Course Calendar

Below is the calendar for this semester course. This is the preliminary schedule, which may need to be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Date Topic Assignments Due Readings/Discussions
(do readings before class)		 Slides
01/16/07 Lecture Discussion - how and why?

  • Intro
    • 01/18/07 (Presenter: Will Enck) -- William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta. Exploiting Open Func- tionality in SMS-Capable Cellular Networks. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), November 2005.

  • SMS
    • 01/23/07 (Presenter: Patrick Traynor) -- William Enck, Patrick McDaniel, and Thomas La Porta. Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks. In Proceedings of the Twelfth Annual ACM International Conference on Mobile Computing and Networking (MobiCom), September 2006.)

    (Presenter: Patrick Traynor)R. Racic, D. Ma, and H. Chen. Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery. In Proceedings of the Second IEEE Communications Society/CreateNet International Conference on Security and Privacy in Communication Networks (SecureComm), 2006.

  • Telco
    • 01/25/07 (Presenter: Smitha Sundareswaran) Peter Gutmann, A Cost Analysis of Windows Vista Content Protection, January 2007. (link)

    Windows Vista Content Protection - Twenty Questions (and Answers) (link)

    Project Discussion - Why write a paper?

  • Vista
  • Publish?
    • 01/30/07 No Class
    02/01/07 Project Discussion - Generating paper ideas

  • Ideas
    • 02/06/07 (Presenter: Boniface Hicks) David Brumley, James Newsome, Dawn Song, Hao Wang and Somesh Jha, Towards Automatic Generation of Vulnerability-Based Signatures. Proceedings of the 2006 IEEE Symposium on Security and Privacy. (link)

    Project Discussion - Generating paper ideas (cont.)
  • GenSig
    • 02/08/07 Paper Critque (Presenter: Chi Tsang Su) -- Daphna Weinshall, Cognitive Authentication Schemes Safe Against Spyware. Proceedings of the 2006 IEEE Symposium on Security and Privacy. (Extended Abstract)

    Project Discussion - Abstracts

  • Cognition
    • 02/13/07 (Lisa Johansen) -- Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, Dawson R. Engler: EXE: automatically generating inputs of death. ACM Conference on Computer and Communications Security 2006: 322-335.

    (Kevin Butler) -- Retrofitting Legacy Code for Authorization Policy Enforcement Vinod Ganapathy, Trent Jaeger and Somesh Jha University of Wisconsin-Madison, USA, and Pennsylvania State University, USA

  • EXE
  • Retro
    • 02/15/07 (Presenter: Luke St Clair) -- R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, S. Zhou, A. Tiwari and H. Yang, "Specification Based Anomaly Detection: A New Approach for Detecting Network Intrusions", ACM CCS, 2002.

  • Spec
    • 02/20/07 Project Abstract (Michael Lin) -- Liberatore, M. and Levine, B. N. 2006. Inferring the source of encrypted HTTP connections. In Proceedings of the 13th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 30 - November 03, 2006). CCS '06. ACM Press, New York, NY, 255-263

  • Infer
    • 02/22/07 Project/Idea Presentations (in class)
    02/27/07 (Presenter: Divya Muthukumaran) -- Fogla, P. and Lee, W. 2006. Evading network anomaly detection systems: formal reasoning and practical techniques. In Proceedings of the 13th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 30 - November 03, 2006). CCS '06. ACM Press, New York, NY, 59-68

    (Presenter: Archana Viswanath) -- Dataflow Anomaly Detection. Sandeep Bhatkar, Abhishek Chaturvedi and R. Sekar. In 15th USENIX Security Symposium, (Vancouver, BC, Canada), August 2-4, 2006.

  • Evade
  • Dataflow
    • 03/01/07 (Presenter: Mohamed Hassan) -- Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks. David Whyte, Paul van Oorschot and Evangelos Kranakis. 22st Annual Computer Security Applications Conference (ACSAC), December 2006. Miami, Fl.

    (Presenter: Michael Lin) -- FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Lihua Yuan, Jianning Mai, Zhendong Su, Hao Chen, Chen-Nee Chuah and Prasant Mohapatra. Proceedings of the 2006 IEEE Symposium on Security and Privacy.

