CMSC 614: Computer and Network Security

No Encore for Encore? Ethical questions for web-based censorship measurement, Arvind Narayanan, Bendert Zevenbergen
You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning, Shitong Zhu, Shasha Li, Zhongjie Wang, Xun Chen, Zhiyun Qian, Srikanth V. Krishnamurthy, Kevin S. Chan, Ananthram Swami
Keys Under Doormats: Mandating Security by Requiring Government Access to All Data and Communications, Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, Daniel J. Weitzner

9/8 Cryptography Intro / TLS

The First Few Milliseconds of an HTTPS Connection, Jeff Moser
Keyless SSL: The Nitty Gritty Technical Details, Nick Sullivan

Multi-Context TLS (mcTLS): Enabling Secure In-Network Functionality in TLS, David Naylor, Kyle Schomp, Matteo Varvello, Ilias Leontiadis, Jeremy Blackburn, Diego Lopez, Konstantina Papagiannaki, Pablo Rodriguez Rodriguez, Peter Steenkiste

9/13 The Certificate Ecosystem

Analysis of SSL Certificate Reissues and Revocations in the Wake of Heartbleed, Liang Zhang, Dave Choffnes, Tudor Dumitras, Dave Levin, Alan Mislove, Aaron Schulman, Christo Wilson
A Tangled Mass: The Android Root Certificate Store, Narseo Vallina-Rodriguez, Johanna Amann, Christian Kreibich, Nicholas Weaver, Vern Paxson

SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements, Jeremy Clark, Paul C. van Oorschot
ZMap: Fast Internet-wide Scanning and Its Security Applications, Zakir Durumeric, Eric Wustrow, J. Alex Halderman
Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem, Frank Cangialosi, Taejoong Chung, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson
CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers, James Larisch, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson

9/15 Crypto Failures in Practice

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices, Nadia Heninger, Zakir Durumeric, Eric Wustrow, J. Alex Halderman
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice, David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, Paul Zimmermann

When Private Keys are Public: Results from the 2008 Debian OpenSSL Vulnerability, Scott Yilek, Eric Rescorla, Hovav Shacham, Brandon Enright, Stefan Savage
Measuring the Security Harm of TLS Crypto Shortcuts, Drew Springall, Zakir Durumeric, J. Alex Halderman
The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software, Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, Vitaly Shmatikov
DROWN: Breaking TLS using SSLv2, Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, Yuval Shavitt
Lessons Learned in Implementing and Deploying Crypto Software, Peter Gutmann
Why Cryptosystems Fail, Ross Anderson
An Empirical Study of Cryptographic Misuse in Android Applications, Manuel Egele, David Brumley, Yanick Fratantonio, Christopher Kruegel
You Get Where You're Looking For: The Impact of Information Sources on Code Security, Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, Christian Stransky

9/20 Building Anonymity

Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, Paul Syverson

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms, David L. Chaum
The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability, David Chaum
Shining Light in Dark Places: Understanding the Tor Network, Damon McCoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, Douglas Sicker
Tarzan: A Peer-to-Peer Anonymizing Network Layer, Michael J. Freedman, Robert Morris
P5: A Protocol for Scalable Anonymous Communication, Rob Sherwood, Bobby Bhattacharjee, Aravind Srinivasan
Dissent: Accountable Anonymous Group Messaging, Henry Corrigan-Gibbs, Bryan Ford
LASTor: A Low-Latency AS-Aware Tor Client, Masoud Akhoondi, Curtis Yu, and Harsha V. Madhyastha
Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis, Jelle van den Hoof, David Lazar, Matei Zaharia, Nickolai Zeldovich
SoK: Secure Messaging, Nik Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg, Matthew Smith

9/22 Breaking Anonymity

Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries, Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, Paul Syverson
Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services, Albert Kwon, Mashael AlSabah, David Lazar, Marc Dacier, Srinivas Devadas

How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID, Bruce Schneier
Judge confirms what many suspected: Feds hired CMU to break Tor, Cyrus Farivar
How much anonymity does network latency leak?, Nicholas Hopper, Eugene Y. Vasserman, Eric Chan-Tin
Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization, Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann
Ting: Measuring and Exploiting Latencies Between All Tor Nodes, Frank Cangialosi, Dave Levin, Neil Spring

9/27 Censorship Resistance

Examining How the Great Firewall Discovers Hidden Circumvention Servers, Roya Ensafi, David Fifield, Philipp Winter, Nick Feamster, Nicholas Weaver, Vern Paxson
Geneva: Evolving Censorship Evasion Strategies, Kevin Bock, George Hughey, Xiao Qiang, Dave Levin

