Computer Security Seminar
Instructors
Prof. Dr.-Ing. Volker Roth
Description
This seminar builds on and extends the topics covered in the Computer
Security course that took place in the previous semester.
Students are not given one topic on which they have to prepare and present
a report near the end of the semester. Instead, all seminar participants
must read the papers assigned for each meeting and be prepared to discuss
them.
In a round-robin fashion, students must present one of the selected papers
plus related work. Related work must be identified by the student. The
presentations can be short, ranging from 5 minutes to 20 minutes, as long
as the subsequent discussion is well-prepared and fruitful. Two papers
will be presented per session provided there are enough participants.
Each presentation must address at least the following topics about the
presented paper:
- What is the research question addressed by the paper?
- Does the paper clearly review what is known about its topic area?
- Does the paper motivate a real problem worth solving?
- Does the paper include a rigorous and convincing validation?
- Does the validation show gains of practical significance?
- What is the significance of the paper's contribution?
- Is the evaluation valid?
- How original is the work?
- Is the paper written clearly and concisely?
- On which prior work does the paper build and how?
There is literature that teaches strategies how to read papers. Here is a
starting point:
The discussion will depend on the type of contribution. If the
contribution is, say, a security mechanism then we will ask questions such
as:
- Can we attack the mechanism?
- Can we improve the mechanism?
- If attacks are presented, can we defend against them?
- Is the mechanism useful in other areas and applications?
Additionally, each student must develop and present a research idea at the
end of the semester. It is not necessary to perform the actual research,
but the presentation must clearly state:
- What the addressed research question is
- What the state of the art is
- How the research expects to improve the state of the art
- How the research work would be evaluated
Time and Location
Lectures:
- Thursdays, 14h - 16h, T9/051
Note: the first meetings of the seminar is going to be in the second week
of the semester.
Grading
Students will be graded on their preparedness for discussion, their
presentations and their research proposal.
Meetings
No meeting on Thursday October 21, seminar starts next week
Meeting 1, Thursday October 28
This meeting serves as an introduction to the seminar.
Meeting 2, Thursday November 04
Read [1], [2]
-
W. Enck, P. Gilbert, B. Gon Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N.
Sheth. TaintDroid: An
information-flow tracking system for realtime privacy monitoring on
smartphones. In Proc. OSDI, 2010.
-
Mona Attariyan and Jason Flinn. Automating configuration troubleshooting with dynamic information flow analysis. In Proc. OSDI, 2010.
Meeting 3, Thursday November 11
Read [1], [2]
-
Roxana Geambasu, Amit Levy, Tadayoshi Kohno, Arvind Krishnamurthy, Henry M. Levy. Comet: An Active Distributed Key-Value Store. In Proc. OSDI, Vancouver, Canada, October 2010.
-
Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye and Andrew C. Myers. Fabric: A Platform for Secure Distributed Computation and Storage. In Proc. SOSP, 2009.
Meeting 4, Thursday November 18
Read [1], [2]
-
Shuo Tang, Haohui Mai, Samuel T. King. Trust and Protection in the Illinois Browser Operating System. In Proc. OSDI, 2010.
-
Alexander Yip, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek. Improving Application Security with Data Flow Assertions. In Proc. SOSP, 2009.
Meeting 5, Thursday November 25
Read: [1]
-
Dongseok Jang, Ranjit Jhala, Sorin Lerner, and Hovav Shacham. An empirical study of privacy-violating information flows in JavaScript web applications. In Proc. CCS, 2010, pp. 270-283.
No meeting on Thursday December 02
Meeting 6, Thursday December 09
Read: [1]
-
Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus. English shellcode. In Proc. ACM CCS, 2009, pp. 524-533.
No meeting on Thursday December 16
Meeting 7, Thursday January 06
Read: [1]
-
Joseph Siefers, Gang Tan, and Greg Morrisett. 2010. Robusta: taming the native beast of the JVM. In Proc. ACM CCS, 201-211.