  • MassMail
  • Fireman
    • 03/06/07 Project Discussion - Related Works

    (Presenter: Chi-Tsong Su) -- A Usability Study and Critique of Two Password Managers Sonia Chiasson, P.C. van Oorschot, and Robert Biddle. In 15th USENIX Security Symposium, (Vancouver, BC, Canada), August 2-4, 2006.

    (Presenter: Anuj Sawani) -- Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheep's Clothing Lucas Ballard and Fabian Monrose, Johns Hopkins University; Daniel Lopresti, Lehigh University. In 15th USENIX Security Symposium, (Vancouver, BC, Canada), August 2-4, 2006.

  • Relwork
  • Passwords
  • Biomet
    • 03/08/07 (Lisa Johansen) -- Automated Web Patrol with Strider HoneyMonkeys, Yi-Min Wang, Doug Beck , Chad Verbowski, Shuo Chen, Sam King, Xuxian Jiang,Roussi Roussev. Proceedings of 2006 Network and Distributed System Security (NDSS) Symposium, February 2006.

  • Strider
    • 03/13/07 No Class - Spring Break
    03/15/07 No Class - Spring Break
    03/20/07 (Presenter: Sandra Rodriguez) -- Where's the FEEB?: The Effectiveness of Instruction Set Randomization (with Nora Sovarel and Nathanael Paul). USENIX Security 2005, August 2005.

    (Presenter: Luke St Clair) -- SANE: A Protection Architecture for Enterprise Networks. Martin Casado Tal Garfinkel, Aditya Akella, Michael J. Freedman, Dan Boneh, and Nick McKeown. USENIX Security 2006, August 2006.

  • FEEB
  • Sane
    • 03/22/07 Related Works (Presenter: Kevin Butler) -- PHAS: A Prefix Hijack Alert System. Mohit Lad, Dan Massey, Dan Pei, Yiguo Wu, Beichuan Zhang, and Lixia Zhang. USENIX Security 2006.

    (Presenter: Boniface Hicks) -- Behavior-based Spyware Detection. Engin Kirda, Christopher Kruegel,Greg Banks, Giovanni Vigna, and Richard A. Kemmerer. In 15th USENIX Security Symposium, (Vancouver, BC, Canada), August 2-4, 2006.

    (Presenter: Sandra Rodriguez) -- Toward Automated Information-Flow Integrity Verification for Security-Critical Applications. Umesh Shankar, Trent Jaeger, and Reiner Sailer. Proceedings of 2006 Network and Distributed System Security (NDSS) Symposium, February 2006.

  • CWLite
    • 03/27/07 (Presenter: Joshua Schiffman) -- vTPM: Virtualizing the Trusted Platform Module. Stefan Berger, Ramon Caceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doorn. In 15th USENIX Security Symposium, (Vancouver, BC, Canada), August 2-4, 2006.

    (Presenter: Divya Muthukumaran) -- Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage. Kevin Fu, Seny Kamara, Yoshi Kohno. Proceedings of 2006 Network and Distributed System Security (NDSS) Symposium, February 2006.

  • vTPM
  • Keyreg
    • 03/29/07 (Presenter: Archana Viswanath) -- Detecting Targeted Attacks Using Shadow Honeypots. K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, and A. D. Keromytis. 14th USENIX Security Symposium, August 2005. Baltimore, MD.

    (Presenter: Joshua Schiffman) -- Automatic Placement of Authorization Hooks in the Linux Security Modules Framework by Vinod Ganapathy, Trent Jaeger and Somesh Jha. Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), November 2005. Alexandria, VA.

  • Honey
  • Hooks
    • 04/03/07 (Presenter: Anuj Sawani) -- SubVirt: Implementing malware with virtual machines Samuel T. King, Peter M. Chen, Yi-Min Wang, Chad Verbowski, Helen J. Wang, Jacob R. Lorch. Proceedings of the 2006 IEEE Symposium on Security and Privacy.

    (Presenter: Archana Viswanath) -- Deploying a New Hash Algorithm. Steven Bellovin and Eric Rescorla. Proceedings of 2006 Network and Distributed System Security (NDSS) Symposium, February 2006.

