EE515/IS523: Security 101: Think Like an Adversary

• EE515/IS523 Home
• Syllabus
• Calendar
• Project Information
• Reading Report
• Presentation

8/28/2023

• Topic: Course Introduction & Introduction to Security Engineering
• Presenter: Yongdae Kim
• Slides: 01.pdf
• Reading List: "What is Security Engineering?" by Ross Anderson
  

8/30/2023

• Topic: Course Introduction & Introduction to Security Engineering
• Presenter: Yongdae Kim
• Reading List: "What is Security Engineering?" by Ross Anderson
  

9/4/2023

• Topic: Cryptography in a Nutshell
• Presenter: Yongdae Kim
• Reading List: "Overview of Cryptography" in Handbook of Applied Cryptography
  

9/6/2023

• Topic: Access Control in a Nutshell (1)
• Presenter: Yongdae Kim
• Reading List: "Access Control" by Ross Anderson
  

9/11/2023

• Topic: Access Control in a Nutshell (2)
• Presenter: Yongdae Kim
• Slides: 02.pdf
• Reading List: "Access Control" by Ross Anderson
  

9/13/2023

• Topic: How to Think about Security of New (Emerging) Systems?
• Presenter: Yongdae Kim

9/18/2023

• Topic: Software Engineering Failures and Malpractices
• Assignment: Reading Report
• Slides: VotingAutomobile.pdf
• Reading List:
  • Yongdae Kim A. Feldman, J. Halderman, and E. Felten, "Security Analysis of the Diebold AccuVote-TS Voting Machine", EVT'07
  • R1 R2 Yongdae Kim S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, "Comprehensive Experimental Analyses of Automotive Attack Surfaces", USENIX Sec'11

9/20/2023

• Topic: Medical Devices
• Assignment: Reading Report
• Slides: Medical.pdf
• Reading List:
  • R1 R2 Yongdae Kim D. Halperin, T. Heydt-Benjamin, B. Ransford, S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W.Maisel, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses", IEEE SP'08
  • Yongdae Kim D. Foo Kune, J. Backes, S. Clark, D. Kramer, M. Reynolds, K. Fu, Y. Kim, and W. Xu, "Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors" , IEEE SP'13

9/25/2023

• Topic: Breaking Cryptography & Critical Systems
• Assignment: Reading Report
• Reading List:
  • R1 Yongdae Kim N. Heninger, Z. Durumeric, E. Wustrow, and J. A. Halderman, "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices", USENIX Sec'12
    (Slides: Mining_Your_Ps_and_Qs.pdf)
  • R2 Seungmin Park C. Beierle, P. Derbez, G. Leander, G. Leurent, H. Raddum, Y. Rotella, D. Rupprecht, and L. Stennes, "Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2", EUROCRYPT'21
    (Slides: Cryptanalysis_of_GEA.pdf)

9/27/2023

• Topic: Privacy
• Assignment: Reading Report
• Reading List:
  • Yongdae Kim R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The second-generation onion router", USENIX Sec'04
    (Slides: Anonymous_Communication.pdf)
  • R1 Dongok Kim A. Caliskan-Islam, R. Harang, A. Liu, A. Narayanan, C. Voss, F. Yamaguchi, and R. Greenstadt, "De-anonymizing Programmers via Code Stylometry" , USENIX Sec'15
    (Slides: Code_Stylometry.pdf)

10/2/2023 (No class: 대체공휴일)

• No class

10/4/2023

• Topic: Blockchain (1)
• Assignment: Reading Report
• Reading List:
  • Yongdae Kim Y. Kwon, D. Kim, Y. Son, E. Y. Vasserman, and Y. Kim, "Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin" , ACM CCS'17
    (Slides: Blockchain_FAW.pdf)
  • R2 Taeung Yoon L. Zhou, K. Qin, A. Cully, B. Livshits, and A. Gervais, "On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols", IEEE SP'21
    (Slides: Just-In-Time_Discovery.pdf)

10/9/2023 (No class: 한글날)