Alibi Routing, Dave Levin, Youndo Lee, Luke Valenta, Zhihao Li, Victoria Lai, Cristian Lumezanu, Neil Spring, Bobby Bhattacharjee
Detecting Intentional Packet Drops on the Internet via TCP/IP Side Channels, Roya Ensafi, Jeffrey Knockel, Geoffrey Alexander, Jedidiah R. Crandall
SoK: Towards Grounding Censorship Circumvention in Empiricism, Michael Carl Tschantz, Sadia Afroz, Anonymous, Vern Paxson
Come as You Are: Helping Unmodified Clients Bypass Censorship with Server-side Evasion, Kevin Bock, George Hughey, Louis-Henri Merino, Tania Arya, Daniel Liscinsky, Regina Pogosian, Dave Levin

9/29 Protocol Obfuscation

Telex: Anticensorship in the Network Infrastructure, Eric Wustrow, Scott Wolchok, Ian Goldberg, J. Alex Halderman
The Parrot is Dead: Observing Unobservable Network Communications, Amir Houmansadr, Chad Brubaker, Vitaly Shmatikov

Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob?, Charles V. Wright, Lucas Ballard, Fabian Monrose, Gerald M. Masson
Blocking-resistant communication through domain fronting, David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, Vern Paxson
Cover Your ACKs: Pitfalls of Covert Channel Censorship Circumvention, John Geddes, Max Schuchard, Nicholas Hopper
SkypeMorph: Protocol Obfuscation for Tor Bridges, Hooman Mohajeri Moghaddam, Baiyu Li, Mohammad Derakhshani, Ian Goldberg
CovertCast: Using Live Streaming to Evade Internet Censorship, Richard McPherson, Amir Houmansadr, Vitaly Shmatikov

10/4 Botnets

Understanding the Mirai Botnet, Manos Antonakakis et al.
Your Botnet is My Botnet: Analysis of a Botnet Takeover, Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna

Hajime: Analysis of a decentralized internet worm for IoT devices, Sam Edwards, Ioannia Profetis
Spamming Botnets: Signatures and Characteristics, Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, Ivan Osipkov

10/6 User Authentication

The Tangled Web of Password Reuse, Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, XiaoFeng Wang
Detecting Credential Spearphishing Attacks in Enterprise Settings, Grant Ho, Aashigh Sharma, Mobin Javed, Vern Paxson, David Wagner

unCaptcha: A Low-Resource Defeat of reCaptcha's Audio Challenge, Kevin Bock, Daven Patel, George Hughey, Dave Levin
The End is Nigh: Generic Solving of Text-based CAPTCHAs, Elie Bursztein, Jonathan Aigrain, Angelika Moscicki, John C. Mitchell
Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks, Hristo Bojinov, Daniel Sanchez, Paul Reber, Dan Boneh, Patrick Lincoln
The science of guessing: analyzing an anonymized corpus of 70 million passwords, Joseph Bonneau

10/11 Usable Security

Users Are Not the Enemy, Anne Adams, Martina Angela Sasses
A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web, Elissa M. Redmiles, Noel Warford, Amritha Jayanti, Aravind Koneru, Sean Kross, Miraida Morales, Rock Stevens, Michelle L. Mazurek

Android Permissions: User Attention, Comprehension, and Behavior, Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, David Wagner
Users Really Do Plug in USB Drives They Find, Matthew Tischer, Zakir Durumeric, Sam Foster, Sunny Duan, Alec Mori, Elie Bursztein, Michael Bailey
Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness, Devdatta Akhawe, Adrienne Porter Felt
Why (Special Agent) Johnny (Still) Can't Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System, Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, Matt Blaze
Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0, Alma Whitten, J.D. Tygar

10/13 Project Proposals

10/18 Classic Memory Attacks/Defenses

Smashing the Stack for Fun and Profit, Aleph One
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, Heather Hinton

SoK: Eternal War in Memory, Laszlo Szekeres, Mathias Payer, Tao Wei, Dawn Song
Basic Integer Overflows, blexim
Exploiting Format String Vulnerabilities, scut

10/20 Modern Memory Attacks

The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86), Hovav Shacham
EXE: Automatically Generating Inputs of Death, Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, Dawson R. Engler

A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities, David Wagner, Jeffrey S. Foster, Eric A. Brewer, Alexander Aiken
On the Effectiveness of Address-Space Randomization, Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, Dan Boneh
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns, Jonathan Pincus, Brandon Baker
AEG: Automatic Exploit Generation, Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, David Brumley
Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors, Periklis Akritidis, Manuel Costa, Miguel Castro, Steven Hand
English Shellcode, Joshua Mason, Sam Small, Fabian Monrose, Greg MacManus
Low-Level Software Security by Example, Ulfar Erlingsson, Yves Younan, Frank Piessens

