UIUC Security Reading Group

CS 591 RHC (Since Fall 2000)

Announcements

SRG meets Mondays at 11:30 in room 3124

The newsgroup for the class is "class.cs591rhc" on news.cs.uiuc.edu.
[how to access CS newsgroups]

 

Overview

The Security Reading Group is a weekly seminar for discussing research papers, emerging problems, interesting issues in computer and network security. It started as an informal discussion forum between some System Software Research Group students and now it has grown up to be a seminar class. Any graduate-level students interested in these topics are welcome to join. This class is supervised by professor Roy H. Campbell , from the department of computer science.

 

Rules of Engagement

  • You are allowed to miss at most three seminars. Attendance requirements are pretty strict. Adam will keep track of the attendance.
  • Everybody is required to read the paper before the seminar. We are a reading group, and nobody "presents" the paper.
  • We pick one person we call the moderator for every seminar. The moderator is responsible for:
    • Writing a short "draft" summary of the paper before the seminar,
    • Reading the draft summary during the first 5-10 minutes of the seminar,
    • Preparing a list of 10-15 discussion questions, usually questioning the assumptions and critically evaluating the paper,
    • Steering the discussion,
    • Incorporating user comments into the draft summary, and
    • Sending the final summary to Michael or Adam at most within a week of the seminar.
  • We also have two people, each prepares a list of pros and cons about the paper and presents it after the summary is read out by the moderator.
  • Everybody moderates at least once and does a few pros or cons (depending on the size of our group).
  • Papers are selected based on members' suggestions and discussion.
    • The aim is to try to select recent security papers from quality conferences or journals (here are some  links).
    • Make sure you check the list of papers that were already presented (on this page and in the archives) before you pick your paper.
    • The paper for discussion with all relevant info (including the URL and a justification for choosing the paper) should be posted on the newsgroup no later than 8 days before the seminar (class.cs591rhc on news.cs.uiuc.edu [how to access] ).
 

Spring 2008
Jan. 14 Planning Meeting
Jan 28 Cryptographic Methods for Storing Ballots on a Voting Machine, J. Bethencourt, D. Boneh, and B. Waters, NDSS 2007
Feb 4 Mitigating Bandwidth-Exhaustion Attacks using Congestion Puzzles, XiaoFeng Wang, and Michael K. Reiter, CCS 2004
Feb 11 Dynamic pharming attacks and locked same-origin policies for web browsers, Chris Karlof, Umesh Shankar, J.D. Tygar, and David Wagner, CCS 2007
Feb 18 Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks, William Robertson, Giovanni Vigna, Christopher Kruegel, Richard A. Kemmerer, NDSS 2006
Feb 25 Capturing System-wide Information Flow for Malware Detection and Analysis, Heng Yin, Dawn Song, Manuel Egele, Engin Kirda and Christopher Kruegel, CCS 2007
Mar 3 An Information Theoretic Model for Adaptive Side-Channel Attacks, Boris Kopf and David Basin, CCS 2007
Mar 10 Detecting covert timing channels: an entropy-based approach, Steven Gianvecchio, Haining Wang, CCS 2007
Mar 24 An Analysis of Browser Domain-Isolation Bugs and A Light-Weight Transparent Defense Mechanism, Shuo Chen, David Ross, Yi-Min Wang, CCS 07
Mar 31 Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses, Daniel Halperin, Et.Al. S&P 2008
 

Fall 2007
Aug. 22 Planning Meeting
Aug. 27th

CANDID: Preventing SQL Injection Attacks using Dynamic Candidate Evaluations, S.Bandhakavi,  M. Parthasarathy, P Bisht V. N. Venkatakrishnan , ACM CCS 2007
Sept. 10

Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems, Ted Huffmire, Brett Brotherton, Gang Wang, Timothy Sherwood, Ryan Kastner, Timothy Levin, Thuy Nguyen, and Cynthia Irvine, IEEE S&P 2007
Sept. 17

Usable Mandatory Integrity Protection for Operating Systems, Ninghui Li, Ziqing Mao, and Hong Chen, IEEE S&P 2007
Sept. 24

Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity, Nikita Borisov, George Danezis, Prateek Mittal, and Parisa Tabriz, CCS 2007
Oct. 1

Safecard, a gigabit IPS on the network card, Willem de Bruijn, Asia Slowinska, Kees van Reeuwijk, Tomas Hruby, Li Xu, and Herbert Bos, RAID 2006
Oct. 8

Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis, P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna, NCSS 2007
Oct. 15

OSLO: Improving the security of Trusted Computing, Bernhard Kauer, USENIX, 2007
Oct. 22

Spamscatter: Characterizing Internet Scam Hosting Infrastructure, David S. Anderson, Chris Fleizach, Stefan Savage, and Geoffrey M. Voelker, USENIX 2007
Oct. 29 An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants, Jason Franklin, Vern Paxson, Adrian Perrig, Stefan Savage, CCS 2007
Nov. 5 Harvesting Verifiable Challenges from Oblivious Online Sources, J. Alex Halderman, Brent Waters, CCS 2007
Nov. 12 ConceptDoppler: A Weather Tracker for Internet Censorship, Crandall, Zinn, Byrd, Barr, East, CCS 2007
Nov. 26 Information Carrying Identity Proof Trees, Wiliam H. Winsborough, Anna C. Squicciarini, and Elisa Bertino WPES 2007
 Lurking in the Shadows: Identifying Systemic Threats to Kernel Data, Arati Baliga, Pandurang Kamat and Liviu Iftode IEEE S&P 2007
Dec. 3 FileWall: A Firewall for Network File Systems, Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode, Third IEEE International Symposium on Dependable, Autonomic and Secure
Computing
 

Spring 2007
Jan. 31 Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure., . T. Lam, S. Antonatos, P. Akritidis, and K. G. Anagnostakis, ACM CCS 2006
Feb. 7 A Decentralized Model for Information flow Control. Andrew C. Myers, Barbara Liskov. SOSP 1997
Feb. 14 No Class, Snow Day
Feb. 21 Designing Voting Machines for Verification, Naveen Sastry, Tadayoshi Kohno, and David Wagner  Usenix Security, August, 2006.
Feb. 28th Privacy and Contextual Integrity: Framework and Applications  Adam Barth, Anupam Datta, John C. Mitchell, and Helen Nissenbaum. IEEE Security and Privacy, 2006
Mar. 14 Attribute-Based Publishing with Hidden Credentials and Hidden Policies, Apu Kapadia, Patrick P. Tsang and Sean W. Smith, NDSS 2007
Mar. 28 Analyzing Behaviorial Features for Email Classification, Steve Martin, Anil Sewani, Blaine Nelson, Karl Chen, Anthony D. Joseph, CEAS 2005
Apr. 4 A Systematic Approach to Uncover Security Flaws in GUI Logic, Shuo Chen, José Meseguer, Ralf Sasse, Helen J. Wang and Yi-Min Wang, IEEE S&P 2007
Apr. 11 Ciphertext-Policy Attribute-Based Encryption, John Bethencourt, Amit Sahai and Brent Waters, IEEE S&P 2007
Apr. 18 Lurking in the Shadows: Identifying Systemic Threats to Kernel Data, A. Baliga, P. Kamat and L. Iftode IEEE S&P 2007
Apr. 25 Gradual Release: Unifying Declassification, Encryption and Key Release Policies, Aslan Askarov and Andrei Sabelfeld IEEE S&P 2007
 

Fall 2006

Aug. 31 Separating Access Control Policy, Enforcement, and Functionality in Extensible Systems Grimm, R. and Bershad. B. N. ACM Transactions on Computer Systems (TOCS), 2001 [Summary]
Sep. 7 Vigilante: End-to-end containment of Internet worms M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham.. In Proc. of the 20th ACM Symp. on Operating Systems Principles (SOSP), Brighton, UK, October 2005.  [Summary]
Sep. 14 SubVirt: Implementing malware with virtual machines King, S.T.; Chen, P.M.; Yi-Min Wang; Verbowski, C.; Wang, H.J.;  Lorch, J.R. IEEE Securtity and Privacy May 2006
Sep. 21 The Final Nail in WEP's Coffin Bittau, A.; Handley, H.; Lackey, J. IEEE Security and Privacy May 2006 [Summary]
Sep. 28 SigFree: A Signature-free Buffer Overflow Attack Blocker  X. Wang, C. Pan, P. Liu, S. Zhu, Usenix Security Symposium, 2006 [Summary]
Oct. 5 Integrity Regions: Authentication Through Presence in Wireless Networks S. Capkun, M. Cagalj, ACM Workshop on Wireless Security (WiSe 2006) [Summary]
Oct. 13 Exploiting MMS vulnerabilities to stealthily exhaust mobile phone's battery Radmilo Racic, Denys Ma, Hao Chen SECURECOMM '06 [Summary]
Oct. 19 Doppelganger: Better Browser Privacy Without the Bother Umesh Shankar and Chris Karlof CCS'06 [Summary]
Oct. 26 Secure Attribute-Based Systems. Matthew Pirretti, Patrick Traynor, Patrick McDaniel, and Brent Waters CCS'06 [Summary]
Nov. 9 A model-checking approach to analysing organisational controls in a loan origination process. Andreas Schaad, Volkmar Lotz, Karsten Sohr, SACMAT, 2006
Nov. 16 Milk or Wine: Does Software Security Improve with Age? Andy Ozment, Stuart E. Schechter, USENIX, 2006 [Summary]
Nov. 30 OPUS: Online Patches and Updates for Security. Gautam Altekar, Ilya Bagrak, Paul Burstein and Andrew Schultz Proceedings of the 14th USENIX Security Symposium, 2005 [Summary]

