Security Reading Group Archives

Fall 2004

Aug. 30	On User Choice in Graphical Password Schemes, Darren Davis, Fabian Monrose, and Michael K. Reiter, USENIX Security Symposium 2004
Sep. 6	Labor day (no seminar)
Sep. 13	Privtrans: Automatically Partitioning Programs for Privilege Separation, David Brumley, Dawn Song, USENIX Security Symposium 2004
Sep. 20	A Framework for Classifying Denial of Service Attacks, Alefiya Hussain, John Heidemann, Christos Papadopoulos, SIGCOMM 2003
Sep. 27	How to Set Up a Secure Wireless Newtork in Under a Minute, Dirk Balfanz, Glenn Durfee, Rebecca E. Grinter, D. K. Smetters, Paul Stewart, USENIX Security 2004
Oct. 4	Understanding Data Lifetime via Whole System Simulation, Jim Chow, Ben Pfaff, Tal Garfinkel, Kevein Christopher, Mendel Rosenblum, USENIX Security Symposium [Summary]
Oct. 11	Web Tap : Detecting Covert Web Traffic, Kevin Borders, Atul Prakash, CCS 2004. [Summary]
Oct. 18	Privacy and Security in Library RFID: Issues, Practices, and Architectures, David Molnar, David Wagner, ACM CCS'04, CCS 2004.
Oct. 25	no seminar (CCS conference)
Nov. 1	On the Effectiveness of AddressSpace Randomization, Hovav Shacham, Matthew Page, Ben Pfaff, EuJin Goh, Nagendra Modadugu, Dan Boneh, CCS '04. [Summary]
Nov. 8	An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks, Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng Ning [Summary]
Nov. 15	Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation, Jun Li, Minho Sung, Jun Xu, Li Li, IEEE Security and Privacy, 2004 [Summary]
Nov. 22	Thanksgiving break
Nov. 29	Analysis of an electronic voting system, T. Kohno, A. Stubblefield, A. D. Rubin, D.S. Wallach, IEEE Symposium on Security and Privacy 2004
Dec. 6	Privacy issues in an electronic voting machine, Arthur M. Keller, David Mertz, Joseph Lorenzo Hall, Arnold Urken Stevens, WPES 2004

Spring 2004

Jan. 26	Secure verification of Location Claims, Naveen Sastry, Umesh Shankar, David Wagner, ACM Workshop on Wireless Security (WiSe 2003). [Summary]
Feb. 2	Monitoring and Early Warning for Internet Worms, by Zou, Gao, Gong and Towsley, ACM CCS '03. [Summary]
Feb. 9	Cryptographic access control in a distributed file system, Anthony Harrington and Christian Jensen, SACMAT '03. [Summary]
Feb. 16	Certificate-Based Authorization Policy in a PKI Environment, Mary Thompson, Abdelilah Essiari, Srilekha Mudumbai, ACM Transactions on Information and System Security, 6(4), Nov 2003. [Summary]
Feb. 23	Architectural Patterns for Enabling Application Security, Joseph Yoder, Jeffrey Barcalow, 4th Conference on Patterns Language of Programming '97. [Summary]
March 1	Automatically Inferring Patterns of Resource Consumption in Network Traffic, Cristian Estan, Stefan Savage, George Varghese, ACM SIGCOMM 2003 [Summary]
March 8	Hop-Count Filtering: An Effective Defense Against Spoofed Traffic, Cheng Jin, Haining Wang, Kang G. Shin, ACM CCS 2003 [Summary]
March 15	Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and Efficient IDS, Yu-Sung Wu, Bingrui Foo, Yongguo Mei, Saurabh Bagchi, ACSAC 2003 [Summary]
March 22	Spring break.
March 29	Modeling Contexts in the Or-BAC Model, Frederic Cuppens, Alexandre Miege, ACSAC 2003 [Summary]
April 5	Usable Access Control for the World Wide Web, Dirk Balfanz, ACSAC 2003 [Summary]
April 12	First Experiences Using XACML for Access Control in Distributed Systems, Seth Proctor, Rebekah Lepro, Markus Lorch, Dennis Kafura, Sumit Shah, Proceedings of the 2003 ACM workshop on XML security. [Summary]
April 19	Routing with Confidence: Supporting Discretionary Routing Requirements in Policy Based Networks, Apu Kapadia, Prasad Naldurg, Roy H. Campbell
April 26	Detecting Network Intrusions via Sampling: A Game Theoretic Approach, Murali Kodialam, T. V. Lakshman, IEEE INFOCOM 2003 [Summary]
May 3	Wireless LAN Location Sensing for Security Applications, Ping Tao, Algis Rudys, Andrew Ladd, Dan S. Wallach, ACM Wise '03.

Fall 2003

Sept. 1 Labor day

Sept. 8 Storage-based Intrusion Detection: Watching storage activity for suspicious behavior, Adam G. Pennington, John D. Strunk, John Linwood, Griffin, Craig A.N. Soules, Garth R. Goodson, Gregory R. Ganger, USENIX Security Symposium 2003
[Summary]

Sept. 15 Preventing Privilege Escalation, Niels Provos, Markus Friedl, Peter Honeyman, 12th USENIX Security Symposium, 2003.
[Summary]

Sept. 22 Probabilistic Validation of an Intrusion-Tolerant Replication System, Sankalp Singh, Michel Cukier, William H. Sanders, Dependable Systems and Networks, 2003
[Summary]

Sept. 29
Managing access control policies using access control spaces, Trent Jaeger, Antony Edwards, Xiaolan Zhang, SACMAT 2002
[Summary]

Oct. 6 Detecting Malicious Java Code Using Virtual Machine Auditing, Sunil Soman, Chandra Krintz, and Giovanni Vigna, from Usenix security symposium '03.
[Summary]

Oct. 13
A Key-Management Scheme for Distributed Sensor Networks, Laurent Eschenauer, Virgil D. Gligor, ACM Conference on Computer and Communications Security, 2002.
[Summary]

Oct. 20 Detecting Service Violations and DoS attacks, Ahsan Habib, Mohamed Hefeeda, Bharat Bhargava, NDSS '03
[Summary]

Oct. 27 Establishing the Genuinity of Remote Computer Systems, Rick Kennell, Leah Jamieson, Usenix Security Symposium 2003.
[Summary]

Nov. 3 Context-Aware User Authentication -- Supporting Proximity-Based Login in Pervasive Computing, Jakob E. Bardram, Rasmus E. Kjær, and Michael Ø. Pedersen, UbiComp '03
[Summary]

Nov. 10
A Virtual Machine Introspection Based Architecture for Intrusion Detection, by Tal Garfinkel, Mendel Rosenblum, NDSS '03.
[Summary]

Nov. 17 Quantum Cryptography in Practice, by Chip Elliott, David Pearson, Gregory Troxel, SIGCOMM '03
[Summary]

Nov. 24 Thanksgiving break

Dec. 1 Backtracking Intrusions, Samuel T. King, Peter M. Chen, Proceedings of the 2003 Symposium on Operating Systems Principles (SOSP), October 2003.
[Summary]

Dec. 8 MET: an experimental system for Malicious Email Tracking, Manasi Bhattacharyya, Shlomo Hershkop, Eleazar Eskin, NSPW02.
[Summary]

Summer 2003

July 7 Approximate Object Location and Spam Filtering on Peer-to-peer Systems, Feng Zhou, Li Zhuang, Ben Y. Zhao, Ling Huang, Anthony D. Joseph and John Kubiatowicz. ACM Middleware, June 2003.

July 14
Using Memory Errors to Attack a Virtual Machine, A. Appel and S. Govindavajhala, In IEEE Symposium on Security and Privacy, 2003.
[Summary]

July 21 Domain-Based Administration of Identity-Based Cryptosystems for Secure Email and IPSEC, D. K. Smetters and G. Durfee, 12th USENIX Security Symposium, Washington, DC, 2003.
[Summary]

July 28 Internet Quarantine: Requirements for containing self-propagating code, David Moore, Colleen Shannon, Geoff Voelker and Stefan Savage, Infocomm 2003.
[Summary]

August 4 Security in Plan 9, Cox, Grosse, Pike, Presotto, and Quintan, Sec '02.
[Summary]

Spring 2003

Jan. 21 Organizational Meeting.

Jan. 27
Mimicry Attacks on Host-Based Intrusion Detection Systems, David Wagner and Paolo Soto, ACM CCS 2002.
[Summary]

Feb. 3
Throttling Viruses: Restricting propagation to defeat malicious code, Matthew M. Williamson, ACSAC2002.
[Summary]

Feb. 10
Improving Computer Security Using Extended Static Checking, Brian V. Chess, IEEE S&P 2002
[Summary]

Feb. 17 SiRiUS: Securing Untrusted Remote Storage, Eu-Jin Goh, Hovav Shacham, Nagendra Modadugu, Dan Boneh, ISOC Network and Distributed Systems Security (NDSS) Symposium 2003.
[Summary]

Feb. 24
Efficient, DoS Resistant, Secure Key Exchange for Internet Protocols, William Aiello, Steven M. Bellovin, Matt Blaze,Ran Canetti, John Ioannidis, Angelos D. Keromytis,Omer Reingold, ACM CCS 2002.
[Summary]

March 3 Automated Generation and Analysis of Attack Graphs, Oleg Sheyner, Somesh Jha, Jeannette Wing, Richard Lippmann, Joshua Haines, 2002 IEEE Symposium on Security and Privacy
[Summary]

March 10 Securing passwords against dictionary attacks, Pinkas and Sander, 9th ACM CCS 2002.
[Summary]

March 17 Authenticated Encryption in SSH: Provably Fixing the SSH Binary Packet Protocol, by Bellare, Kohno, and Namprempre, 9th ACM CCS 2002.
[Summary]

March 24 Spring break!

March 31 Talking To Strangers: Authentication in Ad-Hoc Wireless Networks, Balfanz, Smetters, Steward, and Wong, NDSS '02.
[Summary]

April 7 A General and Flexible Access-Control System for the Web, Lujo Bauer, Michael A. Schneider, and Edward W. Felten, Proceedings of the 11th USENIX Security Symposium, August 2002.
[Summary]

April 14 A Reputation-Based Approach for Choosing Reliable Resources in Peer-to-Peer Networks, Damiani, Vimercati, Paraboschi, Samarati, and Violante, 9th ACM CCS 2002.
[Summary]

April 21 Fighting Spam by Encapsulating Policy in Email Addresses, John Ioannidis, ISOC NDSS 2003
[Summary]

April 28 End-to-end Trust Starts with Recognition, J.-M. Seigneur, S. Farrell, C. D. Jensen, E. Gray, and Y. Chen, in Proceedings of the First International Conference on Security in Pervasive Computing, 2003.
[Summary]

May 5 Constructing Attack Scenarios through Correlation of Intrusion Alerts, Peng Ning, Yun Cui, Douglas S. Reeves, In Proceedings of the 9th ACM Conference on Computer & Communications Security. Pages 245-254. Washington D.C., November 2002.
[Summary]

Fall 2002

August 30 Organizational Meeting.

Sep. 4 Security for structured peer-to-peer overlay networks, Peter Druschel, Miguel Castro, Ayalvadi Ganesh, Antony Rowstron, and Dan S. Wallach. In Proceedings of the Fifth Symposium on Operating Systems Design and Implementation (OSDI'02), Boston, MA, December 2002.
[Summary]

Sep. 11 Infranet: Circumventing Web Censorship and Surveillance, Nick Feamster, Magdalena Balazinska, Greg Harfst, Hari Balakrishnan, David Karger, Usenix Security Symposium '02.
[Summary]

Sep. 18
A new approach to DNS security (DNSSEC), G. Atenniese and S. Mangard, In Proceedings of ACM CCS 2001.
[Summary]

Sep. 25 Special Reading: The National Strategy to Secure Cyberspace (for comments draft).
[Comments]

Oct. 2 Detecting Steganographic Content on the Internet, Niels Provos and Peter Honeyman, ISOC NDSS'02, San Diego, CA, February 2002.
[Summary]

Oct. 9 Setuid Demystified, Hao Chen, David Wagner, and Drew Dean, 11th USENIX Security Symposium, 2002.
[Summary]

Oct. 16
Proxy-Based Security Protocols in Networked Mobile Devices, Matthew Burnside, Dwaine Clarke, Todd Mills, Srinivas Devadas, Ronald Rivest, Proceedings of SAC 2002.
[Summary]

Oct. 23
Lessons Learned in Implementing and Deploying Crypto Software, Peter Gutmann, Usenix Security Symposium 2002.
[Summary]

Oct. 30
Data Mining Methods for Detection of New Malicious Executables Matthew G.Schultz, Eleazar Eskin, Erez Zadok, Salvatore J. Stolfo.
[Summary]

Nov. 6 SOS: Secure Overlay Services, A. Keromytis, V. Misra and D. Rubenstein, ACM SigComm 2002.
[Summary]

Nov. 13
How to 0wn the Internet in Your Spare Time, Stuart Staniford, Vern Paxson, Nicholas Weaver, Proceedings of the 11th USENIX Security Symposium (Security '02)
[Summary]

Nov. 20 Access Control for Active Spaces, Geetanjali Sampemane, Prasad Naldurg and Roy H. Campbell, To Appear in ACSAC 2002.
[Summary]

Nov. 27
Thanksgiving break

Dec. 4 Tarzan: A Peer-to-Peer Anonymizing Network Layer, Freedman and Morris, Proceedings of the 9th ACM conference on Computer and communications security.

Dec. 11
Peer-to-Peer Caching Schemes to Address Flash Crowds, Tyron Stading, Petros Maniatis and Mary Baker, 1st International Workshop on Peer-to-Peer Systems (IPTPS 2002), March 2002.
[Summary]

Summer 2002

May 16 A Hybrid PKI Model with an Application for Secure Mediation, Joachim Biskup and Yücel Karabulut (submitted for publication)
[Summary]

May 23 SPINS: Security Suite for Sensor Networks, Victor Wen , Adrian Perrig, Robert Szewczyk, ACM SIGMOBILE, 7th annual international conference on mobile computing and networking 2001.
[Summary]

May 30
Securing Web Servers against Insider Attack, Shan Jiang, Sean Smith, Kazuhiro Minami, ACSAC 2001.
[Summary]

June 6 Statistical Identification of Encrypted Web Browsing Traffic, Qixiang Sun et al., IEEE S&P 2002.

June 13
Proof Carrying code, George C. Necula, Peter Lee, Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Langauges (POPL '97)
[Summary]

June 20 Tamper Resistance -- A Cautionary Note, Ross Anderson and Markus Kuhn, Proceedings of the 2nd USENIX Workshop on Electronic Commerce, 1996.
[Summary]

June 27 An Analysis of the Degradation of Anonymous Protocols, Matthew Wright, Micah Adler, Brian N. Levine, Clay Schields. In Proceedings of Symposium on Network and Distributed Systems Security 2002.
[Summary]

July 4 Independence Day (no class)

July 11 Collaborative Filtering with Privacy, by John Canny. Proceedings of IEEE Security and Privacy 2002.
[Summary]

July 18 Adaptive Security for Multi-layer Ad-hoc Networks, Jiejun Kong, Haiyun Luo, Kaixin Xu, Daniel Lihui Gu, Mario Gerla, Songwu Lu, Special Issue of Wireless Communications and Mobile Computing

Spring 2002

Jan. 17, 02 Administrative Meeting

Jan. 21 M. L. King Day (no classes)

Jan. 28 Tangler: A Censorship Resistant Publishing System Based On Document
Entanglements, Marc Waldman and David Mazières, 8th ACM Conference on Computer and Communications Security (CCS-8), Nov. 2001.
[Summary]

Feb. 4
Defective Sign & Encrypt in S/MIME, PKCS7, MOSS, PEM, PGP, and XML, Don Davis, 2001 Usenix Annual Technical Conference, security session.
[Summary]

Feb. 11 A verifiable secret shuffle and its application to e-voting, C. Andrew Neff, Proceedings of the 8th ACM conference on Computer and Communications Security, Philadelphia, PA 2001.
[Summary]

Feb. 18 Access control meets public key infrastructure, or: assigning roles to strangers, Amir Herzberg, Yosi Mass, Joris Mihaeli, Dalit Naor, Yiftach Ravid IEEE S&P 2000.
[Summary]

Feb. 25 An Efficient, Dynamic and Trust Preserving PKI, Albert Levi, M. Ufuk Caglayan, 2000 IEEE Symposium on Security and Privacy.
[Summary]

Mar. 4 Differential Power Analysis, Paul Kocker, Joshua Jaffe, Benjamin Jun, Crypto '99.
[Summary]

Mar. 11 Flexible Authentication of XML documents, to appear in the 8th ACM, P. Devanbu, M. Gertz, A. Kwong, C. Martel, G. Nuckolls, and S. G. Stubblebine, Conference on Computer and Communications Security, 2001.
[Summary]

Mar. 18 Spring Break!

Mar. 25
The BiBa One-Time Signature and Broadcast Authentication Protocol, Adrian Perrig, CCS'01
[Summary]

April 1 Active Certificates: A Framework for Delegation, Nikita Borisov and Eric A. Brewer, ISOC NDSS '02.
[Summary]

April 8 A Method for Fast Revocation of Public Key Certificates and Security Capabilities, Dan Boneh, Xuhua Ding, Gene Tsudik & Chi Ming Wong, 10th USENIX Security Symposium, August 13-17, 2001.
[Summary]

April 15
The Quest for Security in Mobile Ad Hoc Networks, Jean-Pierre Hubaux, Levente Buttyan, Srdan Capkun, MobiHOC 2001.
[Summary]

April 22 Escrow Services and Incentives in Peer-to-Peer Networks, B. Horne, B. Pinkas and T. Sander, Proceedings of the 3rd ACM conference on Electronic, October 2001.
[Summary]

April 29 P5: A Protocol for Scalable Anonymous Communication, Rob Sherwood, Bobby Bhattacharjee, Aravind Srinivasan, to appear in the IEEE Symposium on Security and Privacy 2002.
[Summary]

2000-2001 Archives

*Fall 2001*
Sep. 5	The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environment, Peter A. Loscocco, Stephen D. Smalley, Patric A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, John F. Farrell, 21st National Information Systems Security Conference (NISS), 1998 [Summary]
Sep. 12	Inferring Internet Denial-of-Service Activity, David Moore, Geoffrey M. Voelker Stefan Savage, 10th Usenix Security Symposium, 2001 [Summary]
Sep. 19	Enforceable Security Policies, Fred Schneider, ACM Transactions on Information and System Security, Vol. 3, Issue 1, 2000
Sep. 26	Generalized Role-Based Access Control for Securing Future Applications, Michael J. Covington, Matthew J. Moyer, Mustaque Ahamad, 23rd National Information Systems Security Conference, 2000 [Summary]
Oct. 3	Artificial Neural Networks for Misuse Detection, James Cannady, 21st NISSC , 1998 [Summary]
Oct. 10	Survival by Defense-Enabling, Partha Pal, Franklin Webber, Richard Schantz, NSPW 2001
Oct. 17	Dos and Don'ts of Client Authentication on the Web, Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster, 10th Usenix Security Symposium, 2001
Oct. 24	What is a VPN?, P. Ferguson, G. Huston
Oct. 31	Digital Signatures, Certificates and Electronic Commerce, Brian Gladman, Carl Ellison, Nicholas Bohm
Nov. 7	Hash-Based IP Traceback, Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, Stephen T. Kent, W. Timothy Strayer, ACM SIGCOMM 2001
Nov. 14	Timing Attacks on Web Privacy, Edward W. Felten, Michael A. Schneider, ACM CCS 2000
Nov. 21	Colonial American Thanksgiving Cooking
Nov. 28	A Security Architecture for Computational Grids, Ian Foster, Carl Kesselman, Gene Tsudik, Steven Tuecke, ACM 5th CCS, 1998
Dec. 5	Operating System Enhancements to Prevent the Misuse of System Calls, Massimo Bernaschi, Emanuele Gabrielli, Luigi, V. Mancini, ACM 7th CCS, 2000 [Summary]
*Spring 2001*
Feb. 9 2001	Publius Censorship Resistant Publishing System [Summary]
Feb. 16	The Eternity Service, Ross Anderson The Eternity Service, Tonda Benes [Summary]
Feb. 23	Auditable, Anonymous Electronic Cash, Tomas Sander and Amnon Ta-Shma, CRYPTO 1999
Mar. 2	Can Pseudonymity Really Guarantee Privacy? (alternate link), Josyula R. Rao and Pankaj Rohatgi, Usenix Security Symposium 2000 [Summary]
Mar. 9	ITS4: A Static Vulnerability Scanner for C and C++ Code, John Viega, J.T. Bloch, Yoshi Kohno, Gary McGraw, ACSAC 2000
Mar. 16	Have a nice spring break!
Mar. 23	Limiting the Disclosure of Access Control Policies During Automated Trust Negotiation K. E. Seamons, M. Winslett, T. Yu, Symposium on Network and Distributed System Security 2001
Mar. 30	(In)Security of the WEP algorithm (paper draft), Nikita Borisov, Ian Goldberg, David Wagner
Apr. 6	Funkspiel Schemes: An Alternative to Conventional Tamper Resistance, Johan Håstad, Jakob Jonsson, Ari Juels, Moti Yung, 7th ACM Conference on Computer and Communication Security
Apr. 13	Efficient Receipt-Free Voting Based on Homomorphic Encryption, Martin Hirt, Kazue Sako, EUROCRYPT 2000
Apr. 20	Preventing Traffic Analysis for Real-Time Communication Networks, Y. Guan, C. Li, D. Xuan, R. Bettati, Wei Zhao, Milcom '99 [Summary]
Apr. 27	Digital-Ticket-Controlled Digital Ticket Circulation, Ko Fujimura, Hiroshi Kuno, Masayuki Terada, Kazuo Matsuyama, Yasunao Mizuno, et al., 8th Usenix Security Symposium, 1999 [Summary]

*Fall 2000*
Oct, 2000	Rijndael specification, Joan Daemen and Vincent Rijmen
Nov. 1	Crowds: anonymity for Web transactions, Michael K. Reiter and Aviel D. Rubin, ACM Transactions on Information and System Security, (June, 1998)
Nov. 8	A wearable public key infrastructure (WPKI), H. Muller and N. P. Smart, Technical Report CSTR-00-006, Department of Computer Science, University of Bristol, (June, 2000)
Nov. 8	Certificate Revocation and Certificate Update, Moni Naor and Kobbi Nissim, Usenix Security Symposium '98
Nov. 15	Practical Network Support for IP Traceback, Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, ACM SIGCOMM 2000
Nov. 22	The best way to cook the turkey, Santa Claus
Nov. 29	Detecting Backdoors, Yin Zhang and Vern Paxson, Usenix Security Symposium 2000
Nov. 29	Detecting Stepping Stones, Yin Zhang and Vern Paxson, Usenix Security Symposium 2000
Dec. 5	The Design and Analysis of Graphical Passwords, Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter and Avi Rubin, Usenix Security Symposium 1999

[ Back ]