  • SubVirt
  • Hash
    • 04/05/07 (Presenter: Kevin Butler) -- Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation. Jim Chow, Ben Pfaff, Tal Garfinkel, and Mendel Rosenblum. 14th USENIX Security Symposium, August 2005. Baltimore, MD.

    (Presenter: Smitha Sundareswaran) -- DNS-based Detection of Scanning Worms in an Enterprise Network. David Whyte, Evangelos Kranakis, and Paul C. van Oorschot. Proceedings of 2005 Network and Distributed System Security (NDSS) Symposium, February 2005.

  • Shred
    • 04/10/07 (Presenter: Mohamed Hassan) -- Protecting Against Unexpected System Calls. C. M. Linn, M. Rajagopalan, S. Baker, C. Collberg, S. K. Debray, and J. H. Hartman. 14th USENIX Security Symposium, August 2005. Baltimore, MD.

    Project Discussion - Problem Statements/Introductions/Conclusions

  • Syscall
    • 04/12/07 (Presenter: Luke St Clair) -- On the Effectiveness of Distributed Worm Monitoring. Moheeb Abu Rajab, Fabian Monrose, and Andreas Terzis 14th USENIX Security Symposium, August 2005. Baltimore, MD.

    (Presenter: Anuj Sawani) -- Remote Physical Device Fingerprinting Tadayoshi Kohno, Andre Broido, and KC Claffy 2005 IEEE Symposium on Security and Privacy, May 2005. Oakland, California.

  • DistWorm
  • Finger
    • 04/17/07 (Presenter: Sandra Rodriguez) -- A Generic Attack on Checksumming-Based Software Tamper Resistance, Glenn Wurster, Paul van Oorschot, and Anil Somayaji. 2005 IEEE Symposium on Security and Privacy, May 2005. Oakland, California.

    (Presenter: Divya Muthukumaran) -- Seeing-Is-Believing: Using Camera Phones For Human-Verifiable Authentication Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. 2005 IEEE Symposium on Security and Privacy, May 2005. Oakland, California.

  • ChkSum
  • Seeing
    • 04/19/07 Introductions / Conclusions (Presenter: Michael Lin) -- Untraceable RFID Tags via Insubvertible Encryption by Giuseppe Ateniese, Jan Camenisch, and Breno de Medeiros. Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), November 2005. Alexandria, VA.

    (Lisa Johansen) -- Space-Efficient Block Storage Integrity. Alina Oprea and Michael K. Reiter. Proceedings of 2005 Network and Distributed System Security (NDSS) Symposium, February 2005.

  • RFID
  • Storage
    • 04/24/07 (Presenter: Patrick Traynor) -- Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet. Xinyuan Wang, Shiping Chen, and Sushil Jajodia. Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), November 2005. Alexandria, VA.

    (Presenter: Will Enck) -- Evaluating SFI for a CISC Architecture. Stephen McCamant and Greg Morrisett. In 15th USENIX Security Symposium, (Vancouver, BC, Canada), August 2-4, 2006.

  • SFI
  • VoIP
    • 04/26/07 (Presenter: Joshua Schiffman) -- N-Variant Systems: A Secretless Framework for Security through Diversity (with Benjamin Cox, Adrian Filipi, Jonathan Rowanhill, Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser. USENIX Security 2006, August 2006.

    (Presenter: Smitha Sundareswaran) -- The Final Nail in WEP's Coffin Andrea Bittau, Mark Handley and Joshua Lackey. Proceedings of the 2006 IEEE Symposium on Security and Privacy.

    (Presenter: Will Enck) -- Understanding Data Lifetime via Whole System Simulation. Jim Chow, Ben Pfaff, Tal Garfinkel, Kevin Christopher, and Mendel Rosenblum. 13th USENIX Security Symposium, August 2004. Baltimore, MD.

  • Data
    • 05/01/07 No Class - Final Project Time
    05/03/07 No Class - Final Project Time
    05/04/07 Project Final Presentations (6pm-9pm)
    05/11/07 Final Projects Writeups Due

    CSE544 (Spring 2007)