Reading Schedule
The following are the readings for the course. Extra space has been left in the schedule to allow reading of papers students are interested in. Please share any preferences with the instructor.
All readings must be completed before the class date listed. All reviews for the readings must be submitted by 9am on the indicated class date. The readings are identified by number, which corresponds to the detailed citation and PDF links below the table.
| Class | Date | Topic | Required Readings | Presenter |
|---|---|---|---|---|
| 1 | Jan. 12 | Reading Research Papers | [1], [2] | Craig |
| 2 | Jan. 18 | Anonymity | [3] | David R. |
| 3 | Jan. 23 | Botnets | [4], [5] | Sarah, Ryan |
| 4 | Jan. 25 | Botnets | [6] | Shary |
| 5 | Jan. 30 | Legality and Ethics | [7] | David M. |
| 6 | Feb. 1 | Network Intrusion Detection | [8] | Klevis |
| 7 | Feb. 6 | Network Intrusion Detection | [9] | Erkang |
| 8 | Feb. 8 | Denial-of-Service | [10] | Evan |
| 9 | Feb. 13 | Denial-of-Service | [11] | Can |
| 10 | Feb. 15 | Passwords | [12] | Shary |
| 11 | Feb. 20 | Passwords | [13] | Erik |
| 12 | Feb. 22 | Phishing and Spam | [14] | Klevis |
| 13 | Feb. 27 | Phishing and Spam | [15] | David M. |
| 14 | Feb. 29 | Mobile Device Security | [16] | Sarah |
| 15 | Mar. 12 | Privacy | [17] | Ryan |
| 16 | Mar. 14 | Privacy | [18] | Can |
| 17 | Mar. 19 | Web Security | [19] | Evan |
| 18 | Mar. 21 | Web Security | [20] | David R. |
| 19 | Mar. 26 | Web Security | [21] | Erkang |
| 20 | Mar. 28 | Phishing and Spam | [22] | Erik |
Paper Details and Links
You can download each paper individually or download the collection as a .tar.gz or .zip archive.
[1] P. Fong, "Reading a computer science
research paper," Inroads, the SIGCSE Bulletin, 2009. [PDF]
[2] S. Keshav, "How to read a
paper," ACM Computer Communication Review, 2007. [PDF]
[3] R. Dingledine, N. Mathewson, and
P. Syverson, "Tor: The second-generation onion router," in
Proceedings of the 13th conference on USENIX Security
Symposium-Volume 13. USENIX Association, 2004, pp. 21 - 21. [PDF]
[4] A. Kalafut, C. Shue, and M. Gupta,
"Malicious hubs: detecting abnormally malicious autonomous
systems," in IEEE INFOCOM Mini-Conference, 2010, pp. 1 - 5. [PDF]
[5] B. Stone-Gross, M. Cova, L. Cavallaro,
B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna,
"Your botnet is my botnet: Analysis of a botnet takeover,"
in Proceedings of the 16th ACM Conference on Computer and
Communications Security, 2009, pp. 635 - 647. [PDF]
[6] S. Staniford, V. Paxson, and N. Weaver,
"How to 0wn the Internet in your spare time," in Proceedings
of the 11th USENIX Security Symposium, vol. 8, 2002, pp. 149 - 167. [PDF]
[7] A. Burstein, "Conducting
cybersecurity research legally and ethically," in USENIX Workshop
on Large- Scale Exploits and Emergent Threats (LEET), 2008. [PDF]
[8] V. Paxson, "Bro: A system for
detecting network intruders in real-time," Computer Networks,
vol. 31, no. 23-24, pp. 2435 - 2463, 1999. [PDF]
[9] M. Handley, V. Paxson, and C. Kreibich,
"Network intrusion detection: Evasion, traffic normalization,
and end-to-end protocol semantics," in Proceedings of the 10th
conference on USENIX Security Symposium-Volume 10, 2001. [PDF]
[10] A. Yaar, A. Perrig, and D. Song,
"SIFF: A stateless internet flow filter to mitigate DDoS flooding
attacks," in IEEE Symposium on Security and Privacy, 2004,
pp. 130 - 143. [PDF]
[11] K. Argyraki and D. Cheriton,
"Active internet traffic filtering: Real-time response to
denial-of-service attacks," USENIX 2005. [PDF]
[12] S. Schechter, A. Brush, and S. Egelman,
"It's no secret. Measuring the security and reliability of
authentication via "secret" questions," in IEEE
Symposium on Security and Privacy. IEEE, 2009, pp. 375 - 390. [PDF]
[13] M. Weir, S. Aggarwal, M. Collins, and
H. Stern, "Testing metrics for password creation policies by
attacking large sets of revealed passwords," in Proceedings of
the 17th ACM Conference on Computer and Communications Security, 2010,
pp. 162 - 175. [PDF]
[14] S. Hao, N. Syed, N. Feamster, A. Gray,
and S. Krasser, "Detecting spammers with snare: Spatio-temporal
network-level automatic reputation engine," in Proceedings of the
18th USENIX Security Symposium, 2009, pp. 101 - 118. [PDF]
[15] C. Herley and D. Florencio, "A
profitless endeavor: phishing as tragedy of the commons," in
Proceedings of the 2008 ACM Workshop on New Security Paradigms, 2009,
pp. 59 - 70. [PDF]
[16] P. Traynor, M. Lin, M. Ongtang, V. Rao,
T. Jaeger, P. McDaniel, and T. La Porta, "On cellular botnets:
measuring the impact of malicious devices on a cellular network
core," in Proceedings of the 16th ACM Conference on Computer and
Communications Security, 2009, pp. 223 - 234. [PDF]
[17] B. Greenstein, R. Gummadi, J. Pang,
M. Chen, T. Kohno, S. Seshan, and D. Wetherall, "Can Ferris
Bueller still have his day off? Protecting privacy in the wireless
era," in Proceedings of the 11th USENIX Workshop on Hot Topics in
Operating Systems. USENIX Association, 2007, p. 10. [PDF]
[18] B. Krishnamurthy and C. Wills,
"Privacy diffusion on the Web: A longitudinal perspective,"
in Proceedings of the 18th International Conference on World Wide
Web, 2009, pp. 541 - 550. [PDF]
[19] N. Provos, P. Mavrommatis, M. Rajab, and
F. Monrose, "All your iFrames point to us," in Proceedings
of the 17th Conference on Security Symposium. USENIX Association,
2008, pp. 1 - 15. [PDF]
[20] C. Shue, A. Kalafut, and M. Gupta,
"Exploitable redirects on the web: Identification, prevalence,
and defense," in Proceedings of the USENIX Workshop on Offensive
Technologies (WOOT), 2008. [PDF]
[21] S. Stamm, Z. Ramzan, M. Jakobsson,
"Drive-by Pharming," in Information and Communications Security, 2007. [PDF]
[22] T. Jagatic, N. Johnson, M. Jakobsson, F. Menczer,
"Social Phishing," in Communications of the ACM, 2008. [PDF]