CAP6135: Malware and Software Vulnerability Analysis
(Spring 2014)

Home                      Schedule notes                        Assignment

Class 1 (01/06):  Course introduction,   Software security introduction
Class 2 (01/08):  Software security intro (continue);  term project description (possible term project topic);
Class 3 (01/13): 
Software security intro (continue);  Basic network security introduction
Class 4 (01/15):  Network security introduction (continue)
Class 5 (01/22):  Network security intro (continue);  Stack Overflow I: Attack Introduction
                              after class reading materials: "Smashing The Stack For Fun And Profit", Alpha One
                              "Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade," Crispin Cowan, et al.
Class 6 (01/27):  Stack Overflow I (continue)
Class 7 (01/29): 
Stack Overflow example using GDB; Project 1 is assigned and due Feb. 12th midnight via WebCourse (written notes)
Class 8 (02/03): 
Stack Overflow II: Defense
Class 9 (02/05): 
Find Software Bugs (written notes)
Class 10 (02/10):
Introduce instructor's ACSAC'07 best student award paper on fuzzing; Example of man-made vulnerable code (fuzzTest-target.c, fuzzTest100.c ) and explanation slides
Class 11 (02/12):
Explanation of program project 2; Programming project 2 is assigned and due Mar. 2nd midnight; Term project proposal slides are due Feb. 25th midnight
Class 12 (02/17): Program Verification & Other Types of Vulnerabilities
Class 13 (02/19): Email Spam
Class 14 (02/24): Network Traffic Monitoring Using Wireshark
Class 15 (02/26):
Term project proposal presentation for face-to-face session students
Class 16 (03/10):
Email spam homework is assigned and due Mar. 23rd midnight; explaining of the email spam homework;  Listen to CS Distinguished Lecture Series seminar from Dr. Kang Shin on mobile application security
Class 17 (03/12): Two student paper presentation:  Prachi Shivhare (ppt), Charly Collin (pdf)
Class 18 (03/17): Network traffic monitoring (continue); Programming project 3 is released ...
Class 19 (03/19): Student paper presentation:  Awrad Mohammed Ali (ppt), Hyanglim You (ppt)
Class 20 (03/24): Student paper presentation: Victor Parece (pdf), Ke Chen (ppt)
Class 21 (03/26): Student paper presentation: Kushal Mehta (ppt), Ankur Verma (ppt)
Class 22 (03/31): Botnets, Student paper presentation: Michael Christakos (pdf)
Class 23 (04/02): Student paper presentation: 
Saurabh Mankar (ppt), Karthik Balasubramanian (ppt)
Class 24 (04/07): Student paper presentation: Talal Basaif (pdf), Salih Safa Bacanli (pdf)
Class 25 (04/09): Student paper presentation:  Prateek Basavaraj (ppt), Aman Goel (ppt)
Class 26 (04/14): Student paper presentation: Dilip Simha.C.R. (ppt), Vidhur Goyal (ppt)
Class 27 (04/16): Student paper presentation: Sruthi Chiluka (ppt), Sidhanth Sheelavanth (pdf)
Class 28 (04/21): Student paper presentation: Sagar Patel (pdf), Rajiv Marothu (ppt)
                               Venkata Sagi (ppt), Aishwarya Nayak (ppt), Manik Challana (ppt)
Class 29 (04/28) 10:00am - 12:50pm:  Term project presentation by face-to-face session students

1. "Automated Whitebox Fuzz Testing", P. Godefroid, M.Y. Levin, D. Molnar, Annual Network & Distributed System Security Symposium (NDSS) 2008.
2. (Hyanglim You) "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphone", William Enck, Peter Gilbert, Byung-gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth, USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2010.
3. (Prachi Shivhare) "Protecting Browsers from Extension Vulnerabilities", Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman. 17th Network and Distributed System Security Symposium (NDSS), 2010.
4. (karthik balasubramanian) "Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds", Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security, Chicago, IL, November 2009.
5. "Countering Kernel Rootkits with Lightweight Hook Protection," Zhi Wang, Xuxian Jiang, Weidong Cui, Peng Ning, Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, November 2009.
6.  (Saurabh Mankar) "VEX: Vetting Browser Extensions for Security Vulnerabilities", Sruthi Bandhakavi, Samuel T. King, P. Madhusudan, and Marianne Winslett, USENIX Security Symposium (Usenix), 2010 (best paper award). 
7.  (Sruthi Chiluka) "Vanish: Increasing Data Privacy with Self-Destructing Data", Roxana Geambasu, Tadayoshi Kohno, Amit A. Levy, and Henry M. Levy, USENIX Security Symposium (Usenix), 2009 (best student paper award). 
8. (Charly Collin) "TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection", Tielei Wang, Tao Wei, Guofei Gu, Wei Zou, 31st IEEE Symposium on Security & Privacy (Oakland), Oakland, CA, May 2010. (Best Student Paper Award).
9. (Awrad Mohammed Ali ) "Detecting Spammers on Social Networks", Gianluca Stringhini, Christopher Kruegel, Giovanni Vigna, Annual Computer Security Applications Conference (ACSAC), 2010. (Best student paper award). 
10. (vidhur goyal) "Dude, where�s that IP? Circumventing measurement-based IP geolocation", Phillipa Gill, Yashar Ganjali, David Lie, Bernard Wong. Proceedings of the 19th USENIX Symposium on Security, 2010.
11. "CryptDB: Protecting Confidentiality with Encrypted Query Processing", Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, Hari Balakrishnan, 23rd ACM Symposium on Operating Systems Principles (SOSP), 2011.
12. (Michael Christakos) "HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis", Yinqian Zhang, Ari Juels, Alina Oprea, Michael K. Reite, IEEE Symposium on Security and Privacy 2011.
13. (Aishwarya Nayak) "Click Trajectories: End-to-End Analysis of the Spam Value Chain", Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Mark Felegyhazi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, Stefan Savage. IEEE Symposium on Security and Privacy 2011,
14. (Sagar Patel) "On Limitations of Designing Leakage-Resilient Password Systems: Attacks, Principles and Usability", Qiang Yan, Jin Han, Yingjiu Li and Robert H. Deng,NDSS 2012 (Distinguished Paper Award).
15. (Prateek Basavaraj) "Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider", Ariel J. Feldman, Aaron Blankstein, Michael J. Freedman, and Edward W. Felten, Usenix Security Symposium, 2012. (Best Student Paper)
16. (Sidhanth Sheelavanth) "Memento: Learning Secrets from Process Footprints", Suman Jana and Vitaly Shmatikov, IEEE Symposium on Security and Privacy, 2012. (Best Student Paper)
17. (Manik Challana) "User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems", 
Franziska Roesner, Tadayoshi Kohno, Alexander Moshchuk, Bryan Parno, Helen J. Wang, and Crispin Cowan, IEEE Symposium on Security and Privacy, 2012. (Best Practical Paper)
(Ke Chen) "I can be you: Questioning the use of Keystroke Dynamics as Biometrics", Tey Chee Meng, Payas Gupta and Debin Gao, NDSS 2013. (Best Paper Award)
19. (Ankur Verma) "The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites",
Sooel Son and Vitaly Shmatikov, NDSS 2013. (Best Student Paper)
20. (Aman Goel) "Routing Around Decoys"
Max Schuchard, John Geddes, Christopher Thompson, Nicholas Hopper. CCS 2012. (Best Student Paper Award)
21. (Venkata Sagi) "IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution", Tielei Wang , Zhiqiang Lin, NDSS 2009.
22. "P2PWNED: Modeling and Evaluating the Resilience of Peer-to-Peer Botnets", Rossow, C.; Andriesse, D.; Werner, T.; Stone-Gross, B.; Plohmann, D.; Dietrich, C.J.; Bos, H., IEEE Symposium on Security and Privacy, 2013.
23. (Dilip Simha.C.R.) "Security and Privacy for Implantable Medical Devices", Daniel Halperin, Thomas S. Heydt-Benjamin, Kevin Fu, Tadayoshi Kohno, and William H. Maisel, IEEE Pervasive Computing, 7(1), January-March 2008.
24. (Talal Basaif) "Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control"
Chow, R.; Golle, P.; Jakobsson, M.; Shi, E.; Staddon, J.; Masuoka, R.; Molina, J., Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW 2009); 2009.
25. (Victor Parece)
"Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers", Ter Louw, M.; Venkatakrishnan, V.N., 30th IEEE Symposium on Security and Privacy, 2009. 
26. (Kushal Mehta) "Mobile-Sandbox:  Having a Deeper Look into Android Applications", Spreitzenbarth, Michael and Freiling, Felix and Echtler, Florian and Schreck, Thomas and Hoffmann, Johannes, 28th Annual ACM Symposium on Applied Computing (SAC), 2013.
27. (
Safa Bacanli) "Static analysis of Android programs", �tienne Payet, Fausto Spoto, Elsevier Journal of Information and Software Technology 54 (2012) pp. 1192�1201.