This page is organized by the weeks of the quarter in which discussions were scheduled. The weeks are in inverse order, on the assumption you will most often be looking for the most recent week.
This class will be taught by Peter Reiher.
Spreadsheet showing topics, schedule, and current assignments.
Here is a list of papers for the class. A few more papers will be added as the course goes on, but this is the bulk of the papers.
Monday is a holiday, so there will be no class.
Papers for Wednesday:
These papers are on interesting topics relevant to the general theme of the class, but not fitting handily into a particular category. We will also spend time in this session discussing overall network security issues and anything that wasn't wrapped up in previous classes.
Using Replication and Partitioning to Build Secure Distributed Systems, L. Zheng, S. Chong, A. Myers, and S. Zdancewic, IEEE Symposium on Security and Privacy, 2003.
The Design and Implementation of Datagram TLS, N. Modadugu and E. Rescoria, NDSS 2004.
Papers:
Secure Interactions With Untrusted Systems
Terra: A Virtual Machine-Based Platform for Trusted Computing, T. Garfinkel, B> Pfaff, J. Chow, M. Rosenblum, and D. Boneh, SOSP, December 2003. This paper describes how to make practical use of trusted computing hardware to build a trusted virtual machine.
Establishing the Genuinity of Remote Computer Systems, Rick Kennell and Leah Jamieson, Usenix Security Symposium, July 2003. This paper describes how to run tests that offer you a high degree of assurance that a remote machine is the kind of machine it claims to be.
Samsara: Honor Among Thieves in Peer-to-Peer Storage, Landon P. Cox and Brian Noble, SOSP, December 2003. This paper describes how to address a problem of remote trust for a particular networked application, sharing storage among a group of peers.
Handling Compromised Hosts and Security Alert Systems
Resilient Self-Organizing Overlay Networks for Security Update Delivery, J. Li, P. Reiher, and G. Popek, IEEE Journal on Selected Areas in Communications, vol. 22, no. 1, January 2004
Indra: A Peer-to-Peer Approach to Network Intrusion Detection And Prevention , Ramaprabhu Janakiraman, Marcel Waldvogel, Qi Zhang, Wetice 2003.
Web pages:
Walter S. Mossberg, an influential technology columnist for the Wall Street Journal, published an article about a month ago that called for software manufacturers and other security professionals to stop blaming users when their machines became compromised. Instead, he argued professionals in the field have the responsibility to build software that is less likely to be compromised. His article appears to be unavailable on-line, but here is an excerpt from the column that encapsulates his argument.
"Stop Being a Victim," Tim Mullen, Security Focus, April 27 2004. A rebuttal to the Mossberg column.
US Government Computer Emergency Response Team Web site. This site contains information about the mechanisms the government is using to disseminate important news about computer vulnerabilities.
Slides: Lecture 11.
Papers:
Privacy
Tor: The Second-Generation Onion Router, R. Dingledine, N. Mathweson, P. Syverson, to appear in Usenix Security Symposium 2004.
Infranet: Circumventing Web Censorship and Surveillance, N. Feamseter, M. Balazinska, G. Harfst, H. Balakrishna, D. Karger, Usenix Security Symposium 2002.
Protecting Privacy in Continuous Location-Tracking Applications, M. Gruteser and X. Liu, IEEE Security and Privacy, Vol. 2 No. 2, March/April 2004.
Protecting Free Expression Online With Freenet Ian Clarke, Theodore Hong, Oskar Sandberg, and Brandon Wiley, IEEE Internet Computing, January/February 2001.
Spam control
A Bayesian Approach to Filtering Junk Email, Meharan Sahami, Susan Dumais, David Heckerman, Eric Horvitz, AAAI Workshop on Learning for Text Categorization, July 1998.
Miracle Cures and Toner Cartridges: Finding Solutions to the Spam Problem, Michael Clifford, Daniel Faigin, Matt Bishop, Tasneem Brutch, Panel Discussion notes, 19th Annual Computer Security Applications Conference, December 2003.
Technical Solutions for Controling Spam, Shane Bird, AUUG 2002, September 2002.
DNS Based Blacklists and Whitelists for Email, J. Levine, Internet Draft, April 2004.
Guidelines for Management of DNS Blacklists, Y. Shafranovich, Internet Draft, April 2004.
Slides: Lecture 10.
Papers:
Evaluating Internet Security Mechanisms
Netbait: A Distributed Worm Detection Service, Chun and Witherspoon,ntel Research Berkeley Technical Report IRB-TR-03-033, September 2003. A Planetlab experiment designed to detect worm activity by scattering observation points at Planetlab nodes.