10/25 Modern Memory Defenses

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, James Newsome, Dawn Song
Control-Flow Integrity: Principles, Implementations, and Applications, Martin Abadi, Mihai Budiu, Ulfar Erlingsson, Jay Ligatti

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, Anmol N. Sheth
SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes, Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig
Nozzle: A Defense Against Heap-spraying Code Injection Attacks, Paruj Ratanaworabhan, Benjamin Livshits, Benjamin Zorn
Symbolic Execution for Software Testing: Three Decades Later, Cristian Cadar, Koushik Sen
Control Flow Integrity for COTS Binaries, Mingwei Zhang, R. Sekar
How to Make ASLR Win the Clone Wars: Runtime Re-Randomization, Kangjie Lu, Stefan Nürnberger, Michael Backes, Wenke Lee

10/27 Malware

Hunting For Metamorphic, Péter Ször, Peter Ferrie
The Ghost In The Browser Analysis of Web-based Malware, Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, Nagendra Modadugu

Dissecting Android Malware: Characterization and Evolution, Yajin Zhou, Xuxian Jiang
Hey, you, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets, Yajin Zhou, Zhi Wang, Wu Zhou, Xuxian Jiang
All Your iFrames Point to Us, Niels Provos, Panayiotis Mavrommatis, Moheeb Abu Rajab, Fabian Monrose
Android Permissions Demystified, Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner
Prudent Practices for Designing Malware Experiments: Status Quo and Outlook, Christian Rossow, Christian J. Dietrich, Chris Grier, Christian Kreibich, Vern Paxson, Norbert Pohlmann, Herbert Bos, Maarten van Steen
Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code, Marco Cova, Christopher Kruegel, Giovanni Vigna
Towards Automatic Generation of Vulnerability-Based Signatures, David Brumley, James Newsome, Dawn Song, Hao Wang, Somesh Jha
Nazca: Detecting Malware Distribution in Large-Scale Networks, Luca Invernizzi, Stanislav Miskovic, Ruben Torres, Sabyasachi Saha, Sung-Ju Lee, Marco Mellia, Christopher Kruegel, Giovanni Vigna
WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices, Shane S. Clark, Benjamin Ransford, Amir Rahmati, Shane Guineau, Jacob Sorber, Kevin Fu, Wenyuan Xu
Sony's DRM Rootkit: The Real Story, Bruce Schneier
Lessons from the Sony CD DRM Episode, J. Alex Halderman, Edward W. Felten

11/1 Machine Learning Security

Towards Evaluating the Robustness of Neural Networks, Nicholas Carlini, David Wagner
When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks, Octavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daume III, and Tudor Dumitras

Robust Physical-World Attacks on Deep Learning Visual Classification, Kevin Eykholt, Ivan Evtimov, Earlence Fernandes, Bo Li, Amir Rahmati, Chaowei Xiao, Atul Prakash, Tadayoshi Kohno, Dawn Song
Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning, Erwin Quiring, David Klein, Daniel Arp, Martin Johns, and Konrad Rieck
Explanation-Guided Backdoor Poisoning Attacks Against Malware Classifiers, Giorgio Severi, Jim Meyer, Scott Coull, Alina Oprea
Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks, Ali Shafahi, W. Ronny Huang, Mahyar Najibi, Octavian Suciu, Christoph Studer, Tudor Dumitras, Tom Goldstein
Towards Deep Learning Models Resistant to Adversarial Attacks, Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, Adrian Vladu
Detecting Adversarial Examples Is (Nearly) As Hard As Classifying Them, Florian Tramèr

11/3 Privacy Attacks on Machine Learning

Membership Inference Attacks against Machine Learning Models, Reza Shokri, Marco Stronati, Congzheng Song, Vitaly Shmatikov
Extracting Training Data from Large Language Models, Nicholas Carlini, Florian Tramer, Eric Wallace, Matthew Jagielski, Ariel Herbert-Voss, Katherine Lee, Adam Roberts, Tom Brown, Dawn Song, Ulfar Erlingsson, Alina Oprea, Colin Raffel

The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks, Nicholas Carlini, Chang Liu, Úlfar Erlingsson, Jernej Kos, Dawn Song
Deep Learning with Differential Privacy, Martín Abadi, Andy Chu, Ian Goodfellow, H. Brendan McMahan, Ilya Mironov, Kunal Talwar, Li Zhang
Differential Privacy Has Disparate Impact on Model Accuracy, Eugene Bagdasaryan, Vitaly Shmatikov
Evaluating Differentially Private Machine Learning in Practice, Bargav Jayaraman, David Evans
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures, Matt Fredrikson, Somesh Jha, Thomas Ristenpart
Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning, Milad Nasr, Reza Shokri, Amir Houmansadr