Spring 2006

Jan 23 Secure Spread: An Integrated Architecture for Secure Group Communication, Amir et al, IEEE Transactions on Dependable and Secure Computing, 2(3),  July-September 2005. [Summary]
Jan 30 An Auctioning Reputation System Based on Anomaly Detection Rubin, S;  Christodorescu, M; Ganapathy, V; Giffin, J. T.; Kruger, L; Wang, H, 12th ACM Conference on Computer and Communications Security [Summary]
Feb 6

A DOS-limiting Network Architecture Yang, X; Weatherall, D; Anderson, T, ACM SIGCOMM 2005
  For the next 5 weeks we will be studying papers about Secure and Dependable Computing
Feb 13

Implementing Trustworthy Services Using Replicated State Machines Fred B. Schneider and Lidong Zhou, IEEE Security and Privacy, Volume 3, Number 5 (September/October 2005), 34--43.
Feb 20

The Byzantine Generals Problem, Leslie Lamport, Robert Shostak, and Marshall Pease, ACM Transactions on Programming Languages and Systems, Volume 4, Number 3 (July 1982), 382--401.

Impossibility of Distributed Consensus with One Faulty Process Michael J. Fisher, Nancy A. Lynch, and Michael S. Paterson, Journal of the Association for Computing Machinery, Volume 32, Number 2 (April 1985), 374--382.
Feb 27

How to Share a Secret Adi Shamir, Communications of the ACM, Volume 22, Number 11 (November 1979), 612--613. [Summary]

Proactive secret sharing or: How to cope with perpetual leakage Amir Herzberg, Stanislaw Jarecki, Hugo Krawczyk, and Moti Yung. In Crypto'95. [Summary]

[OPTIONAL] Some Recent Research Aspects of Threshold Cryptography. Yvo Desmedt, In E. Okamoto, G. Davida and M. Mambo, editors, Information Security, Proceedings (Lecture Notes in Computer Science 1396), pp. 158-173. Springer-Verlag, 1997. Tatsunokuchi, Ishikawa, Japan, September.

Mar 6 Transparent Runtime Randomization for Security, Jun Xu, Zbigniew Kalbarczyk, and Ravishankar K. Iyer, UIUC CRHC Technical Report CRHC-03-03, May 2003. [Summary]

On achieving software diversity for improved network security using distributed coloring algorithms, Adam J. O'Donnell and Harish Sethu, 11th ACM Conference on Computer and Communications Security, October 2004, 121--131. [Summary]
Mar 13 COCA: A secure distributed on-line certification authority, Lidong Zhou and Fred B. Schneider, ACM Transactions on Computer Systems Volume 20, Number 4 (November 2002), 329--368.

Secure intrusion-tolerant replication on the Internet. Christian Cachin and Jonathan A. Poritz. In Proc. Intl. Conference on Dependable Systems and Networks (DSN-2002), pages 167-176, June 2002.
Mar 27 Fit: Fast Internet Traceback. Abraham Yaar, Adrian Perrig, and Dawn Song. In IEEE InfoCom, March 2005
Apr 2 Countering DoS attacks with stateless multipath overlays. Angelos Stavrou, Angelos D. Keromytis, Columbia University CCS 2005
Apr 10 New Approaches for Deniable Authentication.M. Di Raimondo and R. Gennaro, CCS 2005
Apr 17 Using Attack Injection to Discover New Vulnerabilities. Nuno Neves, Jo.ao Antunes, Miguel Correia, Paulo Ver´issimo, Rui Neves DSN 2006
Apr 24 Retrofitting legacy code for authorization policy enforcement.Vinod Ganapathy, Trent Jaeger, and Somesh Jha. In 2006 IEEE Symposium on Security and Privacy. Oakland, California, May 2006.
 

