This page is organized by the weeks of the quarter in which discussions were scheduled. The weeks are in inverse order, on the assumption you will most often be looking for the most recent week.
The syllabus for this class is here.
This class will be taught by Peter Reiher.
Dr. Reiher will be discussing security for two important Internet infrastructure services, DNS and BGP
Slides:
Slides on DNS and BGP security.
Readings:
A New Approach to DNS Security (DNSSEC), G. Ateniese and S. Mangard, 8th ACM Conference on Computer and Communications Security, 2001. The core introductory paper on DNSSEC.
Security Vulnerabilities in DNS and DNSSEC, S> Ariyapperuma and C. Mitchell, 2nd International Conference on Availability, Reliability, and Security, 2007.
Pretty Good BGP: Improving BGP by Cautiously Adopting Routes, J. Karlin, S. Forrest, and J. Rexford, Proceedings of International Conference on Network Protocols, 2006.
Design and Analysis of the Secure Border Gateway Protocol (S-BGP), S> Kent, C. Lynn, and K. Seo, DISCEX 2000.
Ran and Alan will be discussing forensics and anti-forensics.
Readings:
Computer Forensics, US-CERT, 2008.
Computer Forensics in Forensis,S. Peisert, M. Bishop, and K. Marzullo, ACM SIGOPS Operating Systems Review, 2008.
Forensic and Anti-Forensic Computing, C. Johansson, 2002.
Arriving at an Anti-Forensics Consensus: Examining How to Define and Control the Anti-Forensics Problem, R. Harris, Digital Forensic Research Workshop, 2006.
Jason and Aditya will be discussing innovative attacks on hardware.
Slides:
Readings:
USB HID attack article.
Second article on USB HID attack.
Firewire memory attack article.
Presentation on firewire memory attack.
Lest We Remember: Cold Boot Attacks on Encryption Keys, J. Halderman et al., Usenix Security Symposium, 2008.
Compromising Electromagnetic Emanations of Wired and Wireless Keyboards, M. Vuagnoux and S. Pasini, Usenix Security Symposium, 2009.
Acoustic Side-Channel Attacks on Printers", M. Backes et al., Usenix Security Symposium, 2010.
Article on attack on Bluetooth human interface device, C. Mulliner.
Veteran's Day - no class.
Vahab and Bernie will be discussing trust.
Slides:
Bernie and Vahab's presentation.
Readings:
A Survey of Trust in Computer Science and the Semantic Web, D. Artz and Y. Gil, Web Semantics: Science, Services, and Agents on the World Wide Web, Vol. 5, No. 2, June 2007. This article is probably only available from a UCLA address.
Reflections on Trusting Trust, K. Thompson, Communications of the ACM, Vol. 27, No. 8, Aug. 1984. Also probably only available from UCLA addresses.
Trust and Tamper-Proof Software Delivery, M. Naedele and T. Koch, SESS, 2006. Again, probably available only from UCLA addresses.
A Question of Programming Ethics, J. Atwood, March 7. 2008. Just read the story, don't bother with the comments.
Decentralized Trust Management, M. Blaze, J. Feigenbaum, and J. Lacy, IEEE Symposium on Security and Privacy, 1996.
Trust Models and Management in Public-Key Infrastructures, J. Linn, November 200.
Jiayi and Michael will be discussing web security.
Slides:
Readings:
Abstracting Application-Level Web Security, D. Scott and R. Sharp, WWWW 2002.
A Classification of SQL Injection Attacks and Countermeasures, W. Halfond, J. Viegas, and A. Orso, International Symposium on Secure Software Engineering, 2006.
An Introduction to Web Application Security, November 8, 2008.
Twitter Attack: An XSS Wake-Up Call, Kelly Jackson Higgins, Sept. 21 2010.
Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow, S. Chen, R. Wang, Z. Wang, and K. Zhang, IEEE Security and Privacy, May 2010.
Security in the Browser, T. Wadlow and V. Gorelik, Communications of the ACM, Vol 52, No. 5, May 2009.
There will be no class on Tuesday, November 2.
Stefano and Simardeep will lead a class on mobile malware.
Slides:
Stefano and Simardeep's slides.
Readings:
Is It Finally Tie To Worry About Mobile Malware?, G. Lawton, IEEE COmputer, 2008. This one should be downloadable from a UCLA address. Apparently some of the detection methods used by publication sites are now detecting some VPNs, so working over the UCLA VPN might or might not be successful.
Mobile and Ubiquitous MalwareY. Ho and S. Heng, MoMM09.
Ontology-based Mobile Malware Behavioral Analysis, H. Chiang and W. Tsaur, JWIS09.
SmartPhone Attacks and Defenses, C. Guo, H. Wang, and W. Zhu, Hotnets III, 2004.
Behavioral Detection of Malware on Mobile Handsets, A. Bhose, X. Hu, K. Shin, and T. Park, Mobisys 2008.
The midterm has been cancelled. Dr. Reiher will lead a discussion on handling threats caused by insiders to an organization.
Readings:
THis paper got assigned late, so I understand if you are unable to fully read it before class.
Survey of Insider Attack Detection Research, M. Ben Salem, S. Hershkop, and S. Stolfo, in Insider Attack and Cyber Security: Beyond the Hacker, Springer, 2008.
An article from the San Francisco Chronicle on a recent well-known case of an insider problem.
Thwarting an Internal Hacker,Bruce Schneier, Wall Street Journal, May 28, 2010. An article discussing cases of insider threats and methods of handling them.
The topic for this class is information flow tracking. It will be led by Oren and Shu.
Slides:
Readings:
Making Information Flow Explicit in HiStar, N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazieres, OSDI, 2006.
A Lattice Model of Secure Information Flow, D. Denning, Communications of the ACM, Vol. 19, No. 5, May 1976.
Non-Interference, Who Needs It?, P. Ryan, J. McLean, J. Millen, and V. Gligor, IEEE Computer Security Foundations Workshop, 2001.
Challenges for Information Flow Security, S. Zdancewic, Programming Language Interference and Dependence, 2004.
The topic for the day is malware analysis. The class will be led by Rohit and Ravi.
Readings:
The Ghost in the Browser: Analysis of Web-Based Malware, N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu, HotOS 2007.
Malware Analysis for Administrators, S.G. Masood, 2004.
An Analysis of Conficker's Logic and Rendezvous Points,P. Porras, H. Saidi, and V. Yegneswaran, 2009.
Automatic Reverse Engineering of Malware Emulators, M. Sharif, A. Lanzi, J. Giffin, and W. Lee, IEEE Security and Privacy, 2009.
The topic for this class is botnets. It will be led by Jason and Abhishek.
Slides:
Jason and Abhishek's presentation on botnets.
Readings:
Collective Defense: Applying Public Health Models to the Internet, Scott Charney, Microsoft White Paper, October 2010. This was issued just this week, in conjunction with a keynot address Mr. Charney made. It's not a new idea, but having Microsoft's Corporate VP for Trustworthy Computing endorse it is big news.
A Multifacted Approach to Understanding the Botnet Phenomenon, M. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, Sixth Sigcomm Conference on Internet Measurement, 2006.
Suppressing Bot Traffic With Accurate Human Attestation, M Jamshed, W. Kim, and K Park, ACM Asia-Pacific Workshop on Systems, 2010.
The topic for this class is privacy in social networks. It will be led by Nihilesh and Nishanth.
Readings:
An article on Facebook and privacy issues.
Privacy and security for online social networks: challenges and opportunities, C. Zhang, J. Sun, X. Zhu, and Y. Fang, IEEE Network, Vol 24, No 4, July-August 2010. This article should be reachable from UCLA addresses for free, but might not be from non-UCLA addresses.
