ECE 524 / CS 563 Spring 2021

Advanced Computer Security

This is a preliminary schedule and is subject to change. Students are responsible for frequently checking this page, as well as the Piazza course announcements.

Week 1:

• Tu Jan 26 Introduction, Syllabus (Andrew's lecture) [slides]

  • Sign up for papers: see piazza

• Th Jan 28 Access control models (Andrew's lecture) [slides]

  • Lattice-based access control models. Ravi S. Sandhu.
  • Security Engineering - Chapter 4: Access Control Ross Anderson.

• Fr Jan 29

  • Paper reviews for Week 2 are due
  • Bidding for papers is due (pick top 5 ranked preference among papers from the preliminary reading list (link))

Week 2:

• Tu Feb 2 Language approach to security (Andrew's lecture)

  • Paper 1: Information-Flow Security for a Core of JavaScript Daniel Hedin, Andrei Sabelfeld. CSF 2012. Also: Language based information flow security [slides]

• Th Feb 4

  • Paper 2: “Weird Machines” in ELF: A Spotlight on the Underappreciated Metadata. Rebecca Shapiro, Sergey Bratus, Sean W. Smith. WOOT 2013. (presented by berkay)
  • Paper 3: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) Hovav Shacham. CCS 2007. (presented by jay)

• Fr Feb 5 Paper reviews for Week 3 are due

Week 3:

• Tu Feb 9

  • Paper 4: Verifying policy-based security for web services Karthikeyan Bhargavan, Cédric Fournet, Andrew D Gordon. CCS 2004. (presented by zhenyu) (slides)
  • Paper 5: Small World with High Risks: A Study of Security Threats in the npm Ecosystem. Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, Michael Pradel. Usenix Security 2019. (presented by pradyumna) (slides)

• Th Feb 1

  • Paper 6: Secure web applications via automatic partitioning Stephen Chong, Jed Liu, Andrew Myers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng. SOSP 2007. (presented by ruihao)
  • Paper 7: Joe-E: A Security-Oriented Subset of Java Adrian Mettler, David Wagner, Tyler Close. NDSS 2010. (presented by vishakh)

• Fr Feb 2 Paper reviews for Week 4 are due

Week 4:

• Tu Feb 16

  • Paper 8: Robust Declassification Steve Zdancewic Andrew C. Myers. CSF 2001. (presented by hamilton) (slides)
  • Paper 9: Certificate Transparency. Ben Laurie. Communications of the ACM, 2014. (presented by yuxuan) (slides)

• Th Feb 18

  • Paper 10: Transparency overlays and their applications. Melissa Chase, Sarah Meiklejohn. CCS 2016. (presented by zach)
  • Paper 11: CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds Kirill Nikitin, Eleftherios Kokoris-Kogias, Philipp Jovanovic, Nicolas Gailly, Linus Gasser, Ismail Khoffi, Justin Cappos, Bryan Ford. Usenix Sec 2017. (presented by rick) (slides)

Week 5:

• Tu Feb 23

  • Andrew's 37-minute Lecture on Blockchains and Smart Contracts (slides)
  • Paper 12: Finding The Greedy, Prodigal, and Suicidal Contracts at Scale. Ivica Nikolic, Aashish Kolluri, Ilya Sergey, Prateek Saxena, Aquinas Hobor. ACSAC 2018. (presented by thomas quig)

• Th Feb 25

  • Paper 13: Securify: Practical Security Analysis of Smart Contracts. Ivica Nikolic, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor. CCS 2019 (presented by berkay)
  • Paper 14: * Spectre Attacks: Exploiting Speculative Execution Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom. IEEE SP 2019 (presented by vishakh) (slides)

Week 6:

• Tu Mar 2

  • Andrew's intro lecture on Cryptography ZKP and MPC
  • Paper 15: ZoKrates - Scalable Privacy-Preserving Off-Chain Computations Jacob Eberhardt, Stefan Tai. CPSCom 2018. (presented by mohammad)

• Th Mar 4

  • Paper 16: PhotoProof: Cryptographic Image Authentication for Any Set of Permissible Transformations. Assa Naveh and Eran Tromer. SP 2016. (presented by hamilton)
  • Paper 17: Guest lecture by Yunqi Li MP-SPDZ: A Versatile Framework for Multi-Party Computation Marcel Keller. CCS 2020.

• Fr Project Proposals Due

Week 7:

• Tu Mar 9

  • Paper 18: Secure Evaluation of Quantized Neural Networks. Anders Dalskov, Daniel Escudero, and Marcel Keller. PoPETS 2020. (presented by rutvik)
  • Paper 19: Bulletproofs: Short Proofs for Confidential Transactions and More. Benedikt Bunz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell. SP 2018. (presented by jong chan)

• Th Mar 11

  • Paper 20: DIZK. (presented by pradyumna)
  • Paper 21: Modeling Users’ Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings Jialiu Lin, Bin Liu, Norman Sadeh, and Jason I. Hong. SOUPS2014. (presented by jiaxu)

Week 8:

