CSC 6991 Topics in Computer Security

Fall 2018 --- Fengwei Zhang

  • Instructor: Fengwei Zhang
  • Class Location: State Hall (STAT) 0403
  • Class Time: Monday, Wednesday 10:00AM - 11:15AM
  • Syllabus: [PDF]
  • Office Hours: Monday, Wednesday 11:15AM - 12:15PM
  • Office Address: Maccabees Building, Room 14109.3
  • Homepage: http://fengwei.me
  • Email: fengwei (at) wayne (dot) edu

Course Description

The course is designed for students interested in computer security research and helps them get started. It will focus on computer security research topics including systems security, web security, mobile security, IoT security, transportation security, privacy and anonymity, hardware security, and ransomware attacks. The course centers around readings and discussions; it has a term project. Students are expected to read the assigned papers, write paper summaries, and present papers. The term project is essentially a mini research project that involves building a new system, improving an existing technique, or performing a large case study.

Course Objectives

This course offers an in depth introduction to computer security research. Upon successful completion of this class, the student will gain experience in:

Prerequisite

CSC4290 (Introduction to Computer Networking), CSC4420 (Computer Operating Systems), and CSC5270 (Computer Systems Security); or permission of the instructor.

Grading Policy

Academic Dishonesty

Please read and adhere to the University's Academic Integrity Page and WSU Student Code of Conduct.

Student Disabilities Services

If you have a documented disability that requires accommodations, you will need to register with Student Disability Services for coordination of your academic accommodations. The Student Disability Services (SDS) office is located in the Adamany Undergraduate Library. The SDS telephone number is 313-577-1851 or 313-202-4216 (Videophone use only).

Tenative Class Schedule

Date Topic Reading & Notes (tentative) Speaker
Week 1, 08/29 Course overview
  • How to Read an Engineering Research Paper. William G. Griswold. [Link]
  • Writing Technical Papers in CS/EE. Henning Schulzrinne. [Link]
  • The Elements of Style. Strunk and White. [Link]
Fengwei Zhang
[Slides]
Week 2, 09/03 No Class
  • Holiday -- Labor Day
Week 2, 09/05 Hardware Isolated Execution Environments Assigned:
  • SoK: A Study of Using Hardware-assisted Isolated Execution Environments for Security. Fengwei Zhang and Hongwei Zhang. In HASP'16. [Link]
Optional:
  • Using Hardware Isolated Execution Environments for Securing Systems, Fengwei Zhang, Ph.D. Thesis. [Link]
Fengwei Zhang
[Slides]
Week 3, 09/10 Transparent Malware Analysis on x86 Assigned:
  • Using Hardware Features for Increased Debugging Transparency. Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang, and Kun Sun. In S&P'15. [Link]
Optional:
