CMCS 818J: Privacy Enhancing Technologies: From Theory to Practice
Fall 2012

Aug 30 Overview, Privacy Landscape
Optional: What is privacy worth?
Alessandro Acquisti, Leslie John, and George Loewenstein

Optional: Learning Your Identity and Disease from Research Papers: Information Leaks in Genome Wide Association Study
R. Wang, Y. Li, X. Wang, H. Tang and X. Zhou

Sep 04 & Sep 06 Goals
Homework 1

"These Aren't the Droids You're Looking For" Retrofitting Android to Protect Data from Imperious Applications.
Peter Hornyack et. al.

Separating Web Applications from User Data Storage with BStore
Ramesh Chandra, Priya Gupta, and Nickolai Zeldovich

Optional: REPRIV: Re-Envisioning In-Browser Privacy
Matthew Fredrikson and Ben Livshits

Optional: Jana: Platform protection for user privacy

Project groups formed
Sep 11 & Sep 13 Attacks
Homework 2

How to Break Anonymity of the Netflix Prize Dataset.
Arvind Narayanan and Vitaly Shmatikov

Memento: Learning Secrets from Process Footprints
Suman Jana and Vitaly Shmatikov

Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow
S. Chen, R. Wang, X. Wang and K. Zhang

Optional:"You Might Also Like:" Privacy Risks of Collaborative Filtering
Joseph A. Calandrino et. al.

De-anonymizing Social Networks
Arvind Narayanan and Vitaly Shmatikov

Optional: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds
Tom Ristenpart et. al.

Optional: Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud
Zhenyu Wu et. al.

Sep 18 & Sep 20 Trusted Computing/Trusted Hardware
Homework 3

Flicker: Minimal TCB Code Execution
McCune et. al.

TrustVisor: Efficient TCB Reduction and Attestation.
Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig

Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services
Nuno Santos et. al.

Optional:Memoir: Practical State Continuity for Protected Modules
Parno et. al.

Optional: BIND: A Fine-grained Attestation Service for Secure Distributed Systems.
Elaine Shi, Adrian Perrig, Leendert Van Doorn.

Optional: vTPM: Virtualizing the Trusted Platform Module.
Stefan Berger, Ramon Caceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doorn

Optional: Seeding Clouds with Trust Anchors
Schiffman et. al.

Project proposal due
Sep 25 & Sep 27 Virtualization, Isolation, Minimal TCB
Homework 4

NoHype: Virtualized cloud infrastructure without the virtualization
Eric Keller, Jakub Szefer, Jennifer Rexford, and Ruby B. Lee

SnowFlock: Rapid Virtual Machine Cloning for Cloud Computing
Lagar-Cavilla et. al.

Content-Based Isolation: Rethinking Isolation Policy in Modern Client Systems
Alexander Moshchuk, Helen J. Wang, Yunxin Liu

Optional: Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems
Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R.K. Ports

Optional: NOVA: A Microhypervisor-Based Secure Virtualization Architecture
Udo Steinberg and Bernhard Kauer

Oct 02 & Oct 04 Network-level Anonymity
Guest lecturer: Dave Levin
Homework 5

Tor: The Second-Generation Onion Router
Roger Dingledine, Nick Mathewson, and Paul Syverson

The Dining Cryptographers Problem
David Chaum

Optional: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms
David L. Chaum

Optional: The Social Cost of Cheap Pseudonyms
Eric J. Friedman and Paul Resnick

Optional: P5: A Protocol for Scalable Anonymous Communications
Rob Sherwood, Bobby Bhattacharjee, Aravind Srinivasan

Optional: Virtual Trip Lines for Distributed Privacy-Preserving Traffic Monitoring
Baik Hoh et al.

Oct 09 & Oct 11 Differential Privacy
Homework 6

Cynthia Dwork's video tutoial on DP

Differential Privacy (Invited talk at ICALP 2006)
Cynthia Dwork

Privacy Integrated Queries
Frank McSherry

Optional: GUPT: Privacy Preserving Data Analysis Made Easy
Mohan et. al.

