CS 558: Network Security
Time: Spring Semester, Mondays and Wednesdays, 4:00pm to 5:20pm
Location: Stratton Hall 308
This course examines the intersection of computer networking and security, which holds many challenging problems and opportunities for research. With guidance from the professor, students will survey recent network security publications, develop a novel research project, and produce their own research paper. Reading and project topics will include online attacks (such as drive-by downloads), cybercrime (such as phishing), and techniques and mechanisms to protect Internet infrastructure and users.
(Prerequisite: a strong background in computer networking and systems, either at the undergraduate or graduate level.)
Instructor: Craig Shue
Email: cshue at cs.wpi.edu
Office: Fuller Labs 236
Office Hours: Walk-ins welcome. Appointments also available, if desired.
Course Policies and Procedures
The following represent the official policies and procedures for the course. Please review this information and, if you have questions, discuss them with the professor as soon as possible.
This course will use a special system, called InstructAssist, that uses modules specifically designed for this course. We will use this system for all grade posting and assignment submissions. We will not be using the myWPI/Blackboard system in this course. The InstructAssist system is available at https://ia.wpi.edu/cs558/. InstructAssist uses SSL for authenticity and encryption to protect student records.
As a research-focused course, students in CS 558 will read research papers and provide commentary on them through paper critiques. However, students will also learn more about the peer review process by evaluating their classmates' critiques (and vice versa).
Students will serve both as an "author" and as a "reviewer" for a set of assigned readings. As an author, a student will submit a roughly one-page critique of the work. This critique will include three-parts:
- a summary, which describes the problem being addressed, the
paper's contributions, the approach, and the conclusions,
- a critique, which evaluate the significance of the
problem and contribution and the validity of the authors'
- a synthesis, in which students will apply what they learned by describing alternative methodologies, applications to other contexts, future work, and insights gained from the work.
When serving as a "reviewer," the student will act as a peer-reviewer for the critiques other students have submitted. The reviewers will comment on and score each of the three parts their peers wrote and provide a final review score. Each reviewer will examine roughly three other students' write-ups.
Students will learn their author or reviewer status and submit their summaries/reviews through the InstructAssist Peer Review system. Submissions will not be accepted in any other format. Further, late submissions will not be accepted since timely participation is required to ensure time for feedback.
After the peer review has completed, the instructor will act as a journal editor. The instructor will score the original critique as well as the comments and scores issued by the reviewers. The instructor will issue a final score to each of the authors and the reviewers. The editor will be influenced by compelling reviews, but will override any reviews that are off-base. Reviewers will receive poor grades for reviews that are not substantiated by comments or that are inconsistent with the quality of the author's submission.
The peer review will be a "double-blind" process: the author will not see the names of the reviewers, nor will the reviewers learn the authors's name. This both eliminates bias and protects student privacy. Naturally, the instructor will see all student names when grading.
The peer review process is meant to be a learning experience. Students will likely begin the course with lower quality summaries and reviews. However, by receiving feedback from the instructor and each other, along with anonymously seeing other students' work, each student is likely to improve in writing quality. Students should expect that submissions that meet all the requirements will be awarded a "B" grade while an exceptional submission will be awarded an "A" grade.
Students will be expected to lead discussions on one or two research papers during the term. Students will be required to provide slides and guide the class discussion. While portions of the presentation may be more traditional lecture style, students are encouraged to involve the class members by posing questions (in particular, synthesis questions) to engage the audience.
In selected classes, short quizzes will be given to help students recount what they have learned in the course.
Students are required to engage in a novel, semester-long research project. The research project will be done in small teams. Students are discouraged from working alone on the research project. In some cases, two separate teams may work on the same research project; however, these teams will work separately and will have separate evaluations.
Students will have the flexibility to either choose from the list of projects provided by the instructor or formulate their own with the help of the instructor. Each project will likely require a different skill set from the participants; students should be prepared to learn new technologies "on the fly" to successfully complete the project.
Each project will culminate in a term paper that is fashioned like the papers found in the network security literature. To make this problem tractable, it has been deconstructed into the following set of required deliverables (all page counts assume ACM/IEEE LaTeX templates). These deliverables must be completed in order (note, the "Introduction" section comes towards the end):
- Project Proposal: The proposal will describe the work
to be performed along with a detailed NABC (Needs, Approach,
Benefits, Competition) analysis on the work. As part of the
proposal, students are expected to ensure the work is novel and
describe the general methodology and resources needed to complete
the work. The research proposal will likely be at least three
- Literature Review: Students must perform a survey of the
research literature to determine what work exists in the field and
how their proposed project will fit in with these goals. Students
should identify at least 15 prior works in the area and compose a
short paragraph describing the work, its contributions, and how it
is distinct from the proposed project. This literature review will
likely be at least three pages.
- Methodology: The methodology write-up will
describe the experiments, in detail, that the students will perform
as part of the project. The methodology must be articulated to the
extent that another researcher in the field could replicate the
methodology without prior knowledge of the project. The methodology
section will likely be at least two pages.
- Empirical Results: Students should describe the results
of conducting their research experiments. This section should
identify what exactly the outcomes are and whether the results are
If the results are not yet ready, the student may use placeholders. However, the results section must be written in detail such that results could simply be plugged into the writing/tables and be perfectly readable. This section will likely be at least a page.
- Conclusion: Students should write a conclusion for the
work, summarizing the contributions, the impact, and potential for
follow-on work. This section will likely be at least half a page.
- Introduction: Once the project is nearly finished, the
students should write an introduction to the work, describing the
motivations (likely reusing the NABC analysis in the proposal), the
intended goals (again, from the proposal), highlights of the
methodology (from the methodology section) and the key results of
the work (from the results section). The introduction will likely be
at least a page.
- Abstract: The abstract will summarize the motivation,
contributions, and key results of the work in a concise manner. The
abstract will likely be at most three paragraphs.
- Presentation: At the culmination of the project, students will present their work to the class using slides. These presentations will likely be a maximum of 20 minutes (and perhaps shorter). Students are expected to prepare and practice the presentation to give it as if it were being presented at a conference.
Each project is expected to produce a publication-quality report at completion. Students will receive full credit for projects that are methodically investigated, even if they yield negative results (e.g., the hypothesis does not hold) through no fault of the students. However, such projects may not be well received by the research community if peer-review publication is pursued.
Students should plan to meet with the instructor as a team outside of class hours on a weekly basis to discuss progress on the project.
While the research project is described in terms of writing outputs, students must also submit any code, tools, and data that have been used in pursuing the research project. If the instructor cannot confirm the research results based on the supplied materials, the instructor may consider the results to be fabricated, which is a violation of the WPI Academic Honesty Policy. As indicated in the Academic Honesty section, such violations will have negative consequences.
Students must be careful to appropriately credit sources. While students may quote other sources with proper citations, such quotations should be minimized. Excluding quotations, students must write every word in their research papers. Copying material without appropriate citation constitutes plagiarism and violates the WPI Academic Honesty Policy. As indicated in the Academic Honesty section, such violations will have negative consequences.
We will use the following deadlines for the research project, quizzes, and peer review assignments. All project and peer review deadlines are at 11:59pm Eastern Time (ET).
- Jan. 25: Peer Review: Summary of Peer Review 1 due
- Jan. 25: Quiz 1
- Jan. 27: Project: Proposal due
- Feb. 1: Peer Review: Reviews for Peer Review 1 due
- Feb. 3: Project: Literature Review due
- Feb. 8: Peer Review: Summary of Peer Review 2 due
- Feb. 8: Quiz 2
- Feb. 10: Project: Methodology Section for Paper due
- Feb. 15: Peer Review: Reviews for Peer Review 2 due
- Feb. 22: Quiz 3
- Feb. 29: Peer Review: Summary of Peer Review 3 due
- Mar. 4: Peer Review: Reviews for Peer Review 3 due
- Mar. 14: Quiz 4
- Mar. 16: Project: Results Section for Paper due
- Mar. 16: Project: Initial Submission of Code/Tools/Data
- Mar. 21: Peer Review: Summary of Peer Review 4 due
- Mar. 28: Peer Review: Reviews for Peer Review 4 due
- Mar. 28: Quiz 5
- Mar. 30: Project: Conclusion Section for Paper due
- Apr. 4: Peer Review: Summary of Peer Review 5 due
- Apr. 11: Peer Review: Reviews for Peer Review 5 due
- Apr. 11: Quiz 6
- Apr. 13: Project: Introduction Section for Paper due
- Apr. 20: Project: Abstract Section for Paper due
- Apr. 20: Project: Final Submission of Code/Tools/Data
- Apr. 25: Project: Presentations due
- Apr. 25: Quiz 7
Project presentations will be presented in class April 25 and 27 and May 2. However, the slides used in the presentations must be uploaded on the deadline indicated above.
This course is focused on research: reading, analyzing, and creating new contributions to the field. Grades for the course are in three main areas:
- Research Project (50%): Students will be required to
complete a Research Project and its
- Peer Review: Summaries and Reviews (20%): Students will be required to
serve as an author and reviewer in the Peer
Review for each of the assigned paper readings. No credit will
be awarded for late summaries or reviews.
- Quizzes (20%): Short quizzes will be assigned in a subset
of classes to allow students to show mastery on the discussed
topics. These quizzes are to be completed without assistance from
other people or resources (such as note, books or Internet resources).
- Presentations and Participation (10%): Students will be required to present one or two research papers in class throughout the semester. These presentations will be evaluated for quality. Further, students are expected to ask questions and engage in academic discussion when prompted during other students' presentations.
All readings must be completed before the class date listed. All reviews for the peer review assignments must be submitted by 9am on the indicated class date. The readings are identified by number, which corresponds to the detailed citation and PDF links below the table.
|1||Jan. 14||Introduction to Networking and Security||||Craig|
|2||Jan. 20||Reading Research Papers||[1a, 1b]||Craig|
|3||Jan. 25||Legality and Ethics||[2a, 2b]||Craig|
|4||Jan. 27||Overview of Cryptography||||Craig|
|5||Feb. 1||Overview of Cryptography||||Craig|
|6||Feb. 3||Enterprise LANs: OpenFlow||||Craig|
|7||Feb. 8||Enterprise LANs: Host-based SDNs||||Craig|
|8||Feb. 10||Enterprise LANs: Middleboxes||||Anthony|
|9||Feb. 15||Enterprise LANs: IDSes||||Mehmet|
|10||Feb. 17||Residential LANs: Locating Geographically||||Craig|
|11||Feb. 22||Residential LANs: Botnets||||Scott|
|12||Feb. 24||Residential LANs: Botnets||||Brett|
|13||Feb. 29||Web Security: Redirects||||Craig|
|14||Mar. 2||Web Security: iFrames||||Ahmad|
|15||Mar. 14||Denial of Service: Filtering||||Kartik|
|16||Mar. 16||Denial of Service: Magnifying Good Traffic||||Amit|
|17||Mar. 21||Social: Phishing||||Mohit|
|18||Mar. 23||Social: Passwords||||Berk|
|19||Mar. 28||Identity: Kerberos||||Craig|
|20||Mar. 30||Identity: Single-Sign On||[18a, 18b]||Austin|
|21||Apri. 4||Routing Security||||Joshua|
|22||Apr. 6||Devices: Embedded Devices||||Jean|
|23||Apr. 11||Devices: Smartphone Bots||||Gorka|
|24||Apr. 13||Guest Lecture: Krishna Venkatasubramanian||Krishna|
|25||Apr. 20||Devices: Smartphone Interception||||Mohamed|
|26||Apr. 25||Moving Target Defenses||||Craig|
|27||Apr. 27||Project Presentations||Class|
|28||May 2||Project Presentations||Class|
You can download all the papers as a .zip archive. Each paper is prefixed with the paper ID, below and in the paper archive, for easier correlation with the reading assignment list.
 Chapter 1.1 to 1.5: Pfleeger and Pfleeger, "Is there a security problem in computing?" Security in Computing, 4th edition.
[01a] P. Fong, "Reading a computer science research paper," Inroads, the SIGCSE Bulletin, 2009.
[01b] S. Keshav, "How to read a paper," ACM Computer Communication Review, 2007.
[02b] A. Burstein, "Conducting cybersecurity research legally and ethically," in USENIX Workshop on Large- Scale Exploits and Emergent Threats (LEET), 2008.
 Chapter 1.1, 1.2, 1.4, 1.5, 1.6-1.9: A. Menezes, P. Van Oorschot, S. Vanstone. "Handbook of Applied Cryptography," CRC Press ISBN: 0-8493-8523-7, October 1996. [ PDF ]
 N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, "OpenFlow: Enabling Innovation in Campus Networks," in ACM SIGCOMM Computer and Communication Review, 2008.
 C. Taylor, D. MacFarland, D. Smestad, and C. Shue, "Contextual, Flow-Based Access Control with Scalable Host-based SDN Techniques, " IEEE International Conference on Computer Communications (INFOCOM), 2016.
 J. Sherry, S. Hasan, C. Scott, A. Krishnamurthy, S. Ratnasamy, and V. Sekar, "Making middleboxes someone else's problem: network processing as a cloud service," ACM SIGCOMM Computer Communication Review, 2012.
 M. Handley, V. Paxson, and C. Kreibich, "Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics," in Proceedings of the 10th conference on USENIX Security Symposium-Volume 10, 2001.
 C. A. Shue, N. R. Paul, C. R. Taylor, "From an IP Address to a Street Address: Using Wireless Signals to Locate a Target," USENIX Workshop on Offensive Technologies (WOOT), Aug. 2013.
 B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna, "Your botnet is my botnet: Analysis of a botnet takeover," in Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009, pp. 635 - 647.
 S. Staniford, V. Paxson, and N. Weaver, "How to 0wn the Internet in your spare time," in Proceedings of the 11th USENIX Security Symposium, vol. 8, 2002, pp. 149 - 167.
 C. Shue, A. Kalafut, and M. Gupta, "Exploitable redirects on the web: Identification, prevalence, and defense," in Proceedings of the USENIX Workshop on Offensive Technologies (WOOT), 2008.
 N. Provos, P. Mavrommatis, M. Rajab, and F. Monrose, "All your iFrames point to us," in Proceedings of the 17th Conference on Security Symposium. USENIX Association, 2008, pp. 1 - 15.
 A. Yaar, A. Perrig, and D. Song, "SIFF: A stateless internet flow filter to mitigate DDoS flooding attacks," in IEEE Symposium on Security and Privacy, 2004, pp. 130 - 143.
 M. Walfish, M. Vutukuru, H. Balakrishnan, D. Karger, and S. Shenker, "DDoS Defense by Offense," in Proceedings of ACM SIGCOMM 2006.
 S. Hao, N. Syed, N. Feamster, A. Gray, and S. Krasser, "Detecting spammers with snare: Spatio-temporal network-level automatic reputation engine," in Proceedings of the 18th USENIX Security Symposium, 2009, pp. 101 - 118.
 J. Ho Huh, Seongyeol Oh, H. Kim, K. Beznosov, A. Mohan, and S. Rajagopalan, "Surpass: System-initiated User-replaceable Passwords," ACM Computer and Communication Security Conference (CCS), 2015.
 J. Steiner, B. Neuman, J. Schiller, "Kerberos: An Authentication Service for Open Network Systems," USENIX Winter Symposium, 1988.
[18a] B. Leiba, "OAuth Web Authorization Protocol," IEEE Internet Computing, 2012.
[18b] D. Recordon, D. Reed, "OpenID 2.0: A Platform for User-Centric Identity Management," DIM 2006.
 M. Zhao, S. Smith, and D. Nicol, "The Performance Impact of BGP Security," IEEE Network 2005.
 A. Costin, J. Zaddach, A. Francillon, and D. Balzarotti, "A Large-Scale Analysis of the Security of Embedded Firmwares," USENIX Security, 2014.
 P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta, "On cellular botnets: measuring the impact of malicious devices on a cellular network core," in Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009, pp. 223 - 234.
 F. van den Broek, R. Verdult, and J. de Ruiter, "Defeating IMSI Catchers," ACM Conference on Computer and Communications Security, 2015.
 C. A. Shue, N. R. Paul, C. R. Taylor, "From an IP Address to a Street Address: Using Wireless Signals to Locate a Target," USENIX Workshop on Offensive Technologies (WOOT), Aug. 2013.
[peer_01] R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The second-generation onion router," in Proceedings of the 13th conference on USENIX Security Symposium-Volume 13. USENIX Association, 2004, pp. 21 - 21.
[peer_02] K. Argyraki and D. Cheriton, "Active internet traffic filtering: Real-time response to denial-of-service attacks," USENIX 2005.
[peer_03] T. Jagatic, N. Johnson, M. Jakobsson, F. Menczer, "Social Phishing," in Communications of the ACM, 2008.
[peer_04] B. Krishnamurthy and C. Wills, "Privacy diffusion on the Web: A longitudinal perspective," in Proceedings of the 18th International Conference on World Wide Web, 2009, pp. 541 - 550.
[peer_05] K. Singh, S. Sangal, N. Jain, P. Traynor and W. Lee, "Evaluating Bluetooth as a Medium for Botnet Command and Control," DIMVA 2010.
Class discussion, class hand-outs, emails to the student's WPI email account, forum posts in InstructAssist, and the course Web pages are avenues for official course communication. Students are responsible for any information posted through these venues.
If you need course adaptations or accommodations because of a disability, or if you have medical information to share with me, please make an appointment with me as soon as possible. If you have not already done so, students with disabilities who believe that they may need accommodations in this class are encouraged to contact the Office of Disability Services (ODS) as soon as possible to ensure that such accommodations are implemented in a timely fashion. This office is located in the West St. House (157 West St) and their phone number is 508.831.4908.
The WPI Academic Honesty Policy describes types of academic dishonesty and requirements in documentation. In the case of academic dishonesty, I am required to report the incident to the Dean of Student Affairs. Further, my penalty for academic dishonesty is to assign an F grade for the course.