http://www.cs.northwestern.edu/~ychen/classes/cs450-s10/lectures.htm
Course Lecture Plan
|
Date
|
Lectures Topics
|
Speakers & Notes
|
Reading
|
|
Mon 3/29
|
Class
overview, overview of Internet security.
|
Yan [ppt]
|
Symantec
Internet Security Threat Report April
2009.
|
|
Wed 3/31
|
Web
2.0 and its diagnosis
|
Zhichun
[ppt]
No paper summary needed.
|
WebProphet:
Automating Performance Prediction for Web Services, Zhichun Li,
Ming Zhang, Zhaosheng Zhu, Yan Chen, Albert Greenberg and Yi-Min Wang,
USENIX/ACM NSDI 2010
|
|
Mon 4/5
|
Diagnosis
of distributed systems
|
Jingnan, Tuo
[ppt]
|
Automating
Network Application Dependency Discovery: Experiences, Limitations, and
New Solutions, by Xu Chen, Ming Zhang, Z. Morley Mao, Victor Bahl,
OSDI 2008. Reference slides by Ming Zhang is here.
[Ref] X-Trace:
A Pervasive Network Tracing Framework, Rodrigo Fonseca, George
Porter, Randy Katz, Scott Shenker, Ion Stoica, ACM NSDI 2007.
(presentation available in mp3 format).
|
|
Wed 4/7
|
Mobile
malcode
|
Daniel
[ppt]
|
Taxonomy
of Botnet Threats, Trend Micro White Paper, November 2006.
[Reference]A Survey
of Botnet Technology and Defenses, M. Bailey, et al. in the Proc.
of the 2009 Cybersecurity Applications & Technology Conference for
Homeland Security.
|
|
Mon 4/12
|
World
Wide Web vulnerability analysis
|
Brett, Tyler [ppt]
|
Vulnerability
Analysis of Web-Based Applications, Marco Cova, Viktoria
Felmetsger, Giovanni Vigna, Chapter in ``Test and Analysis of Web
Services" Springer, September 2007.
|
|
Wed 4/14
|
WWW
vulnerability analysis cont'd
|
Brett
[ppt]
|
Main
paper same as above.
[Ref] Multi-Module
Vulnerability Analysis of Web-based Applications. ACM CCS 2007.
|
|
Mon 4/19
|
Browser
vulnerability defense
|
Yi
[ppt]
|
BrowserShield:
Vulnerability-Driven Filtering of Dynamic HTML Charles Reis, et al, Usenix
OSDI, 2006.
|
|
Wed 4/21
|
Web
app vulnerability discovery
|
Daniel
[pdf,
andcomplementary
ppt]
|
State of
the Art: Automated Black-Box Web Application Vulnerability Testing,
Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell, Oakland, 2010.
|
|
Mon 4/26
|
Web
origin policy
|
Vaibhav
[ppt]
|
The
Multi-Principal OS Construction of the Gazelle Web Browser, Helen
Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury,
and Herman Venter, USENIX Security 2009.
[Ref]Cross-Origin
_javascript_ Capability Leaks: Detection, Exploitation, and Defense,
Adam Barth, Joel Weinberger, and Dawn Song, USENIX Security 2009.
|
|
Wed 4/28
|
_javascript_
security policy
|
Vaibhav
[ppt]
|
ConScript:
Specifying and Enforcing Fine-Grained Security Policies for _javascript_
in the Browser, IEEE Symposium on Security and Privacy, 2010.
[Ref]Object
Views: Fine-Grained Sharing in Browsers, Leo Meyerovich, and
Adrienne Felt WWW 2010.
|
|
Mon 5/3
|
Midterm
project presentation
[Android
Security] [Social
Network Security Survey] [Web
Origin Security] [UltraPAC]
|
|
Wed 5/5
|
Web
browser access control
|
Yi
[ppt]
|
On the
Incoherencies in Web Browser Access Control Policies, Kapil Singh,
Alexander Moshchuk, Helen J. Wang, and Wenke Lee, IEEE Symposium on
Security and Privacy, 2010.
|
|
Mon 5/10
|
Mobile
System Security
|
Ted, Tyler
[ppt]
|
Mobile
Application Security on Android, by Jesse Burns at Black Hat 2009.
Reference
slides: Understanding
Android's Security Framework (Tutorial) by W. Enck, and P. McDaniel.
|
|
Wed 5/12
|
Mobile
System Security
|
Ted, Tyler
[Kirin]
[Apex]
|
On
Lightweight Mobile Phone Application Certification, W. Enck, M.
Ongtang, and P. McDaniel, ACM CCS 2009.
[Ref] Apex: extending Android
permission model and enforcement with user-defined runtime constraints,
M. Nauman, S. Khan, and X. Zhang, ACM ASIACCS 2010.
|
|
Mon 5/17
|
Social
Network Security/Measurement
|
Tuo, Jun
[ppt]
|
Social
Honeypots: Making Friends With A Spammer Near You, Steve Webb, J.
Caverlee, and C. Pu, ACM CEAS 2008.
[Ref]Characterizing
User Behavior in Online Social Networks, F. Benevenuto et al, ACM
IMC 2009.
|
|
Wed 5/19
|
Social
Network Privacy
|
Jun, Jingnan
|
xBook:
Redesigning Privacy Control in Social Networking Platforms, by
Singh, et. al., USENIX Security Symposium 2009.
[Ref] Persona:
An Online Social Network with User-Defined Privacy, R. Baden, et
al, SIGCOMM 2009. |
|
Mon 5/24
|
NIDS
|
Jing
|
Outside
the Closed World: On Using Machine Learning For Network Intrusion
Detection, Robin Sommer and Vern Paxson, in IEEE Symposium of
Security and Privacy, 2010.
|
|
Wed 5/26
|
Project
presentation
|
|
|
Mon 5/31
|
No
class due to Memorial Day.
|
|
Wed 6/2
|
Project
presentation, cont`d
|
|
Notes: You may find the brochure useful: Efficient
reading of papers in Science and Technology by Michael J. Hanson, 1990,
revised 2000 Dylan McNamee.
|
