This page is organized by the weeks of the quarter in which lectures were given and papers assigned. The weeks are in inverse order, on the assumption you will most often be looking for the most recent week.
This class will be taught by Peter Reiher. There is no textbook. All readings will be papers, to be listed here.
The topic for this week is security for ubiquitous computing.
Slides:
Slides on security for ubiquitous computing.
Papers:
The Resurrecting Duckling: Security Issues in Ad-hoc Wireless Networks, Frank Stajano and Ross Anderson, Proc. Seventh Security Protocols Workshop, Berlin 2000.
An Authorization Infrastructure for Nomadic Computing, Kan Zhang and Tim Kindberg, In proceedings SACMAT 2002.
Another reading will be delivered to the class via email.
The topic for this week will be distributed denial of service (DDoS) attacks. I received a request to spend a bit more time discussing evaluation of security systems, last week's topic, so part of what we'll talk about in the context of DDoS attacks is measuring defense systems. Many issues pertinent to measuring DDoS defenses have analogs in measuring other types of security systems.
Slides:
Slides on distributed denial of service attacks.
Papers:
A Taxonomy of DDoS Attacks and DDos Defense Mechanisms, Jelena Mirkovic and Peter Reiher, Computer Communications Review, Vol. 34, No. 2, April 2004.
A Framework for a Collaborative DDoS Defense, George Oikonomou, Peter Reiher, Max Robinson, and Jelena Mirkovic, ACSAC 22, December 2006.
SOS: An Architecture for Mitigating DDoS Attacks, Angelos Keromytis, Vishal. Misra, and Dan Rubenstein, IEEE JSAC, vol. 22, no. 1, January 2004.
NetBouncer: Client-Legitimacy Based High Performance DDoS Filtering, R. THomas, B. Mark, T. Johnson, and J. Croall, DISCEX 2003.
The topic for this week will be how to test and measure security systems. There are no groups or reports this week, since I will not be here on Thursday the 15th. Also no readings.
Slides:
Slides on evaluating security systems.
The topic for this week will be privacy. The readings will cover various mechanisms to handle a variety of very different privacy problems.
Slides: Slides on privacy.
Papers:
"State-of-the-art in Privacy preserving Data Mining", V. Verykios, E. Bertino, I. Fovino, L. Provenza, Y. Saygin, and Y. Theodoridis, ACM SIGMOD Record, Vol. 33, No. 1, March 2004. This paper surveys various approaches to maintaining privacy in the face of data mining. The link is to an ACM portal. You will be able to access it from a UCLA address, but probably not from an off-campus address.
"Tor: The Second-Generation Onion Router", R. Dingledine, N. Mathewson, and Paul Syverson, Usenix Security Symposium, 2004. Tor is an improved version of onion routing that improves the security, privacy, and performance of the original onion routing mechanisms.
"Optimistic Security: A New Access Control Paradigm", D. Povey, New Security Paradigms Workshop, 1999. Optimistic security is not inherently a privacy-oriented technology, but might be usable for privacy purposes, as discussed in class. This paper is also from an ACM portal site, so you might need to access it from a UCLA address.
Protecting Privacy in Continuous Location-Tracking Applications, M. Gruteser and X. Liu, IEEE Security and Privacy, Vol. 2 No. 2, March/April 2004. This paper discusses various approaches to providing privacy when one is also providing location updates.
The topic for this week will be IP spoofing. The readings will cover various approaches to combating IP spoofing.
Slides: Slides on IP spoofing.
Papers:
"Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing," P. Ferguson, RFC 2827. (Available from many other sources, as well.) This RFC describes a simple form of filtering that can help limit IP spoofing.
"On the Effectiveness of Route-based Packet Filtering for Distributed DoS Attack Prevention in Power-law Internets", Kihong Park and H. Lee, Proceeding of the ACM SIGCOMM '01. This paper discusses how widely deployed network filtering capabilities would need to be to offer an effective defense against IP spoofing.
"SAVE: Source Address Validity Enforcement," Jun Li, Jelena Mirkovic, Mengqiu Wang, Peter Reiher, and Lixia Zhang, Infocom 2002. This paper describes a protocol that allows routers to determine the proper incoming interfaces for packets with particular IP source addresses. Tables of these kinds are assumed in Park's paper, above.
"Hop Count Filtering: An Effective Defense Against Spoofed DDoS Traffic," $hen Jin, Haining Wang, Kang G. Shin, 10th ACM Conference on Computer and Communications Security, 2003. This paper describes a technique to detect spoofing based on knowing the proper TTL values for packets arriving from particular sources. While targeted at DDoS, the technique is more generally related to spoofing.
The topic for this week will be web security. The readings will cover various common problems in web security and proposed approaches to dealing with them. An approach towards handling another of these problem classes will be presented and discussed.
Slides: Slides on web security issues.
Readings:
SQLrand: Preventing SQL Injection Attacks, Stephen Boyd and Angelos Keromytis, 2nd Applied Cryptography and Network Security (ACNS) Conference, 2004
Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis, Philip Vogt, Florian Nentwich, Nenand Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna, Network and Distributed Systems Security Symposium, 2007.
Abstracting Application-Level Web Security, David Scott and Richard Sharp, WWW 20002.
The topic for this week will be handling the problems created by botnets. The readings will mostly cover the issue of identifying bots. An approach towards combating them will be discussed in class.
Slides: Slides on botnets.
Readings:
Know Your Enemy: Tracking Botnets, Paul Bacher, Thorsten Holz, Markus Kotter, and Georg Wicherski, The Honeynet Project and Research Alliance, March 2005.
Using Uncleanliness to Predict Future Botnet Addresses, M. Collins, T. Shimeall, S. Faber, J. Janies, R. Weaver, M. De Shon, and J. Kadane, IMC 07, October 2007.
A Multifacted Approach to Understanding the Botnet Phenomenon, M. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, IMC 06, October 2006.
The Security Flag in the IPv4 Header, S. Bellovin, RFC 3514, April 1 2003. (Note the date.)
The topic for this week will be tracing data as it moves through an operating system, usually for purposes of ensuring that security policies are properly applied.
Slides: Slides on tracking security labels.
Readings:
Labels and Event Processes in the Asbestos Operating System,"Efstathopolous, Krohn, VanDeBogart, Frey, Ziegler, Kohler, Mazieres, Kaashoek, and Morris, SOSP, 2005.
Making Information Flow Explicit in HiStar,"Zeldovich, Boyd-Wickizer, Kohler, and Mazieres,OSDI 2006.
RIFLE: An Architectural Framework for User-Centric Information Flow Security, Vachharajani, Bridges, Chang, Rangan, Ottoni, Blome, Reis, Vachharajani, and August, Micro-37, 2004.
Information Protection Via Environmental Data Tethers,Beaumont-Gay, Eustice, Ramakrishna, and Reiher, New Security Paradigms Workshop, 2007.
Thursday, April 3
No class.
Tuesday, April 1
Here's an interesting blog entry on themes in modern cyberdefense. The author distilled these from his own experiences and from things he's heard from others about their experiences. Worth reading and thinking about.