  • MalGene: Automatic Extraction of Malware Analysis Evasion Signature. Dhilung Kirat and Giovanni Vigna. In CCS'15. [Link]
Fengwei Zhang
[Slides]
Week 3, 09/12 Transparent Malware Analysis on ARM Assigned:
  • Ninja: Towards Transparent Tracing and Debugging on ARM. Zhenyu Ning and Fengwei Zhang. In USENIX Security'17. [Link]
Optional:
  • Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices. Le Guan, Shijie Jia, Bo Chen, Fengwei Zhang, Bo Luo, Jingqiang Lin, Peng Liu, Xinyu Xing, and Luning Xia. In ACSAC'17. [Link]
  • BareDroid: Large-Scale Analysis of Android Apps on Real Devices. Simone Mutti, Yanick Fratantonio, Antonio Bianchi, Luca Invernizzi, Jacopo Corbetta, Dhilung Kirat, Christopher Kruegel, Giovanni Vigna. In ACSAC'15. [Link]
Fengwei Zhang
[Slides]
Week 4, 09/17 Mining Malware Assigned:
  • An In-depth Look into Drive-by Mining and Its Defense. In CCS'18. [Link]
Optional:
Rajshakhar Paul
[Slides]
Week 4, 09/19 Transportation Security I Assigned:
  • Green Lights Forever: Analyzing the Security of Traffic Infrastructure. William Beyer, Branden Ghena, Allen Hillaker, Jonathan Pevarnek, and J. Alex Halderman. In WOOT'14. [Link]
Optional:
  • Hacking US (and UK, Australia, France, etc.) Traffic Control Systems. Cesar Cerrudo. In IOActive Blog 2014. [Link]
Sezana Fahmida
[Slides]
Rajshakhar Paul
[Slides]
Week 5, 09/24 IoT Security I Assigned:
  • Fear and Logging in the Internet of Things. Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl Gunter. In NDSS'18. [Link]
Optional:
  • Security Analysis of Emerging Smart Home Applications. Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. In S&P'16. [Link]
  • FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. In UsenixSecurity'16. [Link]
Md Mahbubur
[Slides]
Week 5, 09/26 BlockChain I Assigned:
  • RapidChain: Scaling Blockchain via Full Sharding. Mahdi Zamani, Mahnush Movahedi, Mariana Raykova. In CCS'18. [Link]
Optional:
  • Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos Papamanthou. In S&P'16. [Link]
  • On the Security and Performance of Proof of Work Blockchains. Arthur Gervais, Ghassan O. Karame, Karl Wüst, Vasileios Glykantzis, Hubert Ritzdorf and Srdjan Capkun. In CCS'16. [Link]
  • Chainspace: A Sharded Smart Contracts Platform. Mustafa Al-Bassam, Alberto Sonnino, Shehar Bano, Dave Hrycyszyn, and George Danezis. In NDSS'18. [Link]
Jinghui Liao
[Slides]
Aaron Zhang
[Slides]
Week 6, 10/01 Ransomware Assigned:
  • UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. Amin Kharaz, Sajjad Arshad, Collin Mulliner, William Robertson, and Engin Kirda. In UsenixSecurity'16. [Link]
Optional:
  • Redemption: Real-time Protection Against Ransomware at End-Hosts. Amin Kharaz and Engin Kirda. In RAID'17. [Link]
  • CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. Nolen Scaife, Henry Carter, Patrick Traynor, and Kevin Butler. In ICDCS'16 [Link]
Paul Weliczko
[Slides]
Rajshakhar Paul
[Slides]
Week 6, 10/03 Transportation Security II Project Proposals Due

Assigned:
  • Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control. Qi Alfred Chen, Yucheng Yin, Yiheng Feng, Z. Morley Mao, Henry X. Liu. In NDSS'18 [Link]
Sezana Fahmida
[Slides]
Week 7, 10/07 Term Project Proposal
  • Proposal Presentations and Discussion
Week 7, 10/10 Plausibly Deniable Encryption (PDE) Assigned:
  • MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices. Bing Chang, Fengwei Zhang, Bo Chen, Yingjiu Li, Wen-Tao Zhu, Yangguang Tian, Zhan Wang, and Albert Ching. In DSN'18. [Link]
Optional:
  • DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A. Gondree, and Zachary N. J. Peterson. In NDSS'15. [Link]
  • MobiPluto: File System Friendly Deniable Storage for Mobile Devices. Bing Chang, Zhan Wang, Bo Chen, and Fengwei Zhang. In ACSAC'15. [Link]
  • Mobiflage: Deniable Storage Encryptionfor Mobile Devices. Adam Skillen and Mohammad Mannan. In NDSS'13 and TDSC'14. [Link]
Tanzeer Hossain
[Slides]
Evan Melvin
[Slides]
Week 8, 10/15 Big Data and Intel SGX I Assigned:
  • Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel. In OSDI'16. [Link]
Optional:
  • SCONE: Secure Linux Containers with Intel SGX. Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers, Rudiger Kapitza, Peter Pietzuch, and Christof Fetzer. In OSDI'16. [Link]
Paul Weliczko
Week 8, 10/17 Big Data and Intel SGX II Assigned:
  • VC3: Trustworthy Data Analytics in the Cloud using SGX. Felix Schuster, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. In S&P'15. [Link]
Paul Weliczko and Shikha Sikligar
Week 9, 10/22 Side-channel Attacks I Assigned:
  • Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. Jo Van Bulck, Frank Piessens, Raoul Strackx (imec-DistriNet, KU Leuven). Marina Minkin, Mark Silberstein, Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F. Wenisch, Yuval Yarom. In USENIX Security'18 [Link]
Optional:
  • Meltdown and Spectre. [Link]
  • Foreshadow. [Link]
Shikha Sikligar and Tanzeer Hossain
Week 10, 10/24 Side-channel Attacks II Assigned:
  • CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management. Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. In USENIX Security'17. [Link]
Optional:
  • S$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing-and its Application to AES. Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. In S&P'15. [Link]
Aaron Zhang and Alokparna Bandyopadhyay
Week 10, 10/29 TEE Application Assigned:
  • DelegaTEE: Brokered Delegation Using Trusted Execution Environments. Sinisa Matetic, Moritz Schneider, Andrew Miller, Ari Juels, Srdjan Capkun. In USENIX Security'17. [Link]
Shikha Sikligar and Evan Melvin
Week 10, 10/31 Fuzzing Assigned:
  • QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. Insu Yun, Sangho Lee, and Meng Xu, Yeongjin Jang, Taesoo Kim. In USENIX Security'18. [Link]
Oskars Dauksts and Naim Cekaj
Week 11, 11/05 IoT Security II Assigned:
  • IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang , and Kehuan Zhang. In NDSS'18. [Link]
Md Mahbubur Rahman and Sezana Fahmida
Week 11, 11/07 Hardware Attacks Assigned:
  • A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping. Seunghun Han, Wook Shin, Jun-Hyeok Park, and HyoungChun Kim. In USENIX Secuirty'18. [Link]
Optional:
Oskars Dauksts and Naim Cekaj
Week 12, 11/12 Car Hacking I Assigned:
  • Viden: Attacker Identification on In-Vehicle Networks. Kyong-Tak Cho and Kang G. Shin. In CCS'17. [Link]
Optional:
  • Lock It and Still Lose It - On the (In)Security of Automotive Remote Keyless Entry Systems. Flavio D. Garcia, David Oswald, Timo Kasper, and Pierre Pavlidès. In UsenixSecurity'16. [Link]
  • Remote Exploitation of an Unaltered Passenger Vehicle. Charlie Miller and Chris Valasek. In BlackHat USA'15. [Link]
Md Mahbubur Rahman and Alokparna Bandyopadhyay
Week 12, 11/14 Bitcoin Assigned:
  • SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies. Joseph Bonneau, Andrew Miller, Jeremy Clark, Arvind Narayanan, Joshua A. Kroll, and Edward W. Felten. In In S&P'15. [Link]
Jinghui Liao
Week 13, 11/19 Car Hacking II Assigned:
  • Scission: Signal Characteristic-Based Sender Identification and Intrusion Detection in Automotive Networks. Marcel Kneib, Christopher Huth. In CCS'18. [Link]
Optional:
  • Fingerprinting Electronic Control Units for Vehicle Intrusion Detection. Kyong-Tak Cho and Kang G. Shin. In UsenixSecurity'16. [Link]
  • Comprehensive Experimental Analyses of Automotive Attack Surfaces. Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno. In UsenixSecurity'11. [Link]
Aaron Zhang and Alokparna Bandyopadhyay
Week 13, 11/21 No Class
  • Holiday -- Thanksgiving
Week 14, 11/26 Inaudible Voice Attacks Assigned:
  • DolphinAttack: Inaudible Voice Commands. Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. In CCS'17. [Link]
Oskars Dauksts and Naim Cekaj
Week 14, 11/28 Moving Target Defense Assigned:
  • Survey of Cyber Moving Targets. H. Okhravi, M.A. Rabe, T.J. Mayberry, W.G. Leonard, T.R. Hobson, D. Bigelow, W.W. Streilein. Technical Report, MIT Lincoln Laboratory, 2013. [Link]
Tanzeer Hossain
Week 15, 12/03 Blockchain II
  • A Better Method to Analyze Blockchain Consistency. In CCS'18. [Link]
Jinghui Liao and Evan Melvin
Week 15, 12/05 Term Project Presentations
Week 16, 12/10 Term Project Presentations Project Final Reports Due

Lunch at Towers Cafe