EE515/IS523: Security 101: Think Like an Adversary

• EE515/IS523 Home
• Syllabus
• Calendar
• Project Information
• Reading Report
• Presentation

9/1/2016

• Topic: Course Introduction & Introduction to Security Engineering
• Presenter: Yongdae Kim
• Slides: ppt
• Reading List: "What is Security Engineering?" by Ross Anderson
  

9/6/2016

• Topic: Cryptography in a Nutshell
• Presenter: Yongdae Kim
• Slides:
• Reading List: "Overview of Cryptography" in Handbook of Applied Cryptography
  

9/8/2016

• Topic: Cryptography in a Nutshell
• Presenter: Yongdae Kim
• Slides:
• Reading List: "Overview of Cryptography" in Handbook of Applied Cryptography
  

9/13/2016

• Topic: Access Control in a Nutshell
• Presenter: Yongdae Kim
• Slides:
• Reading List: "Access Control" by Ross Anderson
  

9/15/2016

No Class: Chuseok Holiday

9/20/2016

• Topic: Access Control in a Nutshell
• Presenter: Yongdae Kim
• Slides: ppt
• Reading List: "Access Control" by Ross Anderson
  

9/22/2016

• Topic: Usable Security
• Assignment: Reading Report, Project Preproposal
• Reading List:
  • 김용대 A. Whitten and J. D. Tygar, "Why Johnny can't encrypt: a usability evaluation of PGP 5.0", USENIX Sec'99
  • 조만기 R1 R2 T. Vaidya, Y. Zhang, M. Sherr, and C. Shields, "Cocaine Noodles: Exploiting the Gap between Human and Machine Speech Recognition", USENIX WOOT'15

9/27/2016

• Topic: Embedded Device Analysis for Security Research
• Presenter: Yunmok Son@SYSSEC

9/29/2016

• Topic: Software Engineering Failures and Malpractices
• Assignment: Reading Report
• Reading List:
  • 박다원 A. Feldman, J. Halderman, and E. Felten, "Security Analysis of the Diebold AccuVote-TS Voting Machine", EVT'07
  • 오정석 R1 R2 I. Rouf, H. Mustafa, M. Xu, W. Xu, R. Miller, and M. Gruteser, "Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems", ACM CCS'12

10/4/2016

• Topic: Automobile and IoT Security
• Assignment: Reading Report
• Reading List:
  • 임지훈 R1 S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, "Comprehensive Experimental Analyses of Automotive Attack Surfaces", USENIX Sec'11
  • 김건우 R2 E. Fernandes, J. Jung, and A. Prakash, "Security Analysis of Emerging Smart Home Applications", IEEE SP'16

10/6/2016

• Topic: Peer-to-Peer System Security
• Assignment: Reading Report
• Reading List:
  • 김용대 R2 E. Chan-Tin, P. Wang, J. Tyra, T. Malchow, D. Foo Kune, N. Hopper, and Y. Kim, "Attacking the Kad Network - Real World Evaluation and High Fidelity Simulation using DVN", Wiley Security and Communication Networks 2009
  • 권유진@SYSSEC R1 L. Luu, R. Saha, I. Parameshwaran, P. Saxena, and A. Hobor, "On Power Splitting Games in Distributed Computation: The Case of Bitcoin Pooled Mining", IEEE CSF'15

10/11/2016

• Topic: Internet Protocols
• Assignment: Reading Report, Project Proposal
• Reading List:
  • 김용대 R1 M. Schuchard, E. Y. Vasserman, A. Mohaisen, D. Foo Kune, N. Hopper, and Y. Kim, "Losing control of the Internet: Using the data plane to attack the control plane", NDSS'11
  • 허환조 R2 Y. Cao, Z. Qian, Z. Wang, T. Dao, S. V. Krishnamurthy, and L. M. Marvel, "Off-Path TCP Exploits: Global Rate Limit Considered Dangerous", USENIX Sec'16

10/13/2016

• Topic: RF Security
• Assignment: Reading Report
• Reading List:
  • 박철준 R2 N. O. Tippenhauer, L. Malisa, A. Ranganathan, and S. Capkun, "On Limitations of Friendly Jamming for Confidentiality", IEEE SP'13
  • 노주환@SYSSEC R1 N. O. Tippenhauer, C. Popper, K. B. Rasmussen, and S. Capkun, "On the Requirements for Successful GPS Spoofing Attacks", ACM CCS'11

10/18/2016

• Topic: Low Level Attacks
• Assignment: Reading Report
• Reading List:
  • 최현우@SYSSEC R1 W. Song, H. Choi, J. Kim, E. Kim, Y. Kim, and J. Kim, "PIkit: A New Kernel-Independent Processor-Interconnect Rootkit", USENIX Sec'16
  • 정윤종 R2 M. Seaborn and T. Dullien, "Exploiting the DRAM rowhammer bug to gain kernel privileges , Blackhat'15

10/20/2016

No Class: Midterm Exam

10/25/2016

No Class: Midterm Exam

10/27/2016

• Topic: Cellular Network #1
• No Class
• There will be supplementary talks for additional 30 minutes at 11/1/2016 and 11/8/2016.
• The deadline of each reading report is delayed considering the changed schedule of each supplementary talk.

11/1/2016

• Topic: Cellular Network #2
• Assignment: Reading Report
• Reading List:
  • 김용대 R1 Y. Go, J. Won, D. F. Kune, E. Y. Jeong, Y. Kim, and K. S. Park, "Gaining Control of Cellular Traffic Accounting by Spurious TCP Retransmission", NDSS'14
  • 김용대 R2 H. Kim, D. Kim, M. Kwon, H. Han, Y. Jang, D. Han, T. Kim, and Y. Kim, "Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations", ACM CCS'15
  • 김용대 R2 (supplementary) D. Foo Kune, J. Koelndorfer, N. Hopper, and Y. Kim, "Location leaks on the GSM air interface", NDSS'12

11/3/2016

• Topic: Cellular Network #3
• Assignment: Reading Report
• Reading List:
  • 김은수@SYSSEC R2 R. Weinmann, "Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks", USENIX WOOT'12
  • 이은규 R1 N. Golde, K. Redon, and J. P. Seifert, "Let Me Answer That For You: Exploiting Broadcast Information in Cellular Networks", USENIX Sec'13

11/8/2016

• Topic: Breaking Cryptography
• Assignment: Reading Report, Project Midterm Report
• Reading List:
  • 박민준 R1 N. Heninger, Z. Durumeric, E. Wustrow, and J. A. Halderman, "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices", USENIX Sec'12
  • 박상옥 R2 C. Brubaker, S. Jana, B. Ray, S. Khurshid, and V. Shmatikov, "Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations", IEEE SP'14
  • 김홍일@SYSSEC R1 (supplementary) A. Shaik, R. Borgaonkar, N. Asokan, V. Niemi, and J. Seifert, "Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems", NDSS'16

11/10/2016

• Topic: How to Research Attacks and Write Good Papers
• Presenter: Yongdae Kim

11/15/2016

• Topic: Sensor Security #1
• Assignment: Reading Report
• Reading List:
  • 김용대 R2 D. Foo Kune, J. Backes, S. Clark, D. Kramer, M. Reynolds, K. Fu, Y. Kim, and W. Xu, "Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors", IEEE SP'13
  • 손윤목@SYSSEC R1 Y. Son, H. Shin, D. Kim, Y. Park, J. Noh, K. Choi, J. Choi, and Y. Kim, "Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors", USENIX Sec'15

11/17/2016

• Topic: Critical Systems
• Assignment: Reading Report
• Reading List:
  • 김민혜 R1 A. Bolshev, J. Larsen, and M. Krotofil, "A Rising Tide: Design Exploits in Industrial Control Systems", USENIX WOOT'16
  • 김용대 R2 Y. Park, Y. Son, H. Shin, D. Kim, and Y. Kim, "This Ain't Your Dose: Sensor Spoofing Attack on Medical Infusion Pump", USENIX WOOT'16

11/22/2016

• Topic: Medical Devices
• Assignment: Reading Report
• Reading List:
  • 김선도 R2 D. Halperin, T. Heydt-Benjamin, B. Ransford, S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W.Maisel, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses", IEEE SP'08
  • 김도현 R1 I. Martinovic, D. Davies, M. Frank, D. Perito, T. Ros, and D. Song, "On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces", USENIX Sec'12

11/24/2016

• Topic: Sensor Security #2
• Assignment: Reading Report
• Reading List:
  • 권유진@SYSSEC R1 C. Yan, W. Xu, and J. Liu, "Can You Trust Autonomous Vehicles: Contactless Attacks against Sensors of Self-driving Vehicle", DefCon 24 (2016)
  • 신호철@SYSSEC R2 H. Shin, Y. Son, Y. Park, Y. Kwon, and Y. Kim, "Sampling Race: Bypassing Timing-based Analog Active Sensor Spoofing Detection on Analog-digital Systems", USENIX WOOT'16

11/29/2016

• Topic: De-anonymizing others
• Assignment: Reading Report
• Reading List:
  • 안형철 R2 A. Narayanan, and V. Shmatikov, "Robust De-anonymization of Large Sparse Datasets", IEEE SP'08
  • 조정열 R1 A. Caliskan-Islam, R. Harang, A. Liu, A. Narayanan, C. Voss, F. Yamaguchi, and R. Greenstadt, "De-anonymizing Programmers via Code Stylometry", USENIX Sec'15

12/1/2016

• Topic: Data Exfiltration by EMI
• Assignment: Reading Report
• Reading List:
  • 김리헌 R1 M. Guri, G. Kedma, A. Kachlon, and Y. Elovici, "AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones using Radio Frequencies", MALCON'14
  • 신호철@SYSSEC R2 M. Guri, A. Kachlon, O. Hasson, G. Kedma, Y. Mirsky, and Y. Elovici, "GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies", USENIX Sec'15

12/6/2016

• Topic: Hacking and Machine Learning
• Assignment: Reading Report, Project Final Report
• Reading List:
  • 최윤선 R2 N. Papernot, P. McDaniel, S. Jha, M. Fredrikson, Z. B. Celik, and A. Swami, "The Limitations of Deep Learning in Adversarial Settings", IEEE Euro SP'16
  • 강희도 R1 A. Nguyen, J. Yosinski, and J. Clune, "Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images", IEEE CVPR'15

12/8/2016

• Topic: Project Final Presentation (Part #1)

12/13/2016

• Topic: Project Final Presentation (Part #2)

12/15/2016

No Class: Final Exam

12/20/2016

No Class: Final Exam