Inferring Internet Denial-of-Service Activity, David Moore, Geoffrey Voelker, and Stefan Savage , 10th Usenex Security Symposium, 2001. A CAIDA paper describing the basic backscatter technique of determining various properties of DDoS attacks.
An Evening With Berferd In Which a Cracker is Lured, Endured, and Studied, Bill Cheswick, Usenex , 1992. The grandfather of all research on honeypots and honeynets.
Also, please look over the following two web sites:
McAfee's Security Center Grid system.
Symantec's DeepSight Analyzer.
Multicast Security
"Iolus: A Framework for Scalable Secure Multicasting," Suvo Mittra , ACM SIGCOMM Computer Conference, October 1997.
"A Survey of Key Management for Secure Group Communications," Sandro Rafaeli and David Hutchison, ACM Computing Surveys, Vol. 35, No. 3, September 2003
"Multicast Security: A Taxonomy and Efficient Constructions," Canetti, et al Infocom, 1999.
The Multicast Group Security Architecture, IETF Draft, Hardjono and Weis, March, 2004.
Remember, the midterm is on Wednesday. Here is a sample test similar in style to what you can expect. This test was given as a final exam in this class last year, and is thus a bit longer than the midterm on Wednesday. Also, since it's a final, it covers the entire class' material, rather than just the material from the first half. The questions you can expect will be of similar types, however.
Slides: Lecture 8.
Papers:
How to 0wn the Internet in Your Spare Time, Stuart Staniford, Vern Paxson, Nicholas Weaver, 11th Usenex Security Symposium, 2002. An influential paper on the potential speed with which worms could propagate.
Compartive Response Strategies for Large Scale Attack Mitigation, D. Jojiri, J. Rowe, K. Levitt, DISCEX 03, 2003. Some analysis on the effectiveness of various speeds of worm response strategies.
Recent Worms: A Survey and Trends, Darrell M. Kienzle, Matthew C. Elder, Proceedings of ACM Workshop on Rapid Malcode, October 2003. A survey of how worms have developed over the years.
"A Virtual Honeypot Framework", Niels Provos, CITI Technical Report 03-1, October 2003. [To appear in the 13th USENIX Security Symposium, San Diego, CA (August 2004).]
Here's the paper that Everett mentioned in class. I should have assigned it, but left it off by accident, so it won't be on the test. However, it's a very good paper well worth reading, so if you're interested in worm defenses, you probably want to read it.
Internet Quarantine: Requirements for Containing Self-Propagating Code, D. Moore, C. Shannon, G. Voelker, S. Savage, Infocom 2003.
Slides:
Papers:
Papers on other DDoS defense approaches.
Cossack: Coordinated Suppresion of SImultaneous Attacks, . C. Papadopoulos, R. Lindell, J. Mehringer, A. Hussain, and R. Govindan, DANCE 2003. An approach to using sentinals and defenses scattered around the edge of the network.
Alliance Formation for DDoS Defense, J. Mirkovic, M. Robinson, P. Reiher, and G. Kuenning, New Software Paradigms Workshop, August 2003. An approach based on defense nodes near the attackers, near the victims, and in the core working cooperatively.
We will also cover traceback in this lecture. The paper was assigned for Monday, so you should already have read it.
On the other hand, on Monday we covered D-WARD, and that paper was not assigned. Here it is. You need not read it for Wednesday, but the material in this paper is fair game for the midterm exam.
Attacking DDoS At the Source, J. Mirkovic, G. Prier, and P. Reiher, ICNP 2002.
Papers on handling DDoS via rate limiting and filtering in the network.
Implementing Pushback: Router-Based Defense Against DDoS Attacks, J. Ioannidis and S. Bellovin In Proceedings of NDSS '02, Feb. 2002. The basic paper on pushing rate limits through the Internet to stop DDoS attacks.
Practical Network Support for IP Traceback, S. Savage, et al, SIGCOMM 2000. A paper on a reasonable way to trace where a bunch of spoofed packets being used in a DDoS attack actually came from.
NetBouncer: Client-Legitimacy Based High Performance DDoS Filtering, R. THomas, B. Mark, T. Johnson, and J. Croall, DISCEX 2003.
A late paper on location privacy. I just found this one, so it's not required reading, but you should look at it if you have an interest in this issue. It provides a good description of a more fundamental approach to providing location privacy in wireless mobile systems than the other papers we've read, as well as performance data on how well that approach is likely to work.
Protecting Privacy in Continuous Location-Tracking Applications, Marco Grutser and Xuan Liu, IEEE Privacy and Security, Vol. 2, No. 2, March/April 2004.
