| Overview Security Principles |
Mon.
03/31 |
Introduction
[Slides] |
|
The Security Mindset
Why Information Security is Hard – An Economic Perspective
|
| Part I: Cryptography and Network/Internet Security |
Wed.
04/02 |
Preliminaries
[Slides] |
[HW 1 Out]
|
The First Few Milliseconds of an HTTPS Connection
Keyless SSL: The Nitty Gritty Technical Details
|
Mon.
04/07 |
Certificate Ecosystem
[Slides] |
[Team-up!]
|
Analysis of SSL Certificate Reissues and Revocations in the Wake of Heartbleed
A Tangled Mass: The Android Root Certificate Stores
|
Wed.
04/09 |
Crypto Failures in Practice
[Slides] |
|
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software
|
| Part II: Computer Systems Security |
Mon.
04/14 |
Memory Attacks
[Slides] |
[HW 2 Out]
|
Smashing The Stack For Fun And Profit
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
|
Wed.
04/16 |
Modern Memory Attacks
[Slides] |
[HW 1 Due]
|
Return-into-libc without Function Calls (on the x86)
EXE: Automatically Generating Inputs of Death
|
Mon.
04/21 |
|
[No lecture]
|
Checkpoint I Presentation Prep.
|
Wed.
04/23 |
Group Project |
|
Checkpoint Presentation I |
Mon.
04/28 |
Memory Defenses
[Slides] |
[HW 2 Due]
[HW 3 Out]
|
Dynamic Taint Analysis for Automatic Detection, Analysis,
and Signature Generation of Exploits on Commodity Software
Control-Flow Integrity
|
|
Part III: (Hardware-level) Isolation and (Software-induced) Breaks |
Wed.
04/30 |
Trusted Hardware
[Slides] |
|
Komodo: Using Verification to Disentangle
Secure-enclave Hardware from Software
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
|
Mon.
05/05 |
Rowhammer
[Slides] |
|
Flipping Bits in Memory Without Accessing Them
Hey, You, Get Off of My Cloud: Exploring Information Leakage
in Third-Party Compute Clouds
|
Wed.
05/07 |
Side-Channels
[Slides] |
|
FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack
Meltdown: Reading Kernel Memory from User Space
Spectre Attacks: Exploiting Speculative Execution
|
| Part IV: Software/Web Security |
Mon.
05/12 |
Malware
[Slides] |
on Zoom
[HW 3 Due]
|
Sanghyun will be at IEEE S&P 2025.
Understanding the Mirai Botnet
Towards Automatic Generation of Vulnerability-Based Signatures
Continuous Learning for Android Malware Detection
|
Wed.
05/14 |
Web Security
[Slides] |
on Zoom
|
Sanghyun will be at IEEE S&P 2025.
Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites
All Your iFRAMEs Point to Us
Clickjacking: Attacks and Defenses
|
Mon.
05/19 |
|
[No lecture]
|
Checkpoint II Presentation Prep.
|
Wed.
05/21 |
Group Project |
[HW 4 Out]
|
Checkpoint Presentation II |
Mon.
05/26 |
- |
[No lecture]
|
Memorial Day
|
| Part V: Trustworthy ML |
Wed.
05/28 |
Attacks
[Slides] |
|
SoK: Security and Privacy in Machine Learning
Towards Deep Learning Models Resistant to Adversarial Attacks
Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks
Membership Inference Attacks From First Principles
|
Mon.
06/02 |
Defenses
[Slides] |
|
(Certified!!) Adversarial Robustness for Free!
Diffusion Denoising as a Certified Defense against Clean-label Poisoning
Deep Learning with Differential Privacy
|
Wed.
06/04 |
Group Project |
[HW 4 Due]
|
Final Presentations (Showcases) |
| Finals Week (06/09 - 06/13) |
Mon.
06/09 |
- |
[No Lecture]
|
Final Exam & Submit your final project report.
|
Wed.
06/11 |
- |
[No Lecture]
[Final Exam]
|
Late submissions for HW 1-4.
|