Advanced Computer Security

CS 563/ECE 524, Spring 2026

Course Schedule

Presentation and blogging assignments are posted here.

Course Introduction

Jan 20

Logistics

Overview of the course and discussion of course expectations.

Slides Presenter: Nikita Borisov

Phishing

Jan 22

Phishing and Account Compromise

Overview of phishing and account compromise.

Slides Presenter: Nikita Borisov

Reading/Reviewing Papers

Jan 27

Logistics

Discussion of paper reading techniques and review writing.
Starts at 1:00pm

Readings:

How to Read a Paper
S. Keshav SIGCOMM CCR 2007
How to Read a Research Paper
Michael Mitzenmacher

Slides Presenter: Nikita Borisov

Phishing

Jan 29

Phishing and Account Compromise

Readings:

Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale
Adam Oest, Penghui Zhang, Brad Wardman, Eric Nunes, Jakub Burgis, Ali Zand, Kurt Thomas, Adam Doupé, and Gail-Joon Ahn USENIX Security 2020

Slides
Catching Phishers By Their Bait: Investigating the Dutch Phishing Landscape through Phishing Kit Detection
Hugo Bijmans, Tim Booij, Anneke Schwedersky, Aria Nedgabat, and Rolf van Wegberg USENIX Security 2021

Slides

Phishing Detection

Feb 3

Phishing and Account Compromise

Readings:

Less Defined Knowledge and More True Alarms: Reference-based Phishing Detection without a Pre-defined Reference List
Ruofan Liu, Yun Lin, Xiwen Teoh, Gongshen Liu, Zhiyong Huang, Jin Song Dong USENIX Security 2023

Slides
Phish in Sheep's Clothing: Exploring the Authentication Pitfalls of Browser Fingerprinting
Xu Lin, Panagiotis Ilia, Saumya Solanki, and Jason Polakis USENIX Security 2022

Slides

Presenter: Nikita Borisov

Account Security Interfaces

Feb 5

Phishing and Account Compromise

Readings:

Account Security Interfaces: Important, Unintuitive, and Untrustworthy
Alaa Daffalla, Marina Bohuk, Nicola Dell, Rosanna Bellini, Thomas Ristenpart USENIX Security 2023

Slides

Project Expectations

Feb 5 (continued)

Logistics

User Compromise Notifications

Feb 10

Phishing and Account Compromise

Readings:

"Who is Trying to Access My Account?" Exploring User Perceptions and Reactions to Risk-based Authentication Notifications
Tongxin Wei, Ding Wang, Yutong Li, Yuehuan Wang NDSS 2025

Slides

Network Security Overview

Feb 12

Network Security

Slides Presenter: Nikita Borisov

DoS and Path Validation

Feb 17

Network Security

Readings:

CDN Judo: Breaking the CDN DoS Protection with Itself
Run Guo, Weizhong Li, Baojun Liu, Shuang Hao, Jia Zhang, Haixin Duan, Kaiwen Sheng, Jianjun Chen, Ying Liu NDSS 2020
Symphony: Path Validation at Scale
Anxiao He, Kai Bu, Minhao Cheng, Xinle Liu, Xiang Wang, Menghan Tian, Shiran Pan, Kui Ren NDSS 2024

Network Intrusion Detection

Feb 19

Network Security

Readings:

xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses
Feng Wei, Hongda Li, Ziming Zhao, Hongxin Hu USENIX Security 2023

DPI Evasion and Censorship

Feb 24

Network Security

Readings:

SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery
Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Kevin S. Chan, Tracy D. Braun NDSS 2020
DeResistor: Toward Detection-Resistant Probing for Evasion of Internet Censorship
Abderrahmen Amich, Birhanu Eshete, Vinod Yegneswaran, Nguyen Phong Hoang USENIX Security 2023

Human Factors Overview

Feb 26

Human Factors

Presenter: Mahnoor Jameel

Wi-Fi Security

Mar 3

Network Security

Readings:

Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues
Domien Schepers, Aanjhan Ranganathan, Mathy Vanhoef USENIX Security 2023

Project Presentations

Mar 3 (continued)

Logistics

One slide, one minute presentation of your project

Authentication Usability

Mar 5

Human Factors

Readings:

A Security and Usability Analysis of Local Attacks Against FIDO2
Dhruv Kuchhal, Muhammad Owais Javed, and Frank Li NDSS 2024
Why Aren't We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication
Leona Lassak, Blase Ur, Maximilian Golla, and Florian M. Farke USENIX Security 2024

Privacy Perceptions

Mar 10

Human Factors

Readings:

