Computer Security Seminar

Instructors

Prof. Dr.-Ing. Volker Roth

Description

This seminar builds on and extends the topics covered in the Computer Security course that took place in the previous semester.

Students are not given one topic on which they have to prepare and present a report near the end of the semester. Instead, all seminar participants must read the papers assigned for each meeting and be prepared to discuss them.

In a round-robin fashion, students must present one of the selected papers plus related work. Related work must be identified by the student. The presentations can be short, ranging from 5 minutes to 20 minutes, as long as the subsequent discussion is well-prepared and fruitful. Two papers will be presented per session provided there are enough participants.

Each presentation must address at least the following topics about the presented paper:

• What is the research question addressed by the paper?
• Does the paper clearly review what is known about its topic area?
• Does the paper motivate a real problem worth solving?
• Does the paper include a rigorous and convincing validation?
• Does the validation show gains of practical significance?
• What is the significance of the paper's contribution?
• Is the evaluation valid?
• How original is the work?
• Is the paper written clearly and concisely?
• On which prior work does the paper build and how?

There is literature that teaches strategies how to read papers. Here is a starting point:

• S. Keshav. How to Read a Paper.

The discussion will depend on the type of contribution. If the contribution is, say, a security mechanism then we will ask questions such as:

• Can we attack the mechanism?
• Can we improve the mechanism?
• If attacks are presented, can we defend against them?
• Is the mechanism useful in other areas and applications?

Additionally, each student must develop and present a research idea at the end of the semester. It is not necessary to perform the actual research, but the presentation must clearly state:

• What the addressed research question is
• What the state of the art is
• How the research expects to improve the state of the art
• How the research work would be evaluated

Time and Location

Lectures:

• Thursdays, 14h - 16h, T9/051

Note: the first meetings of the seminar is going to be in the second week of the semester.

Grading

Students will be graded on their preparedness for discussion, their presentations and their research proposal.

Meetings

No meeting on Thursday October 21, seminar starts next week

Meeting 1, Thursday October 28

This meeting serves as an introduction to the seminar.

Meeting 2, Thursday November 04

Read [1], [2]

1. W. Enck, P. Gilbert, B. Gon Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proc. OSDI, 2010.
2. Mona Attariyan and Jason Flinn. Automating configuration troubleshooting with dynamic information flow analysis. In Proc. OSDI, 2010.

Meeting 3, Thursday November 11

Read [1], [2]

1. Roxana Geambasu, Amit Levy, Tadayoshi Kohno, Arvind Krishnamurthy, Henry M. Levy. Comet: An Active Distributed Key-Value Store. In Proc. OSDI, Vancouver, Canada, October 2010.
2. Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye and Andrew C. Myers. Fabric: A Platform for Secure Distributed Computation and Storage. In Proc. SOSP, 2009.

Meeting 4, Thursday November 18

Read [1], [2]

1. Shuo Tang, Haohui Mai, Samuel T. King. Trust and Protection in the Illinois Browser Operating System. In Proc. OSDI, 2010.
2. Alexander Yip, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek. Improving Application Security with Data Flow Assertions. In Proc. SOSP, 2009.

Meeting 5, Thursday November 25

Read: [1]

1. Dongseok Jang, Ranjit Jhala, Sorin Lerner, and Hovav Shacham. An empirical study of privacy-violating information flows in JavaScript web applications. In Proc. CCS, 2010, pp. 270-283.

No meeting on Thursday December 02

Meeting 6, Thursday December 09

Read: [1]

1. Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus. English shellcode. In Proc. ACM CCS, 2009, pp. 524-533.

No meeting on Thursday December 16

Meeting 7, Thursday January 06

Read: [1]

1. Joseph Siefers, Gang Tan, and Greg Morrisett. 2010. Robusta: taming the native beast of the JVM. In Proc. ACM CCS, 201-211.