Slides:
Lecture 5. Note: This lecture was updated as of April 23 to match what Moshe presented in class.
Papers:
Papers on ubiquitous networks (April 21)
Authentication for Pervasive Computing," Beresford, A.R. and Stajano, F. IEEE Pervasive Computing, Vol. 2, No. 1, Jan/Mar 2003.
Location Privacy in Pervasive Computing . Beresford, A.R. and Stajano, F. IEEE Pervasive Computing, Vol. 2, No. 1, Jan/Mar 2003
Proxy-Based Protocols in Networked Mobile Devices," Burnside et. al., In proceedings SAT 2002
The Resurrecting Duckling: Security Issues in Ad-hoc Wireless Networks, Frank Stajano and Ross Anderson, Proc. Seventh Security Protocols Workshop, Berlin 2000. A model for authenticating devices in ubiquitous environments.
An Authorization Infrastructure for Nomadic Computing, Kan Zhang and Tim Kindberg, In proceedings SACMAT 2002. Deals with issues of authentication and access control for mobile devices interacting with a ubiquitous environment.
Securing WiFI Nomads: The Case for Quarantine, Examination, and Decontamination," Eustice et. al., New Software Paradigm Workshop, August 2003. Discusses a method of protecting ubiquitous environments from compromised and poorly configured nodes that join the environment.
Papers on securing ad hoc networks (April 19)
"A Secure Routing Protocol for Ad Hoc Networks," Sanzgiri, et al ICNP, October 2002.
"Securing Ad Hoc Netorks," IEEE Network, Vol. 13, No. 6, November/December 1999.
"Signaling and Routing Security in Mobile and Ad-Hoc Networks," Karpijoki, "A Secure Routing Protocol for Ad-Hoc Networks," Sanzgiri et al, ICNP 2002
Mobility Helps Security in Ad Hoc Networks. Proceedings of the 2003 ACM International Symposium on Mobile ad hoc networking & computing 2003, Annapoliws, MD, USA. Srdjan Capkun, Jean-Pierre Hubaux, Levente Buttyan.
""Secure Routing in Sensor Networks: Attacks and Countermeasures", Chris Karlof and David Wagner.
Wednesday, April 14: DNS security
Slides:
lecture 4. Slides on DNS security
Papers:
"DNS Security Introduction and Requirements," R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose, Internet Draft, February 14, 2003.
"Threat Analysis of the Domain Name System," R. Austein, Internet Draft, February 2002.
A New Approach to DNS Security (DNSSEC),"Giuseppe Ateniese, Stefan Mangard," 8th ACM Conference on Computer and Communications Security, 2001.
Monday, April 12: Routing protocol security
Slides:
lecture 3. Slides on routing protocol security
Papers:
"Secure Border Gateway Protocol (Secure BGP),", Stephen Kent, Charles Lynn, Karen Seo, IEEE Journal on Selected Areas in Communication, Vol. 18, No. 4, April 2000.
"Secure Border Gateway Protocol (S-BGP) - Real World Performance and Deployment Issues," Stephen Kent, Charles Lynn, Joanne Mikkelson, and Karen Seo.
"Efficient Security Mechanisms for Routing Protocols," Yih-Chun Hu, Adrian Perrig, David B. Johnson, NDSS 03.
"Generic Threats to Routing Protocols," A. Barbir, S. Murphy, Y. Yang, December 2003.
Slides:
lecture 2. Slides on IP spoofing prevention.
lecture 1. Introductory material.
Papers:
"Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing," P. Ferguson, RFC 2827. (Available from many other sources, as well.) This RFC describes a simple form of filtering that can help limit IP spoofing.
"On the Effectiveness of Route-based Packet Filtering for Distributed DoS Attack Prevention in Power-law Internets", Kihong Park and H. Lee, Proceeding of the ACM SIGCOMM '01. This paper discusses how widely deployed network filtering capabilities would need to be to offer an effective defense against IP spoofing.
"SAVE: Source Address Validity Enforcement," Jun Li, Jelena Mirkovic, Mengqiu Wang, Peter Reiher, and Lixia Zhang, Infocom 2002. This paper describes a protocol that allows routers to determine the proper incoming interfaces for packets with particular IP source addresses. Tables of these kinds are assumed in Park's paper, above.
"Hop Count Filtering: An Effective Defense Against Spoofed DDoS Traffic," $hen Jin, Haining Wang, Kang G. Shin, 10th ACM Conference on Computer and Communications Security, 2003. This paper describes a technique to detect spoofing based on knowing the proper TTL values for packets arriving from particular sources. While targeted at DDoS, the technique is more generally related to spoofing.