Transparency or Information Overload? Evaluating Users' Comprehension and Perceptions of the iOS App Privacy Report
Shikun Zhang, Yuanyuan Feng, Norman Sadeh, and Lorrie Faith Cranor NDSS 2025
Smart Home Privacy Policies Demystified: A Study of Availability, Content, and Coverage
Sunil Manandhar, Kaushal Kafle, Benjamin Andow, Kapil Singh, Adwait Nadkarni USENIX Security 2022

Cryptography Overview

Mar 12

Cryptography

Presenter: Nikita Borisov

Cryptography in Practice

Mar 24

Cryptography

Readings:

The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts
Jan-Peter Fischer, Simon Henniger, Johanna Henrich, and Sascha Fahl USENIX Security 2024
Parakeet: Practical Key Transparency for End-to-End Encrypted Messaging
Harjasleen Malvai, Lefteris Kokoris-Kogias, Alberto Sonnino, Esha Ghosh, Ercan Oztürk, Kevin Lewi, and Sean Lawlor NDSS 2023

Anonymous Credentials

Mar 26

Cryptography

Readings:

How to Bind Anonymous Credentials to Humans
Julia Hesse, Nitin Singh, and Alessandro Sorniotti USENIX Security 2023
zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity Infrastructure
Michael Rosenberg, Jacob White, Christina Garman, and Ian Miers IEEE S&P 2023

LLM Overview

Mar 31

LLM/Agents

Presenter: Nikita Borisov

Private Information Retrieval

Apr 2

Cryptography

Readings:

One Server for the Price of Two: Simple and Fast Single-Server Private Information Retrieval
Alexandra Henzinger, Matthew M. Hong, Henry Corrigan-Gibbs, Sarah Meiklejohn, and Vinod Vaikuntanathan USENIX Security 2023
PEPSI: Practically Efficient Private Set Intersection in the Unbalanced Setting
Rasoul Akhavan Mahdavi, Maryam Ehsanpour, and Ian Goldberg USENIX Security 2024

Prompt Injection and Stealing

Apr 7

LLM/Agents

Readings:

Formalizing and Benchmarking Prompt Injection Attacks and Defenses
Yupei Liu, Yuqi Jia, Runpeng Geng, Jinyuan Jia, and Neil Zhenqiang Gong USENIX Security 2024
PRSA: Prompt Stealing Attacks against Real-World Prompt Services
Yong Yang, Xuhong Zhang, Yi Jiang, Xi Chen, Haoyu Wang, Shouling Ji, and Zonghui Wang USENIX Security 2025

LLM Plugin Security

Apr 9

LLM/Agents

Readings:

The Philosopher's Stone: Trojaning Plugins of Large Language Models
Tian Dong, Minhui Xue, Guoxing Chen, Rayne Holland, Shaofeng Li, Yan Meng, Zhen Liu, and Haojin Zhu NDSS 2025

Vulnerability and Fuzzing Overview

Apr 14

Vulnerability Discovery

Presenter: Nikita Borisov

LLM Privacy and Defenses

Apr 16

LLM/Agents

Readings:

Cloak, Honey, Trap: Proactive Defenses Against LLM Agents
Misha Ayzenshteyn, Shira Dadon, and Amir Feder USENIX Security 2025
Effective PII Extraction from LLMs through Augmented Few-Shot Learning
Shuai Cheng, Jia-Chen Gu, Liangjie Huang, Xing Xie, Zhen Xiao, and Quan Liu USENIX Security 2025

Web and Binary Fuzzing

Apr 21

Vulnerability Discovery

Readings:

Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities
Emre Güler, Sergej Schumilo, Moritz Schloegel, Nils Bars, and Thorsten Holz USENIX Security 2024
BENZENE: Practical Root-Cause Analysis Using Under-Constrained State Mutation
Younggi Park, Hwiwon Lee, Jinho Jung, Hyungjoon Koo, and Huy Kang Kim S&P 2024

DNS Resolver Fuzzing

Apr 23

Vulnerability Discovery

Readings:

ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing
Qifan Zhang, Xuesong Bai, Xiang Li, Haixin Duan, Qi Li, and Zhou Li USENIX Security 2024

IoT Vulnerability Discovery

Apr 28

Vulnerability Discovery

Readings:

EAGLEYE: Exposing Hidden Web Interfaces in IoT Devices via Routing Analysis
Wei Xie, Jiadong Wang, Yaming Chen, Yuhang Zhao, Haoyu Xiao, and Zhiqiang Lin NDSS 2025
Operation Mango: Scalable Discovery of Taint-Style Vulnerabilities in Binary Firmware Services
Tobias Scharnowski, Nils Bars, Moritz Schloegel, Thorsten Holz, and Ali Abbasi USENIX Security 2024