Optional: The Differential Privacy Frontier
Cynthia Dwork

Oct 16 & Oct 18 Cryptography
Guest Lecturer: Dov Gordon
Homework 7

Optional Reading:

Optional: Multiparty Computation from Threshold Homomorphic Encryption
Ronald Cramer, Ivan Damgar, and Jesper Buus Nielsen

Optional: Fully Homomorphic Encryption over the Integers
Marten van Dijk, Craig Gentry, Shai Halevi, and Vinod Vaikuntanathan

Optional: Practical Techniques for Searching on Encrypted Data
Dawn Song, David Wagner, and Adrian Perrig

Optional: Conjunctive, Subset, and Range Queries on Encrypted Data
Dan Boneh and Brent Waters

Optional: Multi-Dimensional Range Query over Encrypted Data.
Elaine Shi, John Bethencourt, T-H. Hubert Chan, Dawn Song, and Adrian Perrig

Optional: Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products
Jonathan Katz, Amit Sahai, and Brent Waters

Optional: An efficient system for non-transferable anonymous credentials with optional anonymity revocation
Jan Camenisch, Anna Lysyanskaya

Oct 23 & Oct 25 More on crypto and DP
Homework 8

Sample and Aggregate

Anonymous Authentication

Oct 30 & Nov 01 Side-Channel Defenses
Homework 9

STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud
Taesoo Kim et. al.

Predictive Mitigation of Timing Channels in Interactive Systems
Danfeng Zhang et. al.

Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors
Coppens et. al.

Oblivious RAM with O(log N ^ 3) Worst-Case Cost.
Elaine Shi, T-H. Hubert Chan, Emil Stefanov, Mingfei Li.

Project milestone
Nov 06 & Nov 08 Applications
Homework 10

Privacy-Aware Personalization for Mobile Advertising
Michaela Gotz and Suman Nath

Persona: An Online Social Network with User-Defined Privacy
Randy Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee, Daniel Starin

Adnostic: Privacy Preserving Targeted Advertising
Vincent Toubiana, Arvind Narayanan, Dan Boneh, Helen Nissenbaum, Solon Barocas

Optional Reading:

CryptDB: A Practical Encrypted Relational DBMS
Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan

Differentially-Private Network Trace Analysis
Frank McSherry and Ratul Mahajan

BotGrep: Finding P2P Bots with Structured Graph Analysis
Shishir Nagaraja, Prateek Mittal, Chi-Yao Hong, Matthew Caesar, and Nikita Borisov

Nov 13 & Nov 15 Application Framework
Guest Lecturer (for the Koi paper): Matthew Lentz
Homework 11

Koi: A Location-Privacy Platform for Smartphone Apps
Saikat Guha, Mudit Jain, and Venkata N. Padmanabhan

A Software-Hardware Architecture for Self-Protecting Data
Yu-Yuan Chen et. al.

Optional: Airavat: Security and Privacy for MapReduce
Indrajit Roy, Srinath T.V. Setty, Ann Kilzer, Vitaly Shmatikov, and Emmett Witchel

Optional: SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics
Martin Burkhart, Mario Strasser, Dilip Many, and Xenofontas
Dimitropoulos, ETH Zurich, Switzerland

Nov 20 (Nov 22 is Thanksgiving holiday) Programming Languages and Information Flow Tracking
Guest Lecturer: Michael Hicks
Homework 12

Language-Based Information-Flow Security
Andrei Sabelfeld and Andrew C. Myers

Quantifying Information Flow with Beliefs
Michael R. Clarkson, Andrew C. Myers, and Fred B. Schneider

Dynamic Enforcement of Knowledge-based Security Policies

Optional Reading:

Measuring Channel Capacity to Distinguish Undue Influence
James Newsome, Stephen McCamant, and Dawn Song

Improving Application Security with Data Flow Assertions

Pointless Tainting? Evaluating the Practicality of Pointer Tainting

Information Flow Control for Standard OS Abstractions

Quantitative information flow as network flow capacity

Making information flow explicit in HiStar

Nov 27 & Nov 29 Policy, Economics, Usability
The Psychology of Security for the Home Computer User
Adele E. Howe et. al.

User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems
Franziska Roesner et. al.

Dec 04 & Dec 06 Misc.
Guest Lecturer: Yan Huang
Homework 13

Faster Secure Two-Party Computation Using Garbled Circuits
Yan Huang, David Evans, Jonathan Katz, Lior Malka

Dec 11 Project Presentations