Fall 2012: 0x1A Great Papers in Computer Security (53135)

Lectures

Tue and Thu: 2-3:15pm
PAI 3.14

Instructor

Vitaly Shmatikov
Email: shmat AT cs
Office: CSA 1.114
Phone: 471-9530
Office hours: Tue 3:30-4:30pm

TA

Martin Georgiev
Email: georgiev AT cs
Office: PAI 5.33, desk #1
Office hours: Wed 1:30-3pm

Syllabus

This course covers selected topics related to theory and practice of computer security. It is organized around 26 research papers taken from the past 40 years of computer security research. These papers reflect the instructor's personal taste and are not intended to give a comprehensive survey of modern computer security.

1. Lampson. A Note on the Confinement Problem (CACM 1973).
2. Diffie and Hellman. New Directions in Cryptography (ToIT 1976).
3. Denning and Denning. Certification of Programs for Secure Information Flow (CACM 1977).
4. Yao. Protocols for Secure Computations (FOCS 1982).
5. Lampson et al. Authentication in Distributed Systems (TOCS 1992).
6. Abadi and Needham. Prudent Engineering Practice for Cryptographic Protocols (Oakland 1994).
7. Lowe. Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR (TACAS 1996).
8. Bernstein. SYN Cookies (1996).
9. Liskov and Myers. A Decentralized Model for Information Flow Control (SOSP 1997).
10. Cowan et al. Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade (DISCEX 1999).
11. Wagner and Dean. Intrusion Detection via Static Analysis (Oakland 2001).
12. Borisov, Goldberg, Wagner. Intercepting Mobile Communications: The Insecurity of 802.11 (MOBICOM 2001).
13. Moore, Voelker, Savage. Inferring Internet Denial-of-Service Activity (USENIX Security 2001).
14. Brumley and Boneh. Remote Timing Attacks are Practical (USENIX Security 2003).
15. Nissenbaum. Privacy as Contextual Integrity (Washington Law Review 2004).
16. Dingledine, Mathewson, Syverson. Tor: The Second-Generation Onion Router (USENIX Security 2004).
17. Kumar, Paxson, Weaver. Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event (IMC 2005).
18. Abadi et al. Control-Flow Integrity (CCS 2005).
19. Zhuang, Zhou, Tygar. Keyboard Acoustic Emanations Revisited (CCS 2005).
20. Dwork. Differential Privacy (ICALP 2006).
21. Shacham. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) (CCS 2007).
22. Chen et al. Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems (ASPLOS 2008).
23. Barth and Jackson. Beware of Finer-Grained Origins (W2SP 2008).
24. Halderman et al. Lest We Remember: Cold Boot Attacks on Encryption Keys (USENIX Security 2008).
25. Yee et al. Native Client: A Sandbox for Portable, Untrusted x86 Native Code (Oakland 2009).
26. Blazakis. Interpreter Exploitation (WOOT 2010).

An extra Web security paper by popular request:

• Wassermann and Su. Sound and precise analysis of Web applications for injection vulnerabilities (PLDI 2007).

Prerequisites

While there are no formal prerequisites for this course, students are expected to have the basic understanding of the following areas:

• Computer systems at the level of an undergraduate operating systems course.
• Fundamental concepts in cryptography such as cryptographically strong hash functions and public-key cryptosystems.
• Basic complexity theory at the level of an undergraduate course in the theory of computation.

Grading

This is a project-oriented course. Students are expected to complete an independent project. A project may involve a significant implementation, using an analysis tool to investigate security of a real-world computer system or protocol, or a substantial theoretical study.

• Homeworks: 40%
• Midterm: 15%
• Project: 45%

Late submission policy

All homeworks are due at the beginning of class on the due date. No late submissions will be accepted.

Code of Conduct

UTCS Code of Conduct will be strictly enforced.