EECS 588 — Winter 2012
Overview | Schedule | Readings | Attack Presentation | Course Project
Paper Responses
Write a short response to each required paper.
In the first paragraph:
State the problem that the paper tries to solve; and
Summarize the main contributions.
In one or more additional paragraphs:
Evaluate the paper's strengths and weaknesses;
Discuss something you would have done differently if you wrote the paper; and
Suggest at least two interesting open problems on related topics.
List any areas you had trouble understanding. I'll try to explain them in class.
Your most important task is to demonstrate that you've read the paper and thought carefully about the topic.
Your responses should be no longer than ~400 words per paper .
Paper responses are due before the start of class. Email your responses to [eecs588 at umich edu] . Paste the text of your responses into the body of the message (no attachments, please!), and use the subject line [reading588] .
Reading List
This list is subject to change. Updates will be posted by the end
of the day on the Friday before each lecture.
Some articles require paid subscriptions to journals and digital
libraries. You can access these for free when connecting on
campus. For off-campus access, try
the U-M VPN or
the MLibrary
Proxy Server Bookmarklet .
When Crypto Fails I
Tuesday, January 10 No written response required for today.
When Crypto Fails II
Thursday, January 19
Secrecy,
Flagging, and Paranoia: Adoption Criteria in Encrypted Email .
Gaw, Felten, and Fernandez-Kelly. CHI 2006.
In Search of
Usable Security: Five Lessons from the Field . Balfanz, Durfee,
Grinter, and Smetters. IEEE Security and Privacy, September/October
2004.
Why (Special
Agent) Johnny (Still) Can't Encrypt: A Security Analysis of the APCO
Project 25 Two-Way Radio System . Clark, Goodspeed, Metzger,
Wasserman, Xu, and Blaze. Usenix Security 2011.
Attacking Software
Defending Software
Thursday, February 2
CloudAV:
N-Version Antivirus in the Network Cloud . Oberheide, Cooke, and
Jahanian. USENIX Security 2008.
Native
Client: A Sandbox for Portable, Untrusted x86 Native Code . Yee,
Sehr, Dardyk, Chen, Muth, Ormandy, Okasaka, Narula, and Fullagar.
IEEE Symposium on Security and Privacy, 2009.
Web Security I
Tuesday, February 7 No written response required for today.
Web Security II
Tuesday, February 14 No written response required for today.
Web and Mobile Security
Tuesday, February 21
Protecting
Browsers from DNS Rebinding Attacks . Jackson, Barth, Bortz,
Shao, And Boneh. CCS 2007.
The
Security Architecture of the Chromium Browser . Barth, Jackson,
Reis, and The Google Chrome Team. 2008.
Cross-Origin
JavaScript Capability Leaks: Detection, Exploitation, and
Defense . Barth, Weinberger, and Song. USENIX Security
2009.
Network Security I
Tuesday, March 6 No written response required for today.
Network Security II
Tuesday, March 13 — Routing Security
Thursday, March 15 — Evolving Threats
Your Botnet is My Botnet: Analysis of a Botnet Takeover . Stone-Gross, Cova, Cavallaro, Gilbert, Szydlowski, Kemmerer, Kruegel, and Vigna. CCS 2009.
A Multifaceted Approach to Understanding the Botnet Phenomenon . Rajab, Zarfoss, Monrose, and Terzis. ISC 2006.
What’s Clicking What? Techniques and Innovations of Today’s Clickbots . Miller, Pearce, Grier, Kreibich, and Paxson. DIMVA 2011.
Advanced Topics I
Tuesday, March 20 — Information Leakage
Shredding
Your Garbage: Reducing Data Lifetime Through Secure
Deallocation . Chow, Pfaff, Garfinkel, and Rosenblum. USENIX
Security 2005.
Lest We Remember:
Cold Boot Attacks on Encryption Keys . Halderman, Schoen,
Heninger, Clarkson, Paul, Calandrino, Feldman, Appelbaum, and
Felten. USENIX Security 2008.
BootJacker:
Compromising Computers Using Forced Restarts . Chan, Carlyle,
David, Farivar, and Campbell. CCS 2008.
Reconstructing
RSA Private Keys from Random Key Bits . Heninger and Shacham.
Crypto 2009.
Keyboards
and Covert Channels . Shah, Molina, and Blaze. USENIX Security
2006.
Spot me
if you can: Uncovering spoken phrases in encrypted VoIP
conversations . Wright, Ballard, Coull, Monrose, and
Masson. Oakland 2008.
Thursday, March 22 — Hardware and Embedded Systems
Designing
and Implementing Malicious Hardware . King, Tucek, Cozzie,
Grier, Jiang, and Zhou. LEET 2008.
Comprehensive
Experimental Analyses of Automotive Attack Surfaces . Checkoway,
McCoy, Kantor, Anderson, Shacham, Savage, Koscher, Czeskis, Roesner,
Kohno. USENIX Security 2011.
Experimental
Security Analysis of a Modern Automobile . Koscher, Czeskis,
Roesner, Patel, Kohno, Checkoway, McCoy, Kantor, Anderson, Shacham,
Savage. Oakland 2010.
The
ten-page Introduction to Trusted Computing . Martin. 2008.
Building
the IBM 4758 Secure Coprocessor . Dyer, Lnidermann, Perez,
Sailer, van Doorn, Smith, and Weingart. IEEE Computer,
Oct. 2001.
Reverse-Engineering
a Cryptographic RFID Tag . Nohl, Evans, Starbug, and Plotz.
USENIX Security 2008.
Cloaker:
Hardware Supported Rootkit Concealment . David, Chan, Carlyle,
and Campbell. Oakland 2008.
Security and Society
Tuesday, March 27 — Securing Democracy
Security Analysis of India's
Electronic Voting Machines . Wolchok, Wustrow, Halderman,
Prasad, Kankipati, Sakhamuri, Yagati, and Gonggrijp. CCS 2010.
Attacking
the Washington, D.C. Internet Voting System . Wustrow, Wolchok,
Isabel, and Halderman. FC 2012.
Thursday, March 29 — Security, Law, and Public Policy
Advanced Topics II
Tuesday, April 3 — Private and Anonymous Communications
Keyboards
and Covert Channels . Shah, Molina, and Blaze. USENIX Security
2006.
Spot me
if you can: Uncovering spoken phrases in encrypted VoIP
conversations . Wright, Ballard, Coull, Monrose, and
Masson. Oakland 2008.
Shining
Light in Dark Places: Understanding the Tor Network . McCoy,
Bauer, Grunwald, Kohno, and Sicker. Privacy Enhancing Technology
Symposium, 2008.
Increasing
Data Privacy with Self-Destructing Data . Geambasu, Kohno, Levy,
and Levy. Usenix Security 2009.
Defeating
Vanish with Low-Cost Sybil Attacks Against Large DHTs . Wolchok,
Hofmann, Heninger, Felten, Halderman, Rossbach, Waters, and Witchel.
NDSS 2010.
Thursday, April 5 — Censorship Resistance
Project Presentations
There is no assigned reading for Tuesday, April 10 or Thursday, April 12 .
Physical Security
Tuesday, April 17 No written response required for today.