 R. P. Weinmann, "Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks", USENIX WOOT'12
  • 김홍일@SYSSEC R2 C. Mulliner, N. Golde, J. P. Seifert, "SMS of Death: From Analyzing to Attacking Mobile Phones on a Large Scale", USENIX Sec'11
• News Posting: 김호빈

10/28/2015

• Topic: Cellular Network Accounting Bypass and Further...
• Assignment: Reading Report
• Reading List:
  • 김용대 R2 Y. Go, J. Won, D. F. Kune, E. Y. Jeong, Y. Kim, K. S. Park, "Gaining Control of Cellular Traffic Accounting by Spurious TCP Retransmission", NDSS'14
  • 김동관@SYSSEC R1 H. Kim, D. Kim, M. Kwon, H. Han, Y. Jang, D. Han, T. Kim, Y. Kim, "Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations", ACM CCS'15
• News Posting: 한형석

11/2/2015

• Topic: Cellular Network Core 1
• Assignment: Reading Report
• Reading List:
  • 김덕진 R1 Z. Qian, Z. M. Mao, "Off-Path TCP Sequence Number Inference Attack How Firewall Middleboxes Reduce Security", IEEE S&P'12
  • 이상록 R2 N. Golde, K. Redon, J. P. Seifert, "Let Me Answer That For You: Exploiting Broadcast Information in Cellular Networks", USENIX Sec'13
• News Posting: 김덕진

11/4/2015

• Topic: Cellular Network Core & Mobile Application Security
• Presenter: 박수완@SYSSEC (Introduction to Android Application Analysis)
• Assignment: Reading Report, Project Midterm Report
• Reading List:
  • R1, R2 M. Becher, F. C. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, C. Wolf, "Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices", IEEE S&P'11
• News Posting: 장민주

11/9/2015

• Topic: Breaking Cryptography
• Assignment: Reading Report
• Reading List:
  • 조성원 R1 N. Heninger, Z. Durumeric, E. Wustrow, J. A. Halderman, "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices", USENIX Sec'12
  • 채종욱 R2 C. Brubaker, S. Jana, B. Ray, S. Khurshid, V. Shmatikov, "Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations", IEEE S&P'14
• News Posting: 김해은

11/11/2015

• Topic: Sensor Security
• Presenter: 박영석@SYSSEC (Introduction to Sensor Security with Case Study of Insulin Pump)
• Assignment: Reading Report
• Reading List:
  • 김용대 R1, R2 D. Foo Kune, J. Backes, S. Clark, D. Kramer, M. Reynolds, K. Fu, Y. Kim, W. Xu, "Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors", IEEE S&P'13
• News Posting: 권유진

11/16/2015

• Topic: Medical Devices
• Assignment: Reading Report
• Reading List:
  • 김수련 R1 D. Halperin, T. Heydt-Benjamin, B. Ransford, S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, W.Maisel, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses", IEEE S&P'08
  • 이유진@SYSSEC R2 I. Martinovic, D. Davies, M. Frank, D. Perito, T. Ros, D. Song, "On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces", USENIX Sec'12
• News Posting: 조성원

11/18/2015

• Topic: GPS Spoofing
• Assignment: Reading Report
• Reading List:
  • 조인호 R2 T. Nighswander, B. Ledvina, J. Diamond, R. Brumley, D. Brumley, "GPS Software Attacks", ACM CCS'12
  • 노주환@SYSSEC R1 N. O. Tippenhauer, C. Popper, K. B. Rasmussen, S. Capkun, "On the Requirements for Successful GPS Spoofing Attacks", ACM CCS'11
• News Posting: 손준영

11/23/2015

• Topic: Sensing and Actuation Failure
• Assignment: Reading Report
• Reading List:
  • 손윤목@SYSSEC R1 Y. Son, H. Shin, D. Kim, Y. Park, J. Noh, K. Choi, J. Choi, Y. Kim, "Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors", USENIX Sec'15
  • 허원영 R2 Y. Shoukry, P. Martin, P. Tabuada, M. Srivastava, "Non-invasive Spoofing Attacks for Anti-lock Braking Systems", CHES'13
• News Posting: 최우현

11/25/2015

No Class: Freshman Interview

11/30/2015

• Topic: De-anonymizing others
• Assignment: Reading Report
• Reading List:
  • 곽노현 R2 A. Narayanan, V. Shmatikov, "Robust De-anonymization of Large Sparse Datasets", IEEE S&P'08
  • 오근휘 R1 A. Caliskan-Islam, R. Harang, A. Liu, A. Narayanan, C. Voss, F. Yamaguchi, R. Greenstadt, "De-anonymizing Programmers via Code Stylometry", USENIX Sec'15
• News Posting: 조인호

12/2/2015

• Topic: Hardware Circuit
• Assignment: Reading Report
• Reading List:
  • 최재영@SYSSEC R1 C. Sturton, M. Hicks, D. Wagner, S. T. King, "Defeating UCI: Building Stealthy and Malicious Hardware", IEEE S&P'12
  • 권유진 R2 C. Helfmeier, D. Nedospasov, C. Tarnovsky, J. Krissler, C. Boit, J.P. Seifert, "Breaking and Entering through the Silicon", ACM CCS'13
• News Posting: 최예슬

12/7/2015

• Topic: Data Exfiltration by EMI
• Assignment: Reading Report
• Reading List:
  • 장민주 R1 M. Vuagnoux and S. Pasini, "Compromising Electromagnetic Emanations of Wired and Wireless Keyboards", USENIX Sec'09
  • 신호철@SYSSEC R2 M. Guri, A. Kachlon, O. Hasson, G. Kedma, Y. Mirsky, Y. Elovici, "GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies", USENIX Sec'15
• News Posting: 계정오
• News Posting: 곽노현

12/9/2015

• Topic: Fun
• Assignment: Reading Report, Project Final Report
• Reading List:
  • 이장준 R2 B. Lau, Y. Jang, C. Song, T. Wang, P. H. Chung, P. Royal, "MACTANS: Injecting Malware into iOS Devices via Malicious Chargers", BlackHat US'13
  • 최예슬 R1 W. Meng, X. Xing, A. Sheth, U. Weinsberg, W. Lee, "Your Online Interests? Pwned! A Pollution Attack Against Targeted Advertising", ACM CCS'14
• News Posting: 강지윤

12/14/2015

No Class: Final Exam

12/16/2015

No Class: Final Exam

12/18/2015

• Topic: Project Final Presentation