CSC 6991 Topics in Computer Security

Fall 2018 --- Fengwei Zhang

  • Instructor: Fengwei Zhang
  • Class Location: State Hall (STAT) 0403
  • Class Time: Monday, Wednesday 10:00AM - 11:15AM
  • Syllabus: [PDF]
  • Office Hours: Monday, Wednesday 11:15AM - 12:15PM
  • Office Address: Maccabees Building, Room 14109.3
  • Homepage:
  • Email: fengwei (at) wayne (dot) edu

Course Description

The course is designed for students interested in computer security research and helps them get started. It will focus on computer security research topics including systems security, web security, mobile security, IoT security, transportation security, privacy and anonymity, hardware security, and ransomware attacks. The course centers around readings and discussions; it has a term project. Students are expected to read the assigned papers, write paper summaries, and present papers. The term project is essentially a mini research project that involves building a new system, improving an existing technique, or performing a large case study.

Course Objectives

This course offers an in depth introduction to computer security research. Upon successful completion of this class, the student will gain experience in:


CSC4290 (Introduction to Computer Networking), CSC4420 (Computer Operating Systems), and CSC5270 (Computer Systems Security); or permission of the instructor.

Grading Policy

Academic Dishonesty

Please read and adhere to the University's Academic Integrity Page and WSU Student Code of Conduct.

Student Disabilities Services

If you have a documented disability that requires accommodations, you will need to register with Student Disability Services for coordination of your academic accommodations. The Student Disability Services (SDS) office is located in the Adamany Undergraduate Library. The SDS telephone number is 313-577-1851 or 313-202-4216 (Videophone use only).

Tenative Class Schedule

Date Topic Reading & Notes (tentative) Speaker
Week 1, 08/29 Course overview
  • How to Read an Engineering Research Paper. William G. Griswold. [Link]
  • Writing Technical Papers in CS/EE. Henning Schulzrinne. [Link]
  • The Elements of Style. Strunk and White. [Link]
Week 2, 09/03 No Class
  • Holiday -- Labor Day
Week 2, 09/05 Hardware Isolated Execution Environments Assigned:
  • SoK: A Study of Using Hardware-assisted Isolated Execution Environments for Security. Fengwei Zhang and Hongwei Zhang. In HASP'16. [Link]
  • Using Hardware Isolated Execution Environments for Securing Systems, Fengwei Zhang, Ph.D. Thesis. [Link]
Week 3, 09/10 Transparent Malware Analysis on x86 Assigned:
  • Using Hardware Features for Increased Debugging Transparency. Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang, and Kun Sun. In S&P'15. [Link]
  • MalGene: Automatic Extraction of Malware Analysis Evasion Signature. Dhilung Kirat and Giovanni Vigna. In CCS'15. [Link]
Week 3, 09/12 Transportation Security I Assigned:
  • Green Lights Forever: Analyzing the Security of Traffic Infrastructure. William Beyer, Branden Ghena, Allen Hillaker, Jonathan Pevarnek, and J. Alex Halderman. In WOOT'14. [Link]
  • Hacking US (and UK, Australia, France, etc.) Traffic Control Systems. Cesar Cerrudo. In IOActive Blog 2014. [Link]
Week 4, 09/17 Transparent Malware Analysis on ARM Assigned:
  • Ninja: Towards Transparent Tracing and Debugging on ARM. Zhenyu Ning and Fengwei Zhang. In USENIX Security'17. [Link]
  • Evading Android Runtime Analysis via Sandbox Detection. Timothy Vidas and Nicolas Christin. In AsiaCCS'14. [Link]
  • BareDroid: Large-Scale Analysis of Android Apps on Real Devices. Simone Mutti, Yanick Fratantonio, Antonio Bianchi, Luca Invernizzi, Jacopo Corbetta, Dhilung Kirat, Christopher Kruegel, Giovanni Vigna. In ACSAC'15. [Link]
Week 4, 09/19 Android Security I Assigned:
  • TBD: A paper from COMPASS Lab
  • TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime. Mingshen Sun, Tao Wei, and John C.S. Lui. In CCS'16. [Link]
Week 5, 09/24 Cloud Security Assigned:
  • Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage. Kevin Leach, Fengwei Zhang, and Westley Weimer. In RAID'17. [Link]
Week 5, 09/27 Car Hacking I Assigned:
  • Viden: Attacker Identification on In-Vehicle Networks. Kyong-Tak Cho and Kang G. Shin. In CCS'17. [Link]
  • Fingerprinting Electronic Control Units for Vehicle Intrusion Detection. Kyong-Tak Cho and Kang G. Shin. In UsenixSecurity'16. [Link]
  • Comprehensive Experimental Analyses of Automotive Attack Surfaces. Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno. In UsenixSecurity'11. [Link]
Week 6, 10/01 Ransomware Project Proposals Due

  • Redemption: Real-time Protection Against Ransomware at End-Hosts. Amin Kharaz and Engin Kirda. In RAID'17. [Link]
  • UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. Amin Kharaz, Sajjad Arshad, Collin Mulliner, William Robertson, and Engin Kirda. In UsenixSecurity'16. [Link]
  • CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. Nolen Scaife, Henry Carter, Patrick Traynor, and Kevin Butler. In ICDCS'16 [Link]
Week 6, 10/03 Term Project Proposal
  • Proposal Presentations and Discussion
Week 7, 10/07 Term Project Proposal
  • Proposal Presentations and Discussion
Week 7, 10/10 Plausibly Deniable Encryption (PDE) Assigned:
  • DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A. Gondree, and Zachary N. J. Peterson. In NDSS'15. [Link]
  • MobiPluto: File System Friendly Deniable Storage for Mobile Devices. Bing Chang, Zhan Wang, Bo Chen, and Fengwei Zhang. In ACSAC'15. [Link]
  • Mobiflage: Deniable Storage Encryptionfor Mobile Devices. Adam Skillen and Mohammad Mannan. In NDSS'13 and TDSC'14. [Link]
Week 8, 10/15 TrustZone on ARM Assigned:
  • TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone. Le Guan, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, Trent Jaeger. In MobiSys'17. [Link]
  • SKEE: A lightweight Secure Kernel-level Execution Environment for ARM. Ahmed Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang and Peng Ning. In NDSS'16. [Link]
  • TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens. He Sun, Kun Sun, Yuewu Wang, Jiwu Jing. In CCS'15. [Link]
Week 8, 10/17 Bitcoin Assigned:
  • SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies. Joseph Bonneau, Andrew Miller, Jeremy Clark, Arvind Narayanan, Joshua A. Kroll, and Edward W. Felten. In In S&P'15. [Link]
Week 9, 10/22 Denial of Service (DoS) Attack Assigned:
  • Catch Me if You Can: A Cloud-Enabled DDoS Defense. Quan Jia, Huangxin Wang, Dan Fleck, Fei Li, Angelos Stavrou, Walter Powell. In ACM DSN'14. [Link]
  • Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants). Aleksandar Kuzmanovic and Edward W. Knightly. In ACM SIGCOMM'03. [Link]
Week 10, 10/24 Side-channel Attacks Assigned:
  • CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management. Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. In USENIX Security'17. [Link]
  • S$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing-and its Application to AES. Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. In S&P'15. [Link]
Week 10, 10/29 Android Security II Assigned:
  • Adaptive Android Kernel Live Patching. Yue Chen, Yulong Zhang, Zhi Wang, Liangzhao Xia, Chenfu Bao, and Tao Wei . In USENIX Security'17. [Link]
Week 10, 10/31 Term Project
  • Working Class for Term Project
Week 11, 11/05 IoT Security Assigned:
  • Security Analysis of Emerging Smart Home Applications. Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. In S&P'16. [Link]
  • FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. In UsenixSecurity'16. [Link]
Week 11, 11/07 Big Data and Intel SGX I Assigned:
  • Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel. In OSDI'16. [Link]
  • SCONE: Secure Linux Containers with Intel SGX. Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. In OSDI'16. [Link]
Week 12, 11/12 Car Hacking II Assigned:
  • Lock It and Still Lose It - On the (In)Security of Automotive Remote Keyless Entry Systems. Flavio D. Garcia, David Oswald, Timo Kasper, and Pierre Pavlidès. In UsenixSecurity'16. [Link]
  • Remote Exploitation of an Unaltered Passenger Vehicle. Charlie Miller and Chris Valasek. In BlackHat USA'15. [Link]
Week 12, 11/14 Big Data and Intel SGX II Assigned:
  • VC3: Trustworthy Data Analytics in the Cloud using SGX. Felix Schuster, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. In S&P'15. [Link]
Week 13, 11/19 BlockChain Assigned:
  • Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos Papamanthou. In S&P'16. [Link]
  • On the Security and Performance of Proof of Work Blockchains. Arthur Gervais, Ghassan O. Karame, Karl Wüst, Vasileios Glykantzis, Hubert Ritzdorf and Srdjan Capkun. In CCS'16. [Link]
Week 13, 11/21 No Class
  • Holiday -- Thanksgiving
Week 14, 11/26 Inaudible Voice Attacks Assigned:
  • DolphinAttack: Inaudible Voice Commands. Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. In CCS'17. [Link]
Week 14, 11/28 Moving Target Defense Assigned:
  • Survey of Cyber Moving Targets. H. Okhravi, M.A. Rabe, T.J. Mayberry, W.G. Leonard, T.R. Hobson, D. Bigelow, W.W. Streilein. Technical Report, MIT Lincoln Laboratory, 2013. [Link]
Week 15, 12/03 Term Project Discussion
  • Working Class for Term Project Demo (Q & A)
Week 15, 12/05 Term Project Presentations
Week 16, 12/10 Term Project Presentations Project Final Reports Due

Lunch at Towers Cafe