11/8 Classic Web Security

BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers, Mike Ter Louw, V.N. Venkatakrishnan
Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner, Adam Doupé, Ludovico Cavedon, Christopher Kruegel, Giovanni Vigna
Securing Browser Frame Communication, Adam Barth, Collin Jackson, John C. Mitchell
Web Security: Are You Part of the Problem?, Christian Heilmann
Cross-Site Request Forgeries: Exploitation and Prevention, William Zeller, Edward W. Felten
Robust Defenses for Cross-Site Request Forgery, Adam Barth, Collin Jackson, John C. Mitchell
SQL Injection Attacks by Example, Steve Friedl

11/10 Modern Web Security

Protecting Websites from Attack with Secure Delivery Networks, David Gillman, Yin Lin, Bruce Maggs, Ramesh Sitaraman
Clickjacking: Attacks and Defenses, Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart Schechter, Collin Jackson

Improving Application Security with Data Flow Assertions, Alexander Yip, Xi Wang, Nickolai Zeldovich, M. Frans Kaashoek
Beware of Finer-Grained Origins, Collin Jackson, Adam Barth
The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information, Suphannee Sivakorn, Iasonas Polakis, Angelos D. Keromytis
Eradicating DNS Rebinding with the Extended Same-Origin Policy, Martin Johns and Sebastian Lekies, Ben Stock

11/15 Networking Intro

11/17 TCP/IP Security

Off-Path TCP Exploits: Global Rate Limit Considered Dangerous, Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, Lisa M. Marvel
An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps, Muhammad Ikram, Narseo Vallina-Rodriguez, Suranga Seneviratne, Mohamed Ali Kaafar, Vern Paxson

Security Problems in the TCP/IP Protocol Suite, S.M. Bellovin

11/22 DoS Attacks

Inferring Internet Denial-of-Service Activity, David Moore, Geoffrey M. Voelker, Stefan Savage
Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse, Rob Sherwood, Ryan Braud, Bobby Bhattacharjee

Detecting SYN Flooding Attacks, Haining Wang, Danlu Zhang, Kang G. Shin

11/24 Thanksgiving

11/29 VPNs

OpenVPN Is Open to Fingerprinting, Diwen Xue, Reethika Ramesh, Arham Jain, Michalis Kallitsis, J. Alex Halderman, Jedidiah R. Crandall, Roya Ensafi

Security and Privacy of VPNs Running on Windows 10, Yael Grauer
How to Catch when Proxies Lie: Verifying the Physical Locations of Network Proxies with Active Geolocation, Zachary Weinberg, Shinyoung Cho, Nicolas Christin, Vyas Sekar, and Phillipa Gill
Finding Proxy Users at the Service Using Anomaly Detection, Allen T. Webb, A. L. Narasima Reddy

12/1 Underground Economies

Click Trajectories: End-to-End Analysis of the Spam Value Chain, Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Márk Félegyházi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, Stefan Savage
Hack for Hire: Exploring the Emerging Market for Account Hijacking, Ariana Mirian, Joe DeBlasio, Stefan Savage, Geoffrey M. Voelker, Kurt Thomas

Show Me the Money: Characterizing Spam-advertised Revenue, Chris Kanich, Nicholas Weaver, Damon McCoy, Tristan Halvorson, Christian Kreibich, Kirill Levchenko, Vern Paxson, Geoffrey M. Voelker, Stefan Savage

Reading Responses

8/30 Introduction

9/1 Ethics & Law in Security Research: Background

9/6 Ethics & Law in Security Research: Case Studies

9/8 Cryptography Intro / TLS

9/13 The Certificate Ecosystem

9/15 Crypto Failures in Practice

9/20 Building Anonymity

9/22 Breaking Anonymity

9/27 Censorship Resistance

9/29 Protocol Obfuscation

10/4 Botnets

10/6 User Authentication

10/11 Usable Security

10/13 Project Proposals

10/18 Classic Memory Attacks/Defenses

10/20 Modern Memory Attacks

10/25 Modern Memory Defenses

10/27 Malware

11/1 Machine Learning Security

11/3 Privacy Attacks on Machine Learning

11/8 Classic Web Security

11/10 Modern Web Security

11/15 Networking Intro

11/17 TCP/IP Security

11/22 DoS Attacks

11/24 Thanksgiving

11/29 VPNs

12/1 Underground Economies

12/6 Project presentations (1/2)

12/8 Project presentations (2/2)