• Tu Mar 16

  • Paper 22: xJsnark: a framework for efficient verifiable computation Ahmed Kosba, Charalampos Papamanthou, Elaine Shi. SP 2018 (presented by jong chan)
  • Paper 23: A Typology of Perceived Triggers for End-User Security and Privacy Behaviors. Sauvik Das, Laura A. Dabbish, Jason I. Hong. SOUPS 2019. (presented by margie)

• Th Mar 18

  • Paper 24: "Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale. I. Reyes, P. Wijesekera, J. Reardon, A. E. B. On, A. Razaghpanah, N. Vallina-Rodriguez, S. Egelman. PoPETS 2018. (presented by cindy)
  • No additional paper, lecture to end early and take questions

Week 9:

• Tu Mar 23

  • Paper 26: Deja Vu-A User Study: Using Images for Authentication. Rachna Dhamija and Adrian Perrig. Usenix Security 2000. (presented by zhi)
  • Paper 27: On Enforcing the Digital Immunity of a Large Humanitarian Organization Stevens Le Blond, Alejandro Cuevas, Juan Ramon Troncoso-Pastoriza, Philipp Jovanovic ´ Bryan Ford, Jean-Pierre Hubaux. Oakland 2018. (presented by morgan)

• Th Mar 25 NO LECTURE, WELLNESS DAY

• Fr Mar 26 PROJECT CHECKPOINT: Draft of Background and Related Work section due

Week 10:

• Tu Mar 30

  • Paper 28: SATE: Robust and Private Allegation Escrows Venkat Arun, Aniket Kate, Deepak Garg, Peter Druschel, Bobby Bhattacharjee. NDSS 2020. (presented by margie)
  • Paper 29: The Many Kinds of Creepware Used for Interpersonal Attacks Kevin A. Roundy, Paula Barmaimon Mendelberg, Nicola Dell, Damon McCoy, Daniel Nissani, Thomas Ristenpart, Acar Tamersoy. IEEE SP 2020. (presented by jay)

• Th Apr 1

  • Paper 30: A taste of tweets: reverse engineering Twitter spammers Chao Yang, Jialong Zhang, Guofei Gu. ACSAC 2014. (presented by thomas)
  • Paper 31: Disinformation’s spread: bots, trolls and all of us. Kate Starbird. Nature 571, 449 (2019). (presented by israel)

Week 11:

• Tu Apr 6

  • Paper 32: Detecting Fake Accounts in Online Social Networks at the Time of Registrations CCS 2019. (presented by zhenyu)
  • Paper 33: Trafficking fraudulent accounts: The role of the underground market in Twitter spam and abuse. Usenix security 2013. (presented by cindy)

• Th Apr 8

  • Paper 34: SoK: Hate, Harassment, and the Changing Landscape of Online Abuse Kurt Thomas Devdatta Akhawe Michael Bailey Dan Boneh Elie Bursztein Sunny Consolvo Nicola Dell Zakir Durumeric Patrick Gage Kelley Deepak Kumar Damon McCoy Sarah Meiklejohn Thomas Ristenpart Gianluca Stringhini. SP 2021. ()
  • Paper 35: * Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Hye Lee, Chris Wilkerson, Konrad Lai, Onur Mutlu.

• Fr Apr 9 Friday PROJECT CHECKPOINT: Draft of Methodology section due.

Week 12:

• Tu Apr 13 (BREAK)

• Th Apr 15

  • Paper 36: Better managed than memorized? studying the impact of managers on password strength and reuse Sanam Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes, Sven Bugiel. (USENIX'18) (presented by zach)
  • Paper 37: The Security Impact of HTTPS Interception. Z Durumeric, Z Ma, D Springall, R Barnes, N Sullivan, E Bursztein. NDSS 2017. (presented by ruihao)

Week 13:

• Tu Apr 20

  • Paper 38: Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet. Stephen Herwig, Katura Harvey, George Hughey, Richard Roberts, Dave Levin. NDSS 2019. (presented by israel)
  • Paper 39: EANN: Event Adversarial Neural Networks for Multi-Modal Fake News Detection KDD 2018 (presented by jiaxu)

• Th Apr 22

  • Paper 40: Practicing a Science of Security: A Philosophy of Science Perspective Jonathan M. Spring, Tyler Moore, David J Pym. NSPW 2017. (presented by morgan)
  • Paper 41: Information security: where computer science, economics and psychology meet. Ross Anderson and Tyler Moore. Phil. Trans. R. Soc. (presented by michael)

Week 14:

• Tu Apr 27

  • Paper 42: On the Detection of Disinformation Campaign Activity with Network Analysis. Luis Vargas, Patrick Emami, Patrick Traynor, Traynor. CCSW 2020. (presented by rick)
  • Paper 43: The Spyware Used in Intimate Partner Violence. Rahul Chatterjee, Periwinkle Doerfler, Hadas Orgad, Sam Havron, Jackeline Palmer, Diana Freed, Karen Levy, Nicola Dell, Damon McCoy, Thomas Ristenpart. IEEE SP 2018. (presented by rahul)

• Th Apr 29 Presentations 1

  • Morgan Fong

Week 15:

• Tu May 4 Presentations 2

  • Jay Shenoy
  • Cindy and Berkay Kaplan
  • Zach Oldham

• Th May 6 (READING DAY)

Week 16:

• Tu May 11 Final project reports due