Fall 2005

Sept. 6

A layered design of discretionary access controls with decidable safety properties Solworth, J.A.; Sloan, R.H.; Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on 9-12 May 2004 Page(s):56 - 67 [Summary]
Sept. 13

Security Analysis and Improvements for IEEE 802.11i Changhua He, John C Mitchell; Stanford Universty; Network and Distributed System Security Symposium Conference Proceedings: 2005 [Summary]
Sept. 20

Automated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers Zhenkai Liang and R. Sekar;SUNY-Stony Brook;  ACM Conference on Computer and Communications Security 2005 [Summary]
Sept. 27 Low-Latency Cryptographic Protection for SCADA Communications Andrew K. Wright, John A. Kinast, and Joe McCarty; Proc. Applied Cryptography and Network Security 2004
Oct. 4

On safety in discretionary access control Ninghui Li; Tripunitara, M.V.; Security and Privacy, 2005 IEEE Symposium on 8-11 May 2005 Page(s):96 - 109
Oct. 11 Mapping Internet Sensors with Probe Response Attacks John Bethencourt, Jason Franklin, Mary Vernon. Proceedings of the 14th USENIX Security Symposium, August 2005.
Oct. 18 Preventing Attribute Information Leakage in Automated Trust Negotiation Keith Irwin and Ting Yu, To Appear in CCS 2005, Nov 2005.
Oct. 25 Top Speed of Flash Worms Stuart Staniford, David Moore, Vern Paxson and Nick Weaver (Nevis Networks, CAIDA/UCSD, ICSI); WORM (Workshop on Rapid Malcode) 2004 [Summary]
Nov. 1 Posted in Newsgroup
Nov. 8 Passive-attack analysis for connection-based anonymity systems Andrei Serjantov and Peter Sewell
Nov. 15 The Internet Motion Sensor: A Distributed Blackhole Monitoring System Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson (Arbor Networks, University of Michigan); NDSS'05
Nov. 29 Remote Physical Device Fingerprinting Tadayoshi Kohno, Andrew Broido, KC Claffy IEEE S&P 2005
 

Spring 2005

Jan 24 Zero-Interaction Authentication, M.D. Croner and B. Noble, ACM MOBICOM, 2002
Jan 31 SELS: A Secure E-mail List Service, Himanshu Khurana, Adam Slagell, and Rafael Bonilla. To appear in the Security Track of the ACM Symposium on Applied Computing (SAC), March 2005.
Feb 7 Concealing complex policies with hidden credentials, CCS 2005
Feb 14 Attacking and Repairing the WinZip Encryption Scheme, Tadayoshi Kohno
Feb 21

Access control using Pairing Based Cryptography, by Nigel P. Smart, CT-RSA 2003
Feb 28 SWATT: SoftWare-based ATTestation for Embedded Devices, Seshadri, Perrig, Doorn, Khosla, IEEE Symposium on Security and Privacy 2004
March 7

Cryptanalysis of a Provably Secure CRT-RSA Algorithm, CCS 2004.
March 14 A New Two-Server Approach for Authentication with Short Secrets, Usenix '03
March 211 Spring Break!
March 28 Fuzzy Identity Based Encryption, Amit Sahai and Brent Waters, Eurocrypt 2005.
April 4

A pairwise key pre-distribution scheme for wireless sensor networks, CCS '03
[Summary]
April 11 Efficient Tree-Based Revocation in Groups of Low-State Devices, Goodrich, Sun and Tamassia, Crypto 2004
April 18 Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication
April 25 Low-Cost Traffic Analysis Of Tor, Steven Murdoch, George Danezis, IEEE S&P 2005
   

[ 2000 - 2004 Archives ]

Related Links

Hit Counter surfers viewed this page since 08/29/2001. 

Please direct any questions to the seminar's Web Master.  [Report Missing Links]

Last modified at 03/28/2008 09:00:07 -0600