Below is the calendar for this course. This is the preliminary schedule, which may be altered as the term progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).
| Date | Topic | Assignments Due |
Discussions (do readings before class) |
Presenter(s) |
| 8/23/2016 |
( |
Reflections on Trusting Trust, Ken Thompson (link)
M. Blaze. "Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks." IEEE Security and Privacy, March/April 2003. (link)
|
Bates |
|
| 8/25/2016 |
( |
D. Tian, N. Scaife, A. Bates, K. Butler, and P. Traynor. "Making USB Great Again with USBFILTER." USENIX Security 2016. (link)
D. Tian, A. Bates, and K. Butler. "Defending Against Malicious USB Firmware with GoodUSB." ACSAC 2015. (link)
(Suggested Video) K. Nohl and J. Lell. "BadUSB - On Accessories that Turn Evil," Blackhat USA 2014. (link)
|
Bates |
|
| 8/30/2016 |
( |
M. Tischer, Z. Durumeric, S. Foster, S. Duan, A. Mori, E. Bursztein, and M. Bailey. "Users Really Do Plug in USB Drives They Find." Oakland 2016. (link)
S. Angel,R. Wahby, M. Howald, J. Leners, M. Spilo, Z. Sun, A. Blumberg, M. Walfish. "Defending against Malicious Peripherals with Cinch." USENIX Security 2016 (link)
|
Tianyuan, Avesta |
|
| 9/1/2016 |
( |
R. Anderson. "Why Cryptosystems Fail." Communications of the ACM 1994. (link)
S. Murdoch, S. Drimer, R. Anderson, and M. Bond, "Chip and PIN is Broken." Oakland 2010. (link)
|
Hassan, Yi |
|
| 9/6/2016 |
( |
Project Choices
|
B.Reaves, N. Scaife, A. Bates, K. Butler, and P. Traynor. "Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World." USENIX Security 2015. (link)
K. Nohl, D. Evans, Starbug, and H. Plötz. "Reverse-Engineering a Cryptographic RFID Tag." USENIX Security '08. (link)
|
Qi, Bart |
| 9/8/2016 |
( |
P. Marquardt, A. Verma, H. Carter and P. Traynor, "(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers." CCS 2011. (link)
G. Shah, A. Molina, and M. Blaze, "Keyboards and covert channels", USENIX Security 2006. (link)
|
Ren-Jay, Eric |
|
| 9/13/2016 |
( |
S. Dey, N. Roy, W. Xu, R. R. Choudhury and S. Nelakuditi. "AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable." NDSS 2014. (link)
A. Das, N. Borisov, M. Caesar. "Do You Hear What I Hear?: Fingerprinting Smart Devices Through Embedded Acoustic Components." CCS 2014. (link)
|
Tianyuan, Siddharth |
|
| 9/15/2016 |
( |
S. Clark, T. Goodspeed, P. Metzger, Z. Wasserman, K. Xu, and M. Blaze, "Why (Special Agent) Johnny (Still) Can't Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System." USENIX Security 2011. (link)
N. Unger, S. Dechand, J. Bonneau, S. Fahl, H. Perl, I. Goldberg, and M. Smith. "SoK: Secure Messaging." Oakland 2015. (link)
|
Eric, Gohar |
|
| 9/20/2016 |
( |
D. Halperin, T.S. Heydt-Benjamin, B. Ransford, S.S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W.H. Maisel, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses." Oakland 2008. (link)
Michael Rushanan, Colleen Swanson, Denis Foo Kune, and Aviel D. Rubin, "SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks." Oakland 2014. (link)
|
Phuong, Matt |
|
| 9/22/2016 |
( |
T. Denning, B. Friedman, B. Gill, D. Kramer, M. Reynolds, T. Kohno. "Beyond usability: applying value sensitive design based methods to investigate domain characteristics for security for implantable cardiac devices." ACSAC 2014. (link)
K. Mowery, E. Wustrow, T. Wypch, C. Singleton, C. Comfort, E. Rescorla, S. Checkoway, J. Halderman, H. Shacham. "Security Analysis of a Full-Body Scanner." USENIX Security 2014. (link)
|
Saad, Deepak |
|
| 9/27/2016 |
( |
E. Fernandes, J. Jung, and A. Prakash. "Security Analysis of Emerging Smart Home Applications." IEEE Security & Privacy 2016. (link)
Y. Xu, J-M Frahm and F. Monrose. "Watching the Watchers: Automatically Inferring TV Content From Outdoor Light Effusions." CCS 2014. (link)
|
Gohar, Bart |
|
| 9/29/2016 |
( |
Y. Oren and A. Keromytis. "From the Aether to the Ethernet—Attacking the Internet using Broadcast Digital Television." USENIX Security 2014. (link)
E. Fernandes, J. Paupore, A. Rahmati, D. Simionato, M. Conti, A. Prakash. "FlowFence: Practical Data Protection for Emerging IoT Application Frameworks," USENIX Security 2016. (link)
|
Ren-Jay, Qi |
|
| 10/4/2016 |
( |
Abstract, Background,
RelWork |
M. Sherr, E. Cronin, S. Clark, and M. Blaze. "Signaling vulnerabilities in wiretapping systems." IEEE S&P Magazine 2005. (link)
M. Sherr, G. Shah, E. Cronin, S. Clark, and Matt Blaze. "Can They Hear me Now? A Security Analysis of Law Enforcement Wiretaps," CCS 2009. (link)
|
Kyo Hyun, Hassan |
| 10/6/2016 |
( |
A. Bates, K. Butler, M. Sherr, C. Shields, P. Traynor, and D. Wallach, "Accountable Wiretapping -or- I Know They Can Hear You Now." NDSS 2012. (link)
A. M. White, A. R. Matthews, K. Z. Snow, and F. Monrose, “Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks." Oakland 2011. (link)
|
Simon, Corly |
|
| 10/11/2016 |
( |
C. Yang, G. Yang, A. Gehani, V. Yegneswaran, D. Tariq, and G. Gu. "Using Provenance Patterns to Vet Sensitive Behaviors in Android Apps." Security and Privacy in Communication Networks, 2016. (link)
Backes, Michael, Sven Bugiel, and Sebastian Gerling. "Scippa: system-centric IPC provenance on Android." ACSAC 2014. (link)
|
Wajih, Qi |
|
| 10/13/2016 |
|
A. Hojjati, A. Adhikari, K. Struckmann, E. J. Chou, T. N. T. Nguyen, K. Madan, M. S. Winslett, C. A. Gunter, and W. P. King. "Leave Your Phone at the Door: Side Channels that Reveal Factory Floor Secrets." CCS 2016.
D. Tian, A. Bates, K. Butler, and R. Rangaswami. "ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices." CCS 2016.
|
Avesta, Bates |
|
| 10/18/2016 |
( |
Experimental Proposal
|
D. Formby, P. Srinivasan, A. Leonard, J. Rogers and R. Beyah. "Who’s in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems." NDSS 2016. (link)
A. A. Cárdenas, S. Amin, Z. Lin, Y. Huang, C. Huang, and S. Sastry. "Attacks against process control systems: risk assessment, detection, and response." ASIACCS 2011. (link)
|
Yi, Siddharth |
| 10/20/2016 |
( |
Stephen McLaughlin, Saman Zonouz, Devin Pohly, Patrick McDaniel, "A Trusted Safety Verifier for Process Controller Code." NDSS 2014. (link)
McDaniel, Patrick, and Stephen McLaughlin. "Security and privacy challenges in the smart grid." IEEE Security and Privacy Magazine (2009). (link)
|
Deepak, Simon |
|
| 10/25/2016 |
|
Attend Dongyan Xu's 4PM talk in Coordinated Science Lab Auditorium (B02). Check-in with Professor Bailey. (link)
|
||
| 10/27/2016 |
( |
R. Tan, V. B. Krishna, D. Yao, Z. Kalbarczyk. "Impact of integrity attacks on real-time pricing in smart grids" CCS 2013. (link)