• No class

10/11/2023

• Topic: Blockchain (2)
• Assignment: Reading Report
• Reading List:
  • R1 Jaehyun Ha M. Apostolaki, A. Zohar, and L. Vanbever, "Hijacking Bitcoin: Routing Attacks on Cryptocurrencies", IEEE SP'17
    (Slides: BitcoinHijacking.pdf)
  • R2 Hobin Kim M. Tran, I. Choi, G. J. Moon, A. V. Vu, and M. S. Kang, "A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network", IEEE SP'20
    (Slides: ErebusAttack.pdf)

10/16/2023 (Midterm Exam Period)

• No class

10/18/2023 (Midterm Exam Period)

• No class

10/23/2023

• Work on Class Project (No class)

10/25/2023

• Topic: How to write top conference security papers
• Presenter: Yongdae Kim
• Slides: writing_security_conference_paper.pdf

10/30/2023

• Topic: Autonomous Driving System (1)
• Assignment: Reading Report
• Reading List:
  • Yongdae Kim H. Shin, D. Kim, Y. Kwon, and Y. Kim, "Illusion and Dazzle: Adversarial Optical Channel Exploits against Lidars for Automotive Applications.", CHES'17
    (Slides: Self-driving_Perception.pdf)
  • R1 Hyeongju Lee Y. Cao, N. Wang, C. Xiao, D. Yang, J. Fang, R. Yang, Q. A. Chen, M. Liu, and B. Li, "Invisible for both camera and lidar: Security of multi-sensor fusion based perception in autonomous driving under physical-world attacks", IEEE SP'21
    (Slides: security_of_MSF_perception_in_AD.pdf)

11/1/2023

• Topic: Autonomous Driving System (2)
• Assignment: Reading Report
• Reading List:
  • Weonji Choi@SysSec P. Jing, Q. Tang, Y. Du, L. Xue, X. Luo, T. Wang, and S. Wu, "Too good to be safe: Tricking lane detection in autonomous driving with crafted perturbations", USENIX Security'21
    (Slides: ToGoodToBeSafe.pdf)
  • Dohyun Kim@SysSec Z. Wan, J. Shen, J. Chuang, X. Xia, J. Garcia, J. Ma, and Q. A. Chen, "Too Afraid to Drive: Systematic Discovery of Semantic DoS Vulnerability in Autonomous Driving Planning under Physical-World Attacks", NDSS '22
    (Slides: planfuzz.pdf)

11/6/2023

• Topic: Drones (1)
• Assignment: Reading Report
• Reading List:
  • R1 R2 Yongdae Kim Y. Son, H. Shin, D. Kim, Y. Park, J. Noh, K. Choi, J. Choi, and Y. Kim, "Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors", USENIX Sec'15
    (Slides: DroppingDronesfromtheSky.pdf)

11/8/2023

• Topic: Drones (2)
• Assignment: Reading Report
• Reading List:
  • Joonha Jang@SysSec J. Jang*, M. Cho*, J. Kim, D. Kim, and Y. Kim, "Paralyzing Drones via EMI Signal Injection on Sensory Communication Channels", NDSS '23
    (Slides: ParalyzingDrone.pdf)
  • R2 Suhwan Jeong N. Schiller, M. Chlosta, M. Schloegel, N. Bars, T. Eisenhofer, T. Scharnowski, F. Domke, L. Schönherr, and T. Holz, "Drone Security and the Mysterious Case of DJI's DroneID.", NDSS '23
    (Slides: DroneID.pdf)

11/13/2023

• Topic: Drones (3)
• Assignment: Reading Report
• Reading List:
  • R1 Hyeon Heo T. Kim, C. H. Kim, J. Rhee, F. Fei, Z. Tu, G. Walkup, and D. Xu, "RVFuzzer: Finding Input Validation Bugs in Robotic Vehicles through Control-Guided Testing", USENIX Sec'19
    (Slides: RVFuzzer.pdf)
  • Sangmin Woo(TA) H. Choi, S. Kate, Y. Aafer, X. Zhang, and D. Xu, "Software-based realtime recovery from sensor attacks on robotic vehicles", RAID'20
    (Slides: software_based_recovery.pdf)

