The following are the readings for the course. Extra space has been left in the schedule to allow reading of papers students are interested in. Please share any preferences with the instructor.
All readings must be completed before the class date listed. All reviews for the readings must be submitted by 9am on the indicated class date. The readings are identified by number, which corresponds to the detailed citation and PDF links below the table.
|1||Jan. 16||Reading Research Papers||, ||8||Craig|
|2||Jan. 22||Continued Intro||Craig|
|4||Jan. 29||Botnets||, ||17||Travis, Radu|
|6||Feb. 5||CLASS CANCELED|
|8||Feb. 12||Legality and Ethics||||21||Matthew|
|9||Feb. 17||Network Intrusion Detection||||14||Dolan|
|13||Mar. 3||Phishing and Spam||||10||Cindy|
|14||Mar. 5||Mobile Device Security||||6||Nick|
|16||Mar. 19||Web Security||||6||Craig|
|17||Mar. 24||Web Security||||6||Mike|
|18||Mar. 26||Social Phishing||||10||Ryan|
|19||Mar. 31||DDoS Defense by Offense||||11||Craig|
|20||Apr. 2||SYN Cookies||||8||Craig|
|21||Apri. 7||Botnets: Taxonomy||||12||Craig|
|22||Apr. 9||Botnets: Bluetooth||||18||Craig|
|23||Apr. 14||Oauth / OpenID||||9||Craig|
|24||Apr. 16||Networked Door Locks||||10||Craig|
|25||Apr. 23||Browser Warnings||||15||Craig|
|26||Apr. 28||Cellular Malware||||9||Craig|
|27||Apr. 30||Project Presentations||Class|
|28||May 5||Project Presentations||Class|
You can download all the papers as a .zip archive. Each paper is prefixed with the paper ID, below and in the paper archive, for easier correlation with the reading assignment list.
 P. Fong, "Reading a computer science
research paper," Inroads, the SIGCSE Bulletin, 2009.
 S. Keshav, "How to read a paper," ACM Computer Communication Review, 2007.
 C. A. Shue, N. R. Paul, C. R. Taylor, "From an IP Address to a Street Address: Using Wireless Signals to Locate a Target," USENIX Workshop on Offensive Technologies (WOOT), Aug. 2013.
 A. Kalafut, C. Shue, and M. Gupta, "Malicious hubs: detecting abnormally malicious autonomous systems," in IEEE INFOCOM Mini-Conference, 2010, pp. 1 - 5.
 B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna, "Your botnet is my botnet: Analysis of a botnet takeover," in Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009, pp. 635 - 647.
 S. Staniford, V. Paxson, and N. Weaver, "How to 0wn the Internet in your spare time," in Proceedings of the 11th USENIX Security Symposium, vol. 8, 2002, pp. 149 - 167.
 R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The second-generation onion router," in Proceedings of the 13th conference on USENIX Security Symposium-Volume 13. USENIX Association, 2004, pp. 21 - 21.
 A. Burstein, "Conducting cybersecurity research legally and ethically," in USENIX Workshop on Large- Scale Exploits and Emergent Threats (LEET), 2008.
 M. Handley, V. Paxson, and C. Kreibich, "Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics," in Proceedings of the 10th conference on USENIX Security Symposium-Volume 10, 2001.
 A. Yaar, A. Perrig, and D. Song, "SIFF: A stateless internet flow filter to mitigate DDoS flooding attacks," in IEEE Symposium on Security and Privacy, 2004, pp. 130 - 143.
 K. Argyraki and D. Cheriton, "Active internet traffic filtering: Real-time response to denial-of-service attacks," USENIX 2005.
 S. Schechter, A. Brush, and S. Egelman, "It's no secret. Measuring the security and reliability of authentication via "secret" questions," in IEEE Symposium on Security and Privacy. IEEE, 2009, pp. 375 - 390.
 S. Hao, N. Syed, N. Feamster, A. Gray, and S. Krasser, "Detecting spammers with snare: Spatio-temporal network-level automatic reputation engine," in Proceedings of the 18th USENIX Security Symposium, 2009, pp. 101 - 118.
 P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta, "On cellular botnets: measuring the impact of malicious devices on a cellular network core," in Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009, pp. 223 - 234.
 B. Krishnamurthy and C. Wills, "Privacy diffusion on the Web: A longitudinal perspective," in Proceedings of the 18th International Conference on World Wide Web, 2009, pp. 541 - 550.
 N. Provos, P. Mavrommatis, M. Rajab, and F. Monrose, "All your iFrames point to us," in Proceedings of the 17th Conference on Security Symposium. USENIX Association, 2008, pp. 1 - 15.
 C. Shue, A. Kalafut, and M. Gupta, "Exploitable redirects on the web: Identification, prevalence, and defense," in Proceedings of the USENIX Workshop on Offensive Technologies (WOOT), 2008.
 T. Jagatic, N. Johnson, M. Jakobsson, F. Menczer, "Social Phishing," in Communications of the ACM, 2008.
 M. Walfish, M. Vutukuru, H. Balakrishnan, D. Karger, and S. Shenker, "DDoS Defense by Offense," in Proceedings of ACM SIGCOMM 2006.
 J. Lemon, "Resisting SYN flood DoS attacks with a SYN cache, " USENIX BSDCON 2002.
 D. Dagon, G. Gu, C. Lee, W. Lee, "A Taxonomy of Botnet Structures," ACSAC 2007.
 K. Singh, S. Sangal, N. Jain, P. Traynor and W. Lee, "Evaluating Bluetooth as a Medium for Botnet Command and Control," DIMVA 2010.
[23a] B. Leiba, "OAuth Web Authorization Protocol," IEEE Internet Computing, 2012.
[23b] D. Recordon, D. Reed, "OpenID 2.0: A Platform for User-Centric Identity Management," DIM 2006.
 M. Weiner, M. Massar, E. Tews, D. Giese, W. Wieser, "Security Analysis of a Widely Deployed Locking System," ACM CCS 2013.
 D. Akhawe, A. Porter Felt, "Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness," USENIX Security 2013.
 C. Mulliner, J.P. Seifert, "Rise of the iBots: 0wning a telco network," MALWARE 2005.