The goal of this course is to give students a broad overview of research topics in the field of computer security. This involves reading and discussing both foundational and recent papers, and conducting a course research project.
Course StructureGrades will be based upon the following:
Class Participation (20%)
Students are expected to contribute to class discussions following paper presentations. Students should be able to ask insightful questions and demonstrate that they have read and understand the assigned readings.
Paper Presentations (30%)
Students will give conference style talks on assigned papers. They will prepare slides and a 15 minute presentation on the papers.
Course Project (50%)
Students will conduct original research on a topic related to computer security over the course of the semester. Students will propose a project part-way through the class, and will submit a final report (6-12 pages) by the end of the course. Students will also give a conference style talk on their results during the final week of class. Working in groups is allowed, but a more substantial product is expected when working as a group.
Monday, August 21 — Welcome/Course OverviewSlides
Wednesday, August 23 — Instructor PresentsSlides
Monday, August 28 — Stack Smashing
- Smashing The Stack For Fun And Profit. Aleph One. Phrack 49(14), Nov. 1996.
- StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. USENIX Security 1998.
Wednesday, August 30 — Advanced Pwning
Nation State Attacks
Monday, September 4No Class.
Wednesday, September 6 — Russia
Monday, September 11
- Timing Analysis of Keystrokes and Timing Attacks on SSH. USENIX Security 2001.
- FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. USENIX Security 2014.
Wednesday, September 13
- Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. Ristenpart Tromer, Shacham, and Savage. CCS 2009.
- Spectre attacks: Exploiting Speculative Execution. Oakland 2019.
Monday, September 18 — Automotive Security
- Experimental Security Analysis of a Modern Automobile. Oakland 2010.
- Comprehensive Experimental Analyses of Automotive Attack Surfaces. USENIX Security 2011.
Wednesday, September 20
- Security Analysis of a Full-Body Scanner . USENIX Security 2014.
- Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses. Oakland 2008.
Monday, September 25No Class.
Wednesday, September 27 — Sandboxing
- Native Client: A Sandbox for Portable, Untrusted x86 Native Code. Oakland 2009.
- Retrofitting Fine Grain Isolation in the Firefox Renderer. USENIX Security 2020.
Monday, October 2 — Rowhammer
- Exploiting the DRAM rowhammer bug to gain kernel privileges. Google blog post, 2015.
- TRRespass: Exploiting the Many Sides of Target Row Refresh. Oakland 2020.
Wednesday, October 4 — Disturbance Effects/Forensics
- Row Press. ISCA 2023
- Lest We Remember: Cold Boot Attacks on Encryption Keys. USENIX Security 2008.
Course Project Proposal Presentations
Monday, October 9— Proposal Presentations
Wednesday, October 11— Proposal Presentations Continued
Monday, October 16
Wednesday, October 18
- Extracting Training Data from Large Language Models. USENIX Security 2021.
- Dos and Don'ts of Machine Learning in Computer Security. USENIX Security 2022.
Monday, October 23 — Botnets
- Your Botnet is My Botnet: Analysis of a Botnet Takeover. CCS 2009.
- Understanding the Mirai Botnet. USENIX Security 2017.
Wednesday, October 25 — Spam
- Detecting and Characterizing LAteral Phishing at Scale. USENIX Security 2019.
- Spamalytics: An Empirical Analysis of Spam Marketing Conversion. CCS 2008.
Monday, October 30 — Real World Cryptography
Wednesday, November 1 — Privacy
- BlindBox: Deep Packet Inspection over Encrypted Traffic. SIGCOMM 2015.
- Zerocash: Decentralized Anonymous Payments from Bitcoin. Oakland 2014.
Monday, November 6 — Usability
- Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0.. USENIX Security 1999
- Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness. USENIX Security 2013.
Wednesday, November 8 — Passwords
Monday, November 13 — Anonymous Browsing
Wednesday, November 15 — Web/Device Tracking
Monday, November 20
- The Matter of Heartbleed. IMC 2014.
- Off-Path TCP Exploits: Global Rate Limit Considered Dangerous. USENIX Security 2016.