Spring 2011
| Date | Subject | Readings | Notes |
|---|---|---|---|
| Jan 11 | Course Overview | Reflections on Trust | Homework 1 out slide |
| Jan 13 | Overview of Vulnerability and Exploit Research | Checking System Rules Using System-Specific Programmer-Written Compiler Extensions | slide |
| Jan 18 | Overview of Defense Research | The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection | slide |
| Jan 20 | Overview of Malware Research | SplitScreen:
Enabling Efficient, Distributed Malware Detection | HW 1 due. |
| Jan 25 | Basic Buffer Overflows | Smashing the
Stack for Fun and Profit Pauls blog post on what has changed since the paper was written |
|
| Jan 27 | Format and Integer Overflows (Sang Kil Cha) | Exploiting
Format String Vulnerabilities Basic Integer Vulnerabilities |
slide |
| Feb 1 | Web Server-Side Vulnerabilities | None | slide |
| Feb 3 | Web Client-Side Vulnerabilities | Document Structure
Integrity: A Robust Basis for Cross Site Scripting Robust Defense for Cross-Site Request Forgery |
HW 2 out slide |
| Feb 8 | Guest Lecture (Ed Schwartz): ASLR and DEP | ASLR Smack and Laugh Reference On the Effectiveness of Address Space Randomization |
slide |
| Feb 10 | Formal Methods | A Symbiotic Relationship
Between Formal Methods and Security Enforceable Security Policies |
|
| Feb 15 | Dynamic taint analysis and Symbolic Execution | All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask) | HW2 due |
| Feb 17 | Student Presentations |
Please visit the web site to check papers assigned to you: here Native Client: A Sandbox for Portable, Untrusted x86 Native Code (OAKLAND 2009) - Presenter: Matthew Maurer Accountable Virtual Machines (OSDI 2010) - Presenter: Spencer Whitman |
Project Proposals Due |
| Feb 22 | Student Presentations |
Identifying Dormant Functionality in Malware Programs (Oakland 2010) - Presenter: Swaminathan Ramesh Efficient Detection of Split Personalities in Malware (NDSS 2010) - Presenter: Ashwini Giridhar Rao |
|
| Feb 24 | Student Presentations |
It's No Secret. Measuring the Security and Reliability of Authentication via "Secret" Questions (Oakland 2009) - Presenter: Richard Shay Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow (Oakland 2010) - Presenter: Gananand Ganesh Kini |
|
| Mar 1 | Student Presentations |
NetShield: Massive Semantics-based Vulnerability Signature Matching for High-speed Networks (SigComm 2010) - Presenter: Thanassis Avgerinos Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves (Oakland 2009) - Presenter: Elli Fragkaki |
|
| Mar 3 | Student Presentations |
Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications (USENIX 2009) - Presenter: Yuan Liang Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms (USENIX 2009) - Presenter: Thomas Hobson |
Project update 1 due |
| Mar 7 | No Class - Spring Break | ||
| Mar 11 | No Class - Spring Break | ||
| Mar 15 | Vulnerability-based Signatures | Theory and Techniques for Automatic
Genereation of Vulnerability-Based Signatures If you have problems, try this version from an on-campus computer. Vigilante: End-to-end containment of Internet Worms |
|
| Mar 17 | Student Presentations |
BLADE: An Attack-Agnostic Approach for Preventing Drive-By Malware Infections (CCS 2010) - Presenter: Paul Makowski Idle Port Scanning and Non-interference Analysis of Network Protocol Stacks Using Model Checking (USENIX 2010) - Presenter: Spencer Whitman |
Happy St. Patricks Day. |
| Mar 22 | Student Presentations |
Toward Automated Detection of Logic Vulnerabilities (USENIX 2010) - Presenter: Swaminathan Ramesh |
HW3 out |
| Mar 24 | Student Presentations |
DieHarder: Securing the Heap (CCS 2010) - Presenter: Paul Makowski State of the Art: Automated Black-Box Web Application Vulnerability Testing (Oakland 2010) - Presenter: Gananand Ganesh Kini |
|
| Mar 29 | Project Presentations | HW3 due | |
| Mar 31 | Student Presentations |
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on SmartPhones (OSDI 2010) - Presenter: Elli Fragkaki CCured in the real world (PLDI 2003) - Presenter: Matthew Maurer |
|
| Apr 5 | Scalable Malware Clustering | Scalable Behavior-Based Malware Clustering | |
| Apr 7 | Malware Hooking and BotNets | Hookfinder: Identifying
and Understanding Malware Hooking Behavior BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation |
|
| Apr 12 | Student Presentations |
Bugs as deviant behavior: a general approach to inferring errors in systems code (SOSP 2001) - Presenter: Thanassis Avgerinos Automatic Generation of Remediation Procedures for Malware Infections (USENIX 2010) - Presenter: Thomas Hobson |
Project Update Due |
| Apr 14 | No Classes | ||
| Apr 19 | Student Presentations |
Automatic Reverse Engineering of Data Structures from Binary Execution (NDSS 2010) - Presenter: Ashwini Giridhar Rao Adnostic: Privacy Preserving Targeted Advertising (NDSS 2010) - Presenter: Richard Shay |
|
| Apr 21 | Wrap Up | ||
| Apr 26 | Side Channels | Language Identification of Encrypted
VOIP Traffic: Alejandra y Roberto or Alice and Bob? Remote Timing Attacks are Practical |
|
| Apr 28 | Paul and Gananand makeup talk | ||
| May 5 | Final Presentation | 1:00pm - 4:00pm |