Computer Security Seminar

Instructors

Prof. Dr.-Ing. Volker Roth

Description

This seminar builds on and extends the topics covered in the Computer Security course that took place in the previous semester.

Students are not given one topic on which they have to prepare and present a report near the end of the semester. Instead, all seminar participants must read the papers assigned for each meeting and be prepared to discuss them.

In a round-robin fashion, students must present one of the selected papers plus related work. Related work must be identified by the student. The presentations can be short, ranging from 10 minutes to 20 minutes, as long as the subsequent discussion is well-prepared and fruitful. Two papers will be presented per session provided there are enough participants.

Each presentation must address at least the following topics about the presented paper:

• What is the research question addressed by the paper?
• Does the paper clearly review what is known about its topic area?
• Does the paper motivate a real problem worth solving?
• Does the paper include a rigorous and convincing validation?
• Does the validation show gains of practical significance?
• What is the significance of the paper's contribution?
• Is the evaluation valid?
• How original is the work?
• Is the paper written clearly and concisely?
• On which prior work does the paper build and how?

There is literature that teaches strategies how to read papers. Here is a starting point:

• S. Keshav. How to Read a Paper.

The discussion will depend on the type of contribution. If the contribution is, say, a security mechanism then we will ask questions such as:

• Can we attack the mechanism?
• Can we improve the mechanism?
• If attacks are presented, can we defend against them?
• Is the mechanism useful in other areas and applications?

Additionally, each student must develop and present a research idea at the end of the semester. It is not necessary to perform the actual research, but the presentation must clearly state:

• What the addressed research question is
• What the state of the art is
• How the research expects to improve the state of the art
• How the research work would be evaluated

Time and Location

Lectures:

• Thursdays, 14h - 16h, T9/051

Note: the first meetings of the seminar is going to be in the second week of the semester.

Grading

Students will be graded on their preparedness for discussion, their presentations and their research proposal.

Meetings

No meeting on Thursday October 18, seminar starts next week

Meeting 1, Thursday October 25

During this meeting, an introduction to the seminar is given. The list of papers will be posted in the second week of the semester.

Meeting 2, Thursday November 01

We discuss one book and one research question

• Sylvester P. Carter. Writing for your peers: the primary Journal paper. Praeger, 1987.
• How secure is Tor against traffic analysis?

Meeting 3, Thursday November 08

We discuss two papers on SSL insecurity due to faulty implementations

• Georgiev et al. The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software. ACM CCS, 2012.
• Fahl et al. Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security. ACM CCS, 2012.

Meeting 4, Thursday November 15

We discuss two papers on decoy routing

• Wustrow et al. Telex: Anticensorship in the Network Infrastructure. USENIX Security Symposium, 2011.
• Schuchard et al. Routing Around Decoys. ACM CCS, 2012.

Meeting 5, Thursday November 22

We discuss two papers

• De Groef et al. FlowFox: a Web Browser with Flexible and Precise Information Flow Control. ACM CCS, 2012.
• Bianchi et al. Blacksheep: Detecting Compromised Hosts in Homogeneous Crowds. ACM CCS, 2012.

Meeting 6, Thursday November 29

We discuss two papers

• Bilge and Dumitras. Before We Knew It: An Empirical Study of Zero-Day Attacks in the Real World. ACM CCS, 2012.
• McLaughlin and McDaniel. SABOT: Specification-Based Payload Generation for Programmable Logic Controllers. ACM CCS, 2012.

Meeting 7, Thursday December 06

We discuss two papers

• James Mickens, Mohan Dhawan. Atlantis: Robust, Extensible Execution Environments for Web Applications. SOSP 2011. [video]
• Jeremy Andrus, Christoffer Dall, Alex Van't Hof, Oren Laadan, Jason Nieh. Cells: A Virtual Mobile Smartphone Architecture. SOSP 2011. [video]

Meeting 8, Thursday December 13

We discuss two papers

• Marco Barreno, Blaine Nelson, Russell Sears, Anthony D. Joseph, and J. D. Tygar. 2006. Can machine learning be secure? In Proc. ASIACCS. 16-25.
• Marco Balduzzi, Jonas Zaddach, Davide Balzarotti, Engin Kirda, and Sergio Loureiro. 2012. A security analysis of amazon's elastic compute cloud service. In Proc. SAC '12. 1427-1434.

No meeting on Thursday December 20, Academic holidays

No meeting on Thursday December 27, Academic holidays

No meeting on Thursday January 03, Academic holidays

Meeting 9, Thursday January 10

We discuss the process and challenges of choosing a research topic.

Meeting 10, Thursday January 17

We discuss two papers

• Maxwell Krohn, Alexander Yip, Micah Brodsky, Natan Cliffer, M. Frans Kaashoek, Eddie Kohler, and Robert Morris. 2007. Information flow control for standard OS abstractions. SIGOPS Oper. Syst. Rev. 41, 6 (October 2007), 321-334.
• Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. 2011. Making information flow explicit in HiStar. Commun. ACM 54, 11 (November 2011), 93-101.

Meeting 11, Thursday January 24

We discuss two papers

• Aslan Askarov, Danfeng Zhang, and Andrew C. Myers. 2010. Predictive black-box mitigation of timing channels. ACM CCS. 297-307.
• William R. Harris, Somesh Jha, and Thomas Reps. 2010. DIFC programs by automatic instrumentation. In Proc. CCS. 284-296.