11/15/2023

• Topic: Machine Learning (1)
• Assignment: Reading Report
• Reading List:
  • R1 Zhixian Jin N. Carlini, and D. Wagner, "Towards evaluating the robustness of neural networks.", IEEE SP'17
    (Slides: Towards_Evaluating_the_Robustness_of_Neural_Networks.pdf)
  • R2 Junho Ahn(TA) N. Carlini, and D. Wagner, "Audio adversarial examples: Targeted attacks on speech-to-text.", IEEE SPW'18
    (Slides: Audio_Adversarial_Examples.pdf)

11/20/2023

• Topic: Machine Learning (2)
• Assignment: Reading Report
• Reading List:
  • Mangi Cho@SysSec Y. Chen, X. Yuan, J. Zhang, Y. Zhao, S. Zhang, K. Chen, and X. Wang, "Devil's whisper: A general approach for physical adversarial attacks against commercial black-box speech recognition devices.", USENIX Sec'20
    (Slides: SpeechAdv.pdf)
  • R2 Seongryong Oh F. Tramèr, F. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, "Stealing machine learning models via prediction APIs", USENIX Sec'16
    (Slides: Stealing_ML_Model.pdf)

11/22/2023

• Topic: Machine Learning (3)
• Assignment: Reading Report
• Reading List:
  • R1 Jio Oh M. Fredrikson, S. Jha, and T. Ristenpart, "Model inversion attacks that exploit confidence information and basic countermeasures", ACM CCS'15
    (Slides: Model_Inversion.pdf)
  • R2 Kiwon Chung R. Shokri, M. Stronati, C. Song, and V. Shmatikov, "Membership Inference Attacks Against Machine Learning Models", IEEE SP'17
    (Slides: MIA.pdf)

11/27/2023

• Topic: Cellular (1)
• Assignment: Reading Report
• Reading List:
  • Presenter: Yongdae Kim
  • Slide: Cellular_Security_Overview
    
  • R1 R2 Cheoljun Park@SysSec H. Yang, S. Bae, M. Son, H. Kim, S. Kim, and Y. Kim, "Hiding in Plain Signal: Physical Signal Overshadowing Attack on LTE", USENIX Sec'19
    (Slides: sigover.pdf)

11/29/2023

• No class

12/4/2023

• Topic: Cellular (2)
• Assignment: Reading Report
• Reading List:
  • R1 Kwangmin Kim H. Kim, J. Lee, E. Lee, and Y. Kim, "Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane", IEEE S&P'19
    (Slides: LTEFuzz.pdf)
  • R1 Minwoo Baek(TA) E. Kim*, M. W. Baek*, C. Park, D. Kim, Y. Kim, and I. Yun, "BaseComp: A Comparative Analysis for Integrity Protection in Cellular BaseBand Software", USENIX Sec'23
    (Slides: BaseComp.pdf)
  • R2 Beomseok Oh(TA) B. Oh*, J. Ahn*, S. Bae, M. Son, Y. Lee, M. S. Kang, and Y. Kim, "Preventing SIM Box Fraud Using Device Fingerprinting", NDSS '23
    (Slides: Preventing_SIMbox_Fraud.pdf)

12/6/2023

• Topic: Cellular (3) & VR/AR
• Assignment: Reading Report
• Reading List:
  • R2 Hansung Bae D. Rupprecht, K. Kohls, T. Holz, and C. Popper, "Breaking LTE on Layer Two", IEEE SP'19
    (Slides: Breaking_Layer_Two.pdf)
  • R1 Valentin Guittard I. Martinovic, D. Davies, M. Frank, D. Perito, T. Ros, and D. Song, "On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces", USENIX Sec'12
    (Slides: BCI.pdf)
  • R2 Seunghyun Lee Y. Zhang, C. Slocum, J. Chen, and N. Abu-Ghazaleh, "It's all in your head (set): Side-channel attacks on ar/vr systems.", USENIX Sec'23
    (Slides: headset.pdf)

12/11/2023 (Final Exam Period)

• No Class: Final Exam

12/13/2023 (Final Exam Period)

• No Class: Final Exam