| Introduction |
| Mon 01/05 |
Administrivia
|
- [Optional] SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit.
(Slides|Video)
|
[Assigned] Research project
|
| Wed 01/07 |
Security + Trust
|
- [Optional] Perspectives on Security.
- [Optional] Reflections on Trusting Trust.
- [Optional] Running the "Reflections on Trusting Trust" Compiler.
|
|
| Mon 01/12 |
Security Mechanisms
|
- [Optional] The Joy of Cryptography.
- [Optional] Practice-Oriented Provable Security and the Social Construction of Cryptography.
|
[Deadline] Presentation signup
Due 1/12 at 9PM PDT (UTC-7)
[Deadline] Submit Project Team
Due 1/14 at 9PM PDT (UTC-7)
|
| Wed 01/14 |
Security Mechanisms
|
- [Optional] Certificate Transparency.
|
|
| Mon 01/19 |
No class
|
MLK Day
|
|
| Cryptography |
| Wed 01/21 |
Public Key Deployment
|
- Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices.
(Slides|Video)
- The Million-Key Question — Investigating the Origins of RSA Public Keys .
(Slides|Video)
|
|
| Mon 01/26 |
Encrypted Data
|
- Practical Techniques for Searches on Encrypted Data.
- Attribute-based encryption for fine-grained access control of encrypted data.
(Slides)
|
|
| Software + ML Security |
| Wed 01/28 |
Binary Analysis
|
- Dynamic Taint Analysis for Automatic Detection Analysis, and Signature Generation of Exploits on Commodity Software.
- SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis.
(Video)
|
|
| Mon 02/02 |
Fuzz + Symbolic Testing
|
- Evaluating Fuzz Testing.
(Video)
- EXE: automatically generating inputs of death.
|
|
| Wed 02/04 |
Adversarial ML
|
- Towards Evaluating the Robustness of Neural Networks.
(Video)
- Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition.
(Video)
|
|
| Mon 02/09 |
Adversarial ML
|
- The Limitations of Deep Learning in Adversarial Settings.
(Slides)
- Membership Inference Attacks Against Machine Learning Models.
(Video)
|
|
| Hardware Security |
| Wed 02/11 |
Memory
|
- Flipping Bits in Memory Without Accessing Them.
- FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack.
(Video)
|
|
| Mon 02/16 |
Speculative Execution
|
- Meltdown: Reading Kernel Memory from User Space.
(Slides|Video)
- Spectre Attacks: Exploiting Speculative Execution.
(Slides|Video)
|
|
| Network + Web Security |
| Wed 02/18 |
TLS
|
- Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web.
(Video)
- The Security Impact of HTTPS Interception.
(Video)
|
|
| Mon 02/23 |
Cloud Security
|
- Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds.
- Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates.
(Slides)
|
|
| Wed 02/25 |
Mobile + IoT
|
- Understanding the Mirai Botnet.
(Slides|Video)
- Dissecting Android Malware: Characterization and Evolution.
|
|
| Mon 03/02 |
Distributed Systems + Blockchains
|
- Zerocash: Decentralized Anonymous Payments from Bitcoin.
(Slides)
- SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies.
(Video)
|
|
| Users + Security Policy |
| Wed 03/05 |
Social Engineering
|
- Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale.
(Slides|Video)
- Diving into Robocall Content with SnorCall.
(Slides|Video)
|
|
| Mon 03/09 |
User Behavior + Security Advice
|
- Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook.
- A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web.
(Slides|Video)
|
|
| Project Presentations |
| Wed 03/11 |
Group Project
|
Final presentations, in-class
|
|
| Finals Week |
| Sun 03/15 |
|
No Final Exam.
|
[Deadline] Final report due 03/15 at 11:59:59PM PST (UTC-8)
|