Towards a Privacy-enhanced Social Networking Site, E. Aimeur, S. Gambs, and A. Ho, 2010 International Conference on Availability, Reliablity, and Security. This article should be reachable from UCLA addresses for free, but might not be from non-UCLA addresses.
An article on long-term implications of use of social networks.
A Practical Attack to De-Anonymize Social Network Users G. Wondracek, T. Holz, E. Kirda, and C. Kruegel, IEEE Symposiun on Security and Privacy, May 2010.
The topic for this class is social engineering. It will be led by Caleb and Smiti.
Slides:
Lecture 5, on social engineering.
Readings:
The Art of Deception, Kevin Mitnick, pages 15-18. The entire book is relevant, so you should consider reading more of it than the assignment.
Analysis and Defensive Tools for Social-Engineering Attacks on Computer Systems, Lena Laribee, David Barnes, Neil Rowe, and Craig Martell, Information Assurance Workshop, 2006. Note: this link leads to a site that allows free downloads from UCLA addresses, but not from addresses outside UCLA.
Social Engineering Fundamentals, Part I: Hacker Tactics, Sarah Granger, Symantec web page.
Social Engineering Fundamentals, Part II: Combat Strategies, Sarah Granger, Symantec web page.
The topic for this class is virtual machine security. It will be led by Sudeep and Gautam.
Slides:
Lecture 4, on security and virtualization.
Readings:
When Virtual is Harder Than Real: Security Challenges in Virtual Machine Based Computing Environments,Tal Garfinkle and Mendel Rosenblum, HotOS 2005.
A Gartner report on virtual machine security.
Virtual Machine Security Guidelines, Center for Internet Security, September 2007.
WMWare vShield App data sheet.
WMWare vShield Endpoint data sheet.
WMWare vShield edge data sheet.
Virtual Systems, Real Security Holes, Tech News World, September 27, 2010.
Virtualization Delivers Data Protections, Says Security Expert, ComputerWeekly.com, September 28, 2010.
Slides:
Lecture 3, on wiretapping the Internet.
Readings:
Most of the readings this week are web pages, not academic papers, due to the topical nature of the subject of this session.
A New York Times story on the US government's recently announced plans to require many Internet services to provide wiretapping capabilities.
A New York Times story on India's dispute with Research In Motion about access to Blackberry communications.
There are similarities between what the government is asking for now and the concept of key escrow, an approach to cryptography the US government pushed for hard in the late 1990s. Here's a critique of key escrow written by an extremely distinguished group of cryptographers and security experts. Some of the issues they discuss are particular to the hardware technology that was proposed in the 1990s, but others are likely to become part of the upcoming debate on this issue.
Slides:
Lecture 2, on DDoS attacks and defenses.
Readings:
A Taxonomy of DDoS Attacks and DDoS Defense Mechanism, Jelena Mirkovic and Peter Reiher, Computer Communications Review, Vol. 34, No. 2, April 2004. Useful for this class because it lays out a wide range of kinds of attacks and possible defenses.
Implementing Pushback: Router-Based Defense Against DDoS Attacks, John Ioannidis and Steve Bellovin, Network and Distributed Systems Security Symposium, 2002. The first important paper on putting DDoS defenses in the network core.
SOS: An Architecture for Mitigating DDoS Attacks, Angelos Keromytis, Vishal. Misra, and Dan Rubenstein, IEEE JSAC, vol. 22, no. 1, January 2004. The forefather of all other overlay-based approaches to DDoS defense.
Benchmarks for DDoS Defense Evaluation Jelena Mirkovic, E. Arikan, S. Wei, Sonia Fahmy, Roshan Thomas, and Peter Reiher, Proceedings of the Milcom 2006, October 2006. Discussion of how to evaluate DDoS defenses. Better versions of this paper came later, but this one is shorter.
Slides:
Readings:
None for first class.