CMSC 818O: Computer and Network Security

01/26 Introduction

The Security Mindset, Bruce Schneier
Why Information Security is Hard – An Economic Perspective, Ross Anderson

01/31 Ethics in Security Research

All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks, Leyla Bilge, Thorsten Strufe, Davide Balzarotti, Engin Kirda
Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests, Sam Burnett, Nick Feamster

Conducting Cybersecurity Research Legally and Ethically, Aaron J. Burstein
Federal guidelines for research involving human subjects
UMD's IRB process
Menlo Report
The Moral Character of Cryptographic Work, Phillip Rogaway
Keys Under Doormats: Mandating Security by Requiring Government Access to All Data and Communications, Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, Daniel J. Weitzner

02/02 Classic Memory Attacks & Defenses

Smashing the Stack for Fun and Profit, Aleph One
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, Heather Hinton

02/07 Modern Memory Attacks

The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86), Hovav Shacham
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities, David Wagner, Jeffrey S. Foster, Eric A. Brewer, Alexander Aiken

EXE: Automatically Generating Inputs of Death, Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, Dawson R. Engler
On the Effectiveness of Address-Space Randomization, Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, Dan Boneh
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns, Jonathan Pincus, Brandon Baker
AEG: Automatic Exploit Generation, Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, David Brumley
Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors, Periklis Akritidis, Manuel Costa, Miguel Castro, Steven Hand
English Shellcode, Joshua Mason, Sam Small, Fabian Monrose, Greg MacManus
Low-Level Software Security by Example, Ulfar Erlingsson, Yves Younan, Frank Piessens

02/09 Modern Memory Defenses

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, James Newsome, Dawn Song
Control-Flow Integrity: Principles, Implementations, and Applications, Martin Abadi, Mihai Budiu, Ulfar Erlingsson, Jay Ligatti

SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes, Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig
Nozzle: A Defense Against Heap-spraying Code Injection Attacks, Paruj Ratanaworabhan, Benjamin Livshits, Benjamin Zorn
Symbolic Execution for Software Testing: Three Decades Later, Cristian Cadar, Koushik Sen
Control Flow Integrity for COTS Binaries, Mingwei Zhang, R. Sekar
How to Make ASLR Win the Clone Wars: Runtime Re-Randomization, Kangjie Lu, Stefan Nürnberger, Michael Backes, Wenke Lee

02/14 Classic Web Security

Robust Defenses for Cross-Site Request Forgery, Adam Barth, Collin Jackson, John C. Mitchell
BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers, Mike Ter Louw, V.N. Venkatakrishnan

SQL Injection Attacks by Example, Steve Friedl
Protecting Websites from Attack with Secure Delivery Networks, David Gillman, Yin Lin, Bruce Maggs, Ramesh Sitaraman
OWASP Cheat Sheets
Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner, Adam Doupé, Ludovico Cavedon, Christopher Kruegel, Giovanni Vigna
Securing Browser Frame Communication, Adam Barth, Collin Jackson, John C. Mitchell
Web Security: Are You Part of the Problem?, Christian Heilmann
Cross-Site Request Forgeries: Exploitation and Prevention, William Zeller, Edward W. Felten

02/16 Modern Web Security

All Your iFrames Point to Us, Niels Provos, Panayiotis Mavrommatis, Moheeb Abu Rajab, Fabian Monrose
Clickjacking: Attacks and Defenses, Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart Schechter, Collin Jackson

Improving Application Security with Data Flow Assertions, Alexander Yip, Xi Wang, Nickolai Zeldovich, M. Frans Kaashoek
Beware of Finer-Grained Origins, Collin Jackson, Adam Barth
The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information, Suphannee Sivakorn, Iasonas Polakis, Angelos D. Keromytis
Eradicating DNS Rebinding with the Extended Same-Origin Policy, Martin Johns and Sebastian Lekies, Ben Stock

02/21 Mobile Security

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, Anmol N. Sheth
Android Permissions Demystified, Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner

You Can Run, but You Can’t Hide: Exposing Network Location for Targeted DoS Attacks in Cellular Networks, Zhiyun Qian, Zhaoguang Wang, Qiang Xu, Z. Morley Mao, Ming Zhang, Yi-Min Wang
Smart-Phone Attacks and Defenses, Chuanxiong Guo, Helen J. Wang, Wenwu Zhu
Securing Embedded User Interfaces: Android and Beyond, Franziska Roesner, Tadayoshi Kohno
PowerSpy: Location Tracking using Mobile Device Power Analysis, Yan Michalevsky, Aaron Schulman, Gunaa Arumugam, Veerapandian, Dan Boneh, Gabi Nakibly
Screen After Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory Images, Brendan Saltaformaggio, Rohit Bhatia, Xiangyu Zhang, Dongyan Xu, Golden G. Richard III

02/23 Cloud Security

A Security Analysis of Amazon’s Elastic Compute Cloud Service, Marco Balduzz, Jonas Zaddach, Davide Balzarotti, Engin Kirda, Sergio Loureiro
Secure Untrusted Data Repository (SUNDR), Jinyuan Li, Maxwell Krohn, David Mazières, Dennis Shasha

Maneuvering Around Clouds: Bypassing Cloud-based Security Providers, Thomas Vissers, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis

02/28 Isolation Defenses

Native Client: A Sandbox for Portable, Untrusted x86 Native Code, Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, Nicholas Fullagar
The Security Architecture of the Chromium Browser, Adam Barth, Colin Jackson, Charles Reis, Google Chrome Team

A Secure Environment for Untrusted Helper Applications: Confining the Wily Hacker, Ian Goldberg, David Wagner, Randi Thomas, Eric A. Brewer
Capsicum: practical capabilities for UNIX, Robert N. M. Watson, Jonathan Anderson, Ben Laurie, Kris Kennaway

03/02 Isolation Attacks

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, Thomas Ristenpart, Eran Tomer, Hovav Shacham, Stefan Savage
Exploiting the DRAM rowhammer bug to gain kernel privileges, Mark Seaborn, Thomas Dullien

Cross-VM Side Channels and Their Use to Extract Private Keys, Yinqian Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart
Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors, Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, Onur Mutlu
Flip Feng Shui: Hammering a Needle in the Software Stack, Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, Herbert Bos
Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida

03/07 Malware

Hunting For Metamorphic, Péter Ször, Peter Ferrie
Dissecting Android Malware: Characterization and Evolution, Yajin Zhou, Xuxian Jiang
Hey, you, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets, Yajin Zhou, Zhi Wang, Wu Zhou, Xuxian Jiang

Prudent Practices for Designing Malware Experiments: Status Quo and Outlook, Christian Rossow, Christian J. Dietrich, Chris Grier, Christian Kreibich, Vern Paxson, Norbert Pohlmann, Herbert Bos, Maarten van Steen
Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code, Marco Cova, Christopher Kruegel, Giovanni Vigna
The Ghost In The Browser Analysis of Web-based Malware, Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, Nagendra Modadugu
Towards Automatic Generation of Vulnerability-Based Signatures, David Brumley, James Newsome, Dawn Song, Hao Wang, Somesh Jha
Nazca: Detecting Malware Distribution in Large-Scale Networks, Luca Invernizzi, Stanislav Miskovic, Ruben Torres, Sabyasachi Saha, Sung-Ju Lee, Marco Mellia, Christopher Kruegel, Giovanni Vigna
WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices, Shane S. Clark, Benjamin Ransford, Amir Rahmati, Shane Guineau, Jacob Sorber, Kevin Fu, Wenyuan Xu
Sony’s DRM Rootkit: The Real Story, Bruce Schneier
Lessons from the Sony CD DRM Episode, J. Alex Halderman, Edward W. Felten

03/09 Worms

How to 0wn the Internet in Your Spare Time, Stuart Staniford, Vern Paxson, Nicholas Weaver
Characteristics of Internet Background Radiation, Ruoming Pang, Vinod Yegneswaran, Paul Barford, Vern Paxson, Larry Peterson

Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event, Abhishek Kumar, Vern Paxson, Nicholas Weaver
The Morris Worm: A Fifteen-Year Perspective, Hilarie Orman
Inside the Slammer Worm, David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford, Nicholas Weaver
W32.Stuxnet Dossier, Nicolas Falliere, Liam O Murchu, Eric Chien

03/14 Project Proposals

No papers

03/16 Midterm

No papers

03/21 Spring Break

No papers

03/23 Spring Break

No papers

03/28 TLS/SSL

TLS and SSL
The First Few Milliseconds of an HTTPS Connection, Jeff Moser
Analysis of SSL Certificate Reissues and Revocations in the Wake of Heartbleed, Liang Zhang, Dave Choffnes, Tudor Dumitras, Dave Levin, Alan Mislove, Aaron Schulman, Christo Wilson

ZMap: Fast Internet-wide Scanning and Its Security Applications, Zakir Durumeric, Eric Wustrow, J. Alex Halderman
A Tangled Mass: The Android Root Certificate Store, Narseo Vallina-Rodriguez, Johanna Amann, Christian Kreibich, Nicholas Weaver, Vern Paxson
Multi-Context TLS (mcTLS): Enabling Secure In-Network Functionality in TLS, David Naylor, Kyle Schomp, Matteo Varvello, Ilias Leontiadis, Jeremy Blackburn, Diego Lopez, Konstantina Papagiannaki, Pablo Rodriguez Rodriguez, Peter Steenkiste
Measuring the Security Harm of TLS Crypto Shortcuts, Drew Springall, Zakir Durumeric, J. Alex Halderman
DROWN: Breaking TLS using SSLv2, Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, Yuval Shavitt
SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements, Jeremy Clark, Paul C. van Oorschot
Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem, Frank Cangialosi, Taejoong Chung, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson
Current issues in SSL and TLS

03/30 Crypto Failures in Practice

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice, David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, Paul Zimmermann
The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software, Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, Vitaly Shmatikov

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices, Nadia Heninger, Zakir Durumeric, Eric Wustrow, J. Alex Halderman
Lessons Learned in Implementing and Deploying Crypto Software, Peter Gutmann
When Private Keys are Public: Results from the 2008 Debian OpenSSL Vulnerability, Scott Yilek, Eric Rescorla, Hovav Shacham, Brandon Enright, Stefan Savage
Why Cryptosystems Fail, Ross Anderson
An Empirical Study of Cryptographic Misuse in Android Applications, Manuel Egele, David Brumley, Yanick Fratantonio, Christopher Kruegel
You Get Where You’re Looking For: The Impact of Information Sources on Code Security, Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, Christian Stransky

04/04 User Authentication

The Tangled Web of Password Reuse, Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, XiaoFeng Wang
The End is Nigh: Generic Solving of Text-based CAPTCHAs, Elie Bursztein, Jonathan Aigrain, Angelika Moscicki, John C. Mitchell

Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks, Hristo Bojinov, Daniel Sanchez, Paul Reber, Dan Boneh, Patrick Lincoln
The science of guessing: analyzing an anonymized corpus of 70 million passwords, Joseph Bonneau

04/06 Usable Security

Users Are Not the Enemy, Anne Adams, Martina Angela Sasses
Android Permissions: User Attention, Comprehension, and Behavior, Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, David Wagner

Users Really Do Plug in USB Drives They Find, Matthew Tischer, Zakir Durumeric, Sam Foster, Sunny Duan, Alec Mori, Elie Bursztein, Michael Bailey
Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness, Devdatta Akhawe, Adrienne Porter Felt
Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0, Alma Whitten, J.D. Tygar
Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System, Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, Matt Blaze

04/11 TCP/IP Security

Off-Path TCP Exploits: Global Rate Limit Considered Dangerous, Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, Lisa M. Marvel
An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps, Muhammad Ikram, Narseo Vallina-Rodriguez, Suranga Seneviratne, Mohamed Ali Kaafar, Vern Paxson

Security Problems in the TCP/IP Protocol Suite, S.M. Bellovin

04/13 Botnets

Your Botnet is My Botnet: Analysis of a Botnet Takeover, Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna
Spamming Botnets: Signatures and Characteristics, Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, Ivan Osipkov

04/18 DoS Attacks

Inferring Internet Denial-of-Service Activity, David Moore, Geoffrey M. Voelker, Stefan Savage
Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse, Rob Sherwood, Ryan Braud, Bobby Bhattacharjee

Detecting SYN Flooding Attacks, Haining Wang, Danlu Zhang, Kang G. Shin

04/20 DoS Defenses

A DoS-limiting Network Architecture, Xiaowei Yang, David Wetherall, Thomas Anderson
Practical Support for IP Traceback, Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson

SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks, Abraham Yaar, Adrian Perrig, Dawn Song
Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks, Bryan Parno, Dan Wendlandt, Elaine Shi, Adrian Perrig, Bruce Maggs, Yih-Chun Hu

04/25 Building Anonymity

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms, David L. Chaum
Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, Paul Syverson

The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability, David Chaum
Shining Light in Dark Places: Understanding the Tor Network, Damon McCoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, Douglas Sicker
Tarzan: A Peer-to-Peer Anonymizing Network Layer, Michael J. Freedman, Robert Morris
P5: A Protocol for Scalable Anonymous Communication, Rob Sherwood, Bobby Bhattacharjee, Aravind Srinivasan
Dissent: Accountable Anonymous Group Messaging, Henry Corrigan-Gibbs, Bryan Ford
LASTor: A Low-Latency AS-Aware Tor Client, Masoud Akhoondi, Curtis Yu, and Harsha V. Madhyastha
SoK: Secure Messaging, Nik Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg, Matthew Smith

04/27 Breaking Anonymity

Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries, Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, Paul Syverson
Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services, Albert Kwon, Mashael AlSabah, David Lazar, Marc Dacier, Srinivas Devadas

How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID, Bruce Schneier
Judge confirms what many suspected: Feds hired CMU to break Tor, Cyrus Farivar
How much anonymity does network latency leak?, Nicholas Hopper, Eugene Y. Vasserman, Eric Chan-Tin
Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization, Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann
Ting: Measuring and Exploiting Latencies Between All Tor Nodes, Frank Cangialosi, Dave Levin, Neil Spring

05/02 Censorship Resistance

Examining How the Great Firewall Discovers Hidden Circumvention Servers, Roya Ensafi, David Fifield, Philipp Winter, Nick Feamster, Nicholas Weaver, Vern Paxson
Alibi Routing, Dave Levin, Youndo Lee, Luke Valenta, Zhihao Li, Victoria Lai, Cristian Lumezanu, Neil Spring, Bobby Bhattacharjee
Telex: Anticensorship in the Network Infrastructure, Eric Wustrow, Scott Wolchok, Ian Goldberg, J. Alex Halderman

Detecting Intentional Packet Drops on the Internet via TCP/IP Side Channels, Roya Ensafi, Jeffrey Knockel, Geoffrey Alexander, Jedidiah R. Crandall
SoK: Towards Grounding Censorship Circumvention in Empiricism, Michael Carl Tschantz, Sadia Afroz, Anonymous, Vern Paxson

05/04 Underground Economies

Click Trajectories: End-to-End Analysis of the Spam Value Chain, Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Márk Félegyházi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, Stefan Savage
Show Me the Money: Characterizing Spam-advertised Revenue, Chris Kanich, Nicholas Weaver, Damon McCoy, Tristan Halvorson, Christian Kreibich, Kirill Levchenko, Vern Paxson, Geoffrey M. Voelker, Stefan Savage

05/09 Project Presentations

No papers

05/11 Project Presentations

No papers

Reading Responses

01/26 Introduction

01/31 Ethics in Security Research

02/02 Classic Memory Attacks & Defenses

02/07 Modern Memory Attacks

02/09 Modern Memory Defenses

02/14 Classic Web Security

02/16 Modern Web Security

02/21 Mobile Security

02/23 Cloud Security

02/28 Isolation Defenses

03/02 Isolation Attacks

03/07 Malware

03/09 Worms

03/14 Project Proposals

03/16 Midterm

03/21 Spring Break

03/23 Spring Break

03/28 TLS/SSL

03/30 Crypto Failures in Practice

04/04 User Authentication

04/06 Usable Security

04/11 TCP/IP Security

04/13 Botnets

04/18 DoS Attacks

04/20 DoS Defenses

04/25 Building Anonymity

04/27 Breaking Anonymity

05/02 Censorship Resistance

05/04 Underground Economies

05/09 Project Presentations

05/11 Project Presentations