CS 576 Grad Computer Security - Spring 2018

Instructor Contact

Dr. Charles V. Wright
Office: FAB 120-25
Email: cvwright cs pdx edu (fill in the missing punctuation)
Slack: @cvwright
Office Hours: T 2:30-4:30pm, or by appointment

Dr. Wu-chang Feng
Office: FAB 120-14
Email: wuchang cs pdx edu (fill in the missing punctuation)
Slack: @wuchang
Office Hours: F 8:30-10:30am, or by appointment
Course reviews

Course Information

Time: Tuesdays and Thursdays, 12:00-1:15pm
Location: FAB 46

For more details, see the full PDF version of the syllabus.

Course Schedule

Date Topics and Readings Homework
Apr 3 Introduction Readings:
Apr 5 Faculty Presentation(s)
  • A crash course in applied cryptography (See "Security Engineering", Chapter 5: Cryptography, for more in-depth information.)
Apr 10 Faculty Presentation(s)
  • Memory corruption and control-flow hijacking
  • Automated vulnerability discovery
Look over the list of papers and sign up to present one of them. Claim your paper by posting in the class Slack channel. Papers/topics marked in green are relatively straightforward, and would be good candidates for early presentations.
Apr 12 Faculty Presentation(s) Submit reviews of the paper by 6am. (Paper Review Rubric)
Apr 17 Web Security 1: Client Side Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
Apr 19 Web Security 2: Cookies and Trackers Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
Apr 24 Paper 1: D. Fifield et al. Blocking-resistant communication through domain fronting (Kevin)

Paper 2: K. Du et al. The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO (Ben)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
Apr 26 Paper 1: W. He et al. ShadowCrypt: Encrypted Web Applications for Everyone (Shawn and Nathan)

Paper 2: O. Peles and R. Hay. One Class to Rule Them All: 0-Day Deserialization Vulnerabilities in Android (Yuxiang and Dusty)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
May 1 Paper 1: C. Jackson et al. Protecting Browsers from DNS Rebinding Attacks (Geoff)

Paper 2: T. Chung et al. A Longitudinal, End-to-End View of the DNSSEC Ecosystem (Shawn and Nathan)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
May 3 Paper 1: Z. Durumeric, E. Wurstrow, J.A. Halderman. ZMap: