CSC-574 Computer and Network Security

Date	Topic	Discussions (do readings before class)
8/17/16	Introduction (slides)
8/22/16	Control hijacking attacks (1/2) (slides)	Smashing The Stack For Fun And Profit (link) Basic Integer Overflows (link)
8/24/16	Control hijacking attacks (2/2) (slides)	The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) (link) [CCS'07]
8/29/16	Unix (slides)	Setuid Demystified (link) [USENIX Security'02]
8/31/16	Windows (slides)	17 Mistakes Microsoft Made in the Xbox Security System (link)
09/05/16	Holiday (Labor Day) - No class
09/07/16	Computer Forensics (slides)	Robust Signatures for Kernel Data Structures (link) [CCS'09]
09/12/16	Reverse Engineering 1 (slides)	Using a Decompiler for Real-World Source Recovery (link) [WCRE'04]
09/14/16	Reverse Engineering 2 (slides)	Automatic Reverse Engineering of Data Structures from Binary Execution (link) [NDSS'10]
9/19/16	Symbolic Execution (slides)	KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs (link) [OSDI'08]
9/21/16	Fuzzing (slides)	TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection (link) [S&P'10]
9/26/16	Malicious Code (slides)	Static Analysis of Executables to Detect Malicious Patterns (link) [USENIX Security'03]
9/28/16	Botnets and Cybercrime (slides)	Your botnet is my botnet: analysis of a botnet takeover (link) [CCS'09]
10/3/16	Social Networks Security (slides)	COMPA: Detecting Compromised Accounts on Social Networks (link) [NDSS'13]
10/5/16	Sandboxing Applications (slides)	Native Client: A Sandbox for Portable, Untrusted x86 Native Code (link) [S&P'09]
10/10/16	Midterm Exam
10/12/16	Web Security 1 (slides)	no reading - introduction
10/17/16	Web Security 2 (slides)	Noxes: a client-side solution for mitigating cross-site scripting attacks (link) [SAC'06]
10/19/16	Web Security 3 (slides)	CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy (link) [CCS'16]
10/24/16	Web Security 4 (slides)	SQLrand: Preventing SQL injection attacks (link) [ACNS'04]
10/26/16	Web Security 5 (slides)	Fear the EAR: discovering and mitigating execution after redirect vulnerabilities (link) [CCS'11]
10/31/16	Browser Extensions (slides)	Hulk: Eliciting Malicious Behavior in Browser Extensions (link) [USENIX Security'14]
11/2/16	Evasive Web-based Malware (slides)	Revolver: An Automated Approach to the Detection of Evasive Web-based Malware (link) [USENIX Security'13]
11/7/16	TCP/IP (slides)	Security problems in the TCP/IP protocol suite (link)
11/9/16	DNS (slides)	An Illustrated Guide to the Kaminsky DNS Vulnerability (link)
11/14/16	Network Security (slides)	Programming with Libpcap (link)
11/16/16	Wireless Security (slides)	Practical Verification of WPA-TKIP Vulnerabilities (link)
11/21/16	Firewalls and IDS (slides)	Network Intrusion Detection: Dead or Alive? (link)
11/23/16	Thanksgiving - No class
11/28/16	Anonymity and Privacy (slides)	Tor: The Second-Generation Onion Router (link)
11/30/16	Final Exam