S. McLaughlin, P. McDaniel, and W. Aiello, "Protecting Consumer Privacy from Electric Load Monitoring." CCS 2011. (link)
|
Tianyuan, Saad |
|
| 11/1/2016 |
( |
Status Slides
|
K. Butler, W. Enck, H. Hursti, S. McLaughlin, P. Traynor, and P. McDaniel, "Systemic Issues in the Hart InterCivic and Premier Voting Systems: Reflections Following Project EVEREST", USENIX EVT 2008. (link)
R. Fink, A. Sherman, and R. Carback. "TPM Meets DRE: Reducing the Trust Base for Electronic Voting Using Trusted Platform Modules." Transactions on Information Forensics and Security 2009. (link)
|
Siddharth, Kyo Hyun |
| 11/3/2016 |
( |
S. Wolchok, E. Wustrow, J.A. Halderman, H.K. Prasad, A. Kankipati, S.K. Sakhamuri, V. Yagati, and R. Gonggrijp. "Security analysis of India's electronic voting machines." CCS 2010. (link)
S. Wolchok, E. Wustrow, D. Isabel, and J. A. Halderman. "Attacking the Washington, D.C. Internet Voting System." Financial Cryptography and Data Security 2012. (link)
|
Surya, Matt |
|
| 11/8/2016 |
( |
W. Enck, P. Traynor, P. McDaniel and T. La Porta, "Exploiting Open Functionality in SMS-Capable Cellular Networks." CCS 2005. (link)
C. Li, G. Tu, C. Peng, Z. Yuan, Y. Li, S. Lu, X. Wang. "Insecurity of Voice Solution VoLTE in LTE Mobile Networks." CCS 2015. (link)
|
Zane, Corly |
|
| 11/10/2016 |
( |
F. van den Broek, R. Verdult, and J. de Ruiter. "Defeating IMSI Catchers." CCS 2015. (link)
A. Dabrowski, N. Pianta, T. Klepp, M. Mulazzani, E. Weippl. "IMSI-Catch Me If You Can: IMSI-Catcher-Catchers." ACSAC 2014. (link)
|
Ren-Jay, Simon |
|
| 11/15/2016 |
( |
Status Slides
|
D. Wenlandt, D. Anderson, and A. Perrig. "Perspectives: improving SSH-style host authentication with multi-path probing." ATC'08. (link)
B. Reaves, E. Shernan, A. Bates, H. Carter, and P. Traynor. "Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge." USENIX Security '15. (link)
|
Hassan, Gohar |
| 11/17/2016 |
( |
V. Balasubramaniyan, A. Poonawalla, M. Ahamad, M. Hunter, and P. Traynor. "PinDr0p: using single-ended audio features to determine call provenance." (link)
J. Liang, J. Jiang, H. Duan, K. Li, T. Wan, and J. Wu. "When HTTPS Meets CDN: A Case of Authentication in Delegated Service." Oakland 2014. (link)
(Suggested Video) M. Marlinskipe. "SSL and the Future of Authenticity," BLACKHAT USA 2011. (link)
|
Wajih, Zane |
|
| 11/22/2016 |
|
|||
| 11/24/2016 |
|
|||
| 11/29/2016 |
( |
S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, "Comprehensive Experimental Analyses of Automotive Attack Surfaces." USENIX Security 2011. (link)
D. Lundberg, B. Farinholt,∗ E. Sullivan, R. Mast, S. Checkoway, S. Savage, A. C. Snoeren, and K. Levchenko. "On The Security of Mobile Cockpit Information Systems." CCS 2014. (link)
(Suggested Video) C. Miller, and C. Valasek. "Remote Exploitation of an Unaltered Passenger Vehicle," DEFCON 23. (link)
|
Surya, Kyo Hyun |
|
| 12/1/2016 |
( |
K. Cho and K. Shin. "Fingerprinting Electronic Control Units for Vehicle Intrusion Detection." USENIX Security 2016. (link)
Course Wrap-Up
|
Deepak, Bates |
|
| 12/6/2016 |
|
Presentations
|
Team Bitcoin Wallet, Team ProvContainer, Team Strava
|
|
| 12/8/2016 |
|
Presentations
|
Team Echosquat, Team Gait Identification, Team Hack-the-Xfinities, Team Echoauth, Team WearSec, Team Allibi, Team Fitbit, Team DataPlane, Team ProvThings
|