Reading Schedule

The following are the readings for the course. Extra space has been left in the schedule to allow reading of papers students are interested in. Please share any preferences with the instructor.

All readings must be completed before the class date listed. All reviews for the readings must be submitted by 9am on the indicated class date. The readings are identified by number, which corresponds to the detailed citation and PDF links below the table.

Class Date Topic Required Readings Presenter
1Jan. 12Reading Research Papers[1], [2]Craig
2Jan. 18Anonymity[3]David R.
3Jan. 23Botnets[4], [5]Sarah, Ryan
4Jan. 25Botnets[6]Shary
5Jan. 30Legality and Ethics[7]David M.
6Feb. 1Network Intrusion Detection[8]Klevis
7Feb. 6Network Intrusion Detection[9]Erkang
8Feb. 8Denial-of-Service[10]Evan
9Feb. 13Denial-of-Service[11]Can
10Feb. 15Passwords[12]Shary
11Feb. 20Passwords[13]Erik
12Feb. 22Phishing and Spam[14]Klevis
13Feb. 27Phishing and Spam[15]David M.
14Feb. 29Mobile Device Security[16]Sarah
15Mar. 12Privacy[17]Ryan
16Mar. 14Privacy[18]Can
17Mar. 19Web Security[19]Evan
18Mar. 21Web Security[20]David R.
19Mar. 26Web Security[21]Erkang
20Mar. 28Phishing and Spam[22]Erik

Paper Details and Links

You can download each paper individually or download the collection as a .tar.gz or .zip archive.

[1] P. Fong, "Reading a computer science research paper," Inroads, the SIGCSE Bulletin, 2009. [PDF]

[2] S. Keshav, "How to read a paper," ACM Computer Communication Review, 2007. [PDF]

[3] R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The second-generation onion router," in Proceedings of the 13th conference on USENIX Security Symposium-Volume 13. USENIX Association, 2004, pp. 21 - 21. [PDF]

[4] A. Kalafut, C. Shue, and M. Gupta, "Malicious hubs: detecting abnormally malicious autonomous systems," in IEEE INFOCOM Mini-Conference, 2010, pp. 1 - 5. [PDF]

[5] B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna, "Your botnet is my botnet: Analysis of a botnet takeover," in Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009, pp. 635 - 647. [PDF]

[6] S. Staniford, V. Paxson, and N. Weaver, "How to 0wn the Internet in your spare time," in Proceedings of the 11th USENIX Security Symposium, vol. 8, 2002, pp. 149 - 167. [PDF]

[7] A. Burstein, "Conducting cybersecurity research legally and ethically," in USENIX Workshop on Large- Scale Exploits and Emergent Threats (LEET), 2008. [PDF]

[8] V. Paxson, "Bro: A system for detecting network intruders in real-time," Computer Networks, vol. 31, no. 23-24, pp. 2435 - 2463, 1999. [PDF]

[9] M. Handley, V. Paxson, and C. Kreibich, "Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics," in Proceedings of the 10th conference on USENIX Security Symposium-Volume 10, 2001. [PDF]

[10] A. Yaar, A. Perrig, and D. Song, "SIFF: A stateless internet flow filter to mitigate DDoS flooding attacks," in IEEE Symposium on Security and Privacy, 2004, pp. 130 - 143. [PDF]

[11] K. Argyraki and D. Cheriton, "Active internet traffic filtering: Real-time response to denial-of-service attacks," USENIX 2005. [PDF]

[12] S. Schechter, A. Brush, and S. Egelman, "It's no secret. Measuring the security and reliability of authentication via "secret" questions," in IEEE Symposium on Security and Privacy. IEEE, 2009, pp. 375 - 390. [PDF]

[13] M. Weir, S. Aggarwal, M. Collins, and H. Stern, "Testing metrics for password creation policies by attacking large sets of revealed passwords," in Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010, pp. 162 - 175. [PDF]

[14] S. Hao, N. Syed, N. Feamster, A. Gray, and S. Krasser, "Detecting spammers with snare: Spatio-temporal network-level automatic reputation engine," in Proceedings of the 18th USENIX Security Symposium, 2009, pp. 101 - 118. [PDF]

[15] C. Herley and D. Florencio, "A profitless endeavor: phishing as tragedy of the commons," in Proceedings of the 2008 ACM Workshop on New Security Paradigms, 2009, pp. 59 - 70. [PDF]

[16] P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta, "On cellular botnets: measuring the impact of malicious devices on a cellular network core," in Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009, pp. 223 - 234. [PDF]

[17] B. Greenstein, R. Gummadi, J. Pang, M. Chen, T. Kohno, S. Seshan, and D. Wetherall, "Can Ferris Bueller still have his day off? Protecting privacy in the wireless era," in Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems. USENIX Association, 2007, p. 10. [PDF]

[18] B. Krishnamurthy and C. Wills, "Privacy diffusion on the Web: A longitudinal perspective," in Proceedings of the 18th International Conference on World Wide Web, 2009, pp. 541 - 550. [PDF]

[19] N. Provos, P. Mavrommatis, M. Rajab, and F. Monrose, "All your iFrames point to us," in Proceedings of the 17th Conference on Security Symposium. USENIX Association, 2008, pp. 1 - 15. [PDF]

[20] C. Shue, A. Kalafut, and M. Gupta, "Exploitable redirects on the web: Identification, prevalence, and defense," in Proceedings of the USENIX Workshop on Offensive Technologies (WOOT), 2008. [PDF]

[21] S. Stamm, Z. Ramzan, M. Jakobsson, "Drive-by Pharming," in Information and Communications Security, 2007. [PDF]

[22] T. Jagatic, N. Johnson, M. Jakobsson, F. Menczer, "Social Phishing," in Communications of the ACM, 2008. [PDF]