| Empirical Security 101 |
| Wed 09/27 |
Administrivia
Slides
|
|
[Assigned] Research project
|
| Mon 10/02 |
Empirical Security
Slides
|
- [Optional] SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit.
(Slides|Video)
|
|
| Wed 10/04 |
Measurement + Ethics
Slides
|
- [Optional] Strategies for Sound Internet Measurement.
- [Optional] ZMap: Fast Internet-wide Scanning and Its Security Applications.
(Slides|Video)
- [Optional] Dos and Don'ts of Machine Learning in Computer Security.
(Slides|Video)
|
[Deadline] Presentation signup
Due 10/04 at 9PM PDT (UTC-7)
[Deadline] Submit Project Team
Due 10/06 at 9PM PDT (UTC-7)
|
| Mon 10/09 |
Security
Slides
|
- [Optional] Perspectives on Security.
- [Optional] Reflections on Trusting Trust.
- [Optional] Running the "Reflections on Trusting Trust" Compiler.
|
|
| Internet Security |
| Wed 10/11 |
Web Tracking
|
- Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016.
(Slides|Video)
- The Web Never Forgets: Persistent Tracking Mechanisms in the Wild.
(Slides)
|
|
| Mon 10/16 |
Web Tracking + DNS
|
- XRay: Enhancing the Web’s Transparency with Differential Correlation.
(Slides|Video)
- Building a Dynamic Reputation System for DNS.
|
|
| Wed 10/18 |
Public Keys
|
- Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices.
(Slides|Video)
- The Million-Key Question — Investigating the Origins of RSA Public Keys .
(Slides|Video)
|
[Deadline] Project Proposal
Due 10/18 at 9PM PDT (UTC-7)
Sign up for a proposal meeting.
|
| Mon 10/23 |
TLS
|
- The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software.
- The Security Impact of HTTPS Interception.
|
|
| Wed 10/25 |
DDoS + Botnets
|
- Inferring Internet Denial-of-Service Activity.
- BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection.
|
|
| User + Usable Security |
| Mon 10/30 |
User Authentication
|
- Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks.
(Slides|Video)
- Towards Implicit Visual Memory-Based Authentication.
(Slides|Video)
|
|
| Wed 11/01 |
Passwords + Spam
|
- The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords.
(Slides)
- Click Trajectories: End-to-End Analysis of the Spam Value Chain.
|
|
| Mon 11/06 |
Social Engineering
Slides
|
- Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale.
(Slides|Video)
- Who's Calling? Characterizing Robocalls through Audio and Metadata Analysis.
(Slides|Video)
|
[Deadline] Sign up for a research update meeting.
|
| Wed 11/08 |
Security Indicators
|
- Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness.
(Slides|Video)
- Can Voters Detect Malicious Manipulation of Ballot Marking Devices?.
(Video)
|
|
| Software + Systems Security |
| Mon 11/13 |
Memory attacks
|
- The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)..
- SoK: Eternal War in Memory.
|
|
| Wed 11/15 |
Finding vulnerabilities
|
- Evaluating Fuzz Testing.
(Video)
- Before we knew it: An empirical study of zero-day attacks in the real world.
|
|
| Mon 11/20 |
IoT
|
- Understanding the Mirai Botnet.
(Slides|Video)
- SoK: Security Evaluation of Home-Based IoT Deployments.
(Slides|Video)
|
|
| Wed 11/22 |
No class
|
Happy Thanksgiving eve!
|
|
| Mon 11/27 |
Cyber-Physical Systems
|
- Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses.
- Comprehensive Experimental Analyses of Automotive Attack Surfaces.
(Video)
- [Optional] Security Analysis of a Full-Body Scanner.
(Slides|Video)
|
|
| Wed 11/29 |
Intrusion Detection + Side Channels
|
- Data Mining Approaches for Intrusion Detection.
- Timing Analysis of Keystrokes and Timing Attacks on SSH.
- [Optional] Detecting intrustions using system calls: alternative data models.
- [Optional] Anomaly Detection: A Survey.
|
[Deadline] (Optional) Sign up for a second research update meeting.
|
| Meta Analysis + Wrap up |
| Mon 12/04 |
Meta-analysis
|
- Milk or Wine: Does Software Security Improve with Age?.
- A Decade of Mal-Activity Reporting: A Retrospective Analysis of Internet Malicious Activity Blacklists.
|
|
| Wed 12/06 |
Class Recap
|
|
|
| Finals Week |
| Mon 12/11 |
Project Presentations
|
Time/Location TBD
|
|
| Wed 12/13 |
Project Presentations
|
Time/Location TBD
|
[Deadline] Final project report
Due 12/13 at 9PM PST (UTC-8)
|