Reading Schedule

The following are the readings for the course. Extra space has been left in the schedule to allow reading of papers students are interested in. Please share any preferences with the instructor.

All readings must be completed before the class date listed. All reviews for the readings must be submitted by 9am on the indicated class date. The readings are identified by number, which corresponds to the detailed citation and PDF links below the table.

Class Date Topic Reading Page Count Presenter
1Jan. 16Reading Research Papers[1], [2]8Craig
2Jan. 22Continued Intro  Craig
3Jan. 27Geolocation[3]9Curtis
4Jan. 29Botnets[4], [5]17Travis, Radu
5Feb. 3Botnets[6]18Doug
6Feb. 5CLASS CANCELED   
7Feb. 10Anonymity[7]8Hang
8Feb. 12Legality and Ethics[8]21Matthew
9Feb. 17Network Intrusion Detection[9]14Dolan
10Feb. 19Denial-of-Service[10]14Doran
11Feb. 24Denial-of-Service[11]13Xinyue
12Feb. 26Passwords[12]13Robert
13Mar. 3Phishing and Spam[13]10Cindy
14Mar. 5Mobile Device Security[14]6Nick
15Mar. 17Privacy[15]14Jian
16Mar. 19Web Security[16]6Craig
17Mar. 24Web Security[17]6Mike
18Mar. 26Social Phishing[18]10Ryan
19Mar. 31DDoS Defense by Offense[19]11Craig
20Apr. 2SYN Cookies[20]8Craig
21Apri. 7Botnets: Taxonomy[21]12Craig
22Apr. 9Botnets: Bluetooth[22]18Craig
23Apr. 14Oauth / OpenID[23]9Craig
24Apr. 16Networked Door Locks[24]10Craig
25Apr. 23Browser Warnings[25]15Craig
26Apr. 28Cellular Malware[26]9Craig
27Apr. 30Project Presentations  Class
28May 5Project Presentations  Class

Paper Citations

You can download all the papers as a .zip archive. Each paper is prefixed with the paper ID, below and in the paper archive, for easier correlation with the reading assignment list.

[1] P. Fong, "Reading a computer science research paper," Inroads, the SIGCSE Bulletin, 2009.

[2] S. Keshav, "How to read a paper," ACM Computer Communication Review, 2007.

[3] C. A. Shue, N. R. Paul, C. R. Taylor, "From an IP Address to a Street Address: Using Wireless Signals to Locate a Target," USENIX Workshop on Offensive Technologies (WOOT), Aug. 2013.

[4] A. Kalafut, C. Shue, and M. Gupta, "Malicious hubs: detecting abnormally malicious autonomous systems," in IEEE INFOCOM Mini-Conference, 2010, pp. 1 - 5.

[5] B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna, "Your botnet is my botnet: Analysis of a botnet takeover," in Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009, pp. 635 - 647.

[6] S. Staniford, V. Paxson, and N. Weaver, "How to 0wn the Internet in your spare time," in Proceedings of the 11th USENIX Security Symposium, vol. 8, 2002, pp. 149 - 167.

[7] R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The second-generation onion router," in Proceedings of the 13th conference on USENIX Security Symposium-Volume 13. USENIX Association, 2004, pp. 21 - 21.

[8] A. Burstein, "Conducting cybersecurity research legally and ethically," in USENIX Workshop on Large- Scale Exploits and Emergent Threats (LEET), 2008.

[9] M. Handley, V. Paxson, and C. Kreibich, "Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics," in Proceedings of the 10th conference on USENIX Security Symposium-Volume 10, 2001.

[10] A. Yaar, A. Perrig, and D. Song, "SIFF: A stateless internet flow filter to mitigate DDoS flooding attacks," in IEEE Symposium on Security and Privacy, 2004, pp. 130 - 143.

[11] K. Argyraki and D. Cheriton, "Active internet traffic filtering: Real-time response to denial-of-service attacks," USENIX 2005.

[12] S. Schechter, A. Brush, and S. Egelman, "It's no secret. Measuring the security and reliability of authentication via "secret" questions," in IEEE Symposium on Security and Privacy. IEEE, 2009, pp. 375 - 390.

[13] S. Hao, N. Syed, N. Feamster, A. Gray, and S. Krasser, "Detecting spammers with snare: Spatio-temporal network-level automatic reputation engine," in Proceedings of the 18th USENIX Security Symposium, 2009, pp. 101 - 118.

[14] P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta, "On cellular botnets: measuring the impact of malicious devices on a cellular network core," in Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009, pp. 223 - 234.

[15] B. Krishnamurthy and C. Wills, "Privacy diffusion on the Web: A longitudinal perspective," in Proceedings of the 18th International Conference on World Wide Web, 2009, pp. 541 - 550.

[16] N. Provos, P. Mavrommatis, M. Rajab, and F. Monrose, "All your iFrames point to us," in Proceedings of the 17th Conference on Security Symposium. USENIX Association, 2008, pp. 1 - 15.

[17] C. Shue, A. Kalafut, and M. Gupta, "Exploitable redirects on the web: Identification, prevalence, and defense," in Proceedings of the USENIX Workshop on Offensive Technologies (WOOT), 2008.

[18] T. Jagatic, N. Johnson, M. Jakobsson, F. Menczer, "Social Phishing," in Communications of the ACM, 2008.

[19] M. Walfish, M. Vutukuru, H. Balakrishnan, D. Karger, and S. Shenker, "DDoS Defense by Offense," in Proceedings of ACM SIGCOMM 2006.

[20] J. Lemon, "Resisting SYN flood DoS attacks with a SYN cache, " USENIX BSDCON 2002.

[21] D. Dagon, G. Gu, C. Lee, W. Lee, "A Taxonomy of Botnet Structures," ACSAC 2007.

[22] K. Singh, S. Sangal, N. Jain, P. Traynor and W. Lee, "Evaluating Bluetooth as a Medium for Botnet Command and Control," DIMVA 2010.

[23a] B. Leiba, "OAuth Web Authorization Protocol," IEEE Internet Computing, 2012.

[23b] D. Recordon, D. Reed, "OpenID 2.0: A Platform for User-Centric Identity Management," DIM 2006.

[24] M. Weiner, M. Massar, E. Tews, D. Giese, W. Wieser, "Security Analysis of a Widely Deployed Locking System," ACM CCS 2013.

[25] D. Akhawe, A. Porter Felt, "Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness," USENIX Security 2013.

[26] C. Mulliner, J.P. Seifert, "Rise of the iBots: 0wning a telco network," MALWARE 2005.