Reading List
[CS 294 Privacy and Security Enhancing Technologies]
Aug 27: Introduction (
.pdf
)
Part I: Malicious Code Defense
Aug 29: Exploit and Worm Defense (I) (
.pdf
)
Towards Automatic Generation of Vulnerability Signatures
Optional reading:
The Spread of the Witty Worm
Automated Worm Fingerprinting
Sep 3: Labor day, No Class
Sep 5: Exploit and Worm Defense (II) (
.pdf
)
Bouncer: Securing Software by Blocking Bad Input
ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing
Sep 10: Botnets Analysis and Defense (I) (
.pdf
)
BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation
Wide Scale Botnet Detection and Characterization
Optional reading:
A Multifaceted Approach to Understanding the Botnet Phenomenon
Sep 12: Botnets Analysis and Defense (II) (
.pdf
)
Sep 17: Malware analysis and defense (I): Privacy-breach Malware (
.pdf
)
Behavior-based Spyware Detection
TightLip: Keeping Applications from Spilling the Beans
Optional reading:
Panaroma: Capturing System-wide Information Flow for Malware Detection and Analysis
Sep 19: Malware analysis and defense (II): Rootkits and Stealth Malware (
.pdf
)
SubVirt: Implementing Malware with Virtual Machines
Detecting stealth software with Strider GhostBuster
Optional reading:
Shadow Walker: Raising The Bar For Windows Rootkit Detection
Compatibility is Not Transparency: VMM Detection Myths and Realities
Sep 24: Malware analysis and defense (III): In-depth Analysis (
.pdf
)
Exploring Multiple Execution Paths for Malware Analysis
Optional reading:
BitScope: Automatically Dissecting Malicious Binaries
Sep 26: Real world case study (Guest Lecture: Sourabh Satish, Symantec)
Part II: OS and Web Security
Oct 1: Isolation (
.pdf
)
XFI: Software Guards fro System Address Spaces
SafeDrive: Safe and Recoverable Extensions Using Language-Based Techniques
Optional reading:
Singularity: Rethinking the Software Stack
Oct 3: Isolation (
.pdf
)
Oct 8: Virtualization (
.pdf
)
Terra: A Virtual Machine-Based Platform for Trusted Computing
Secure Virtual Architecture: A Safe Execution Environment for Commodity Operating Systems
Optional reading:
CONTAINER-BASED OPERATING SYSTEM VIRTUALIZATION: A SCALABLE, HIGH-PERFORMANCE ALTERNATIVE TO HYPERVISORS
Oct 10: Class canceled (out of town)
Oct 15: OS abstractions for Browsers (
.pdf
)
Protection and Communication Abstractions for Web Browsers in MashupOS
A Safety-oriented Platform for Web Applications
Oct 17: Web-based attacks and defenses (I) (
.pdf
)
The Essence of Command Injection Attacks in Web Applications
Static Detection of Security Vulnerabilities in Scripting languages
Oct 22: Guest Lecture (Radu Sion): Towards regulatory compliance in data management using trusted hardware
OSLO: Improving the Security of Trusted Computing
Oct 24: Attacks on the Netscape Browser and Security Response Philosophy and Methods (Guest Lecture: Jim Roskind)
Oct 29: Web-based attacks and defenses (II) (
.pdf
)
Oct 31: Security and trust issues in social networks (Guest Lecture: Raph Levien, Google)
The Anatomy of a Large-Scale Hypertextual Web Search Engine
Propagation Models for Trust and Distrust in Social Networks
Nov 5: Real-world case study on Security and VM (Guest Lecture: Ophir Rachman, VMWare)
Nov 7: Real-world case study on Click Fraud, etc. (Guest Lecture: Kourosh Gharachorloo, Google)
On-line Advertising Fraud
Part III: Privacy Enhancing Technologies
Nov 12: No class
Nov 14: Privacy-preserving data mining and distributed information sharing (
.pdf
)
Nov 19: Private operations on Untrusted Servers/Storage
Nov 21: Privacy Issues in Data Anonymization
Nov 26: Privacy issues in Ubiquitous Computing (
.pdf
)
Can Ferris Bueller Still Have His Day Off? Protecting Privacy in the Wireless Era.
Devices That Tell On You: Privacy Trends in Consumer Ubiquitous Computing.
Optional reading:
RFID Security and Privacy: A Research Survey
Nov 28: Economics/Psycology/HCI with Privacy (Guest Lecture:
Jens Grossklags
)
Dec 3: Real-world case study (Guest lecture)
Dec 5: Poster Session 4-6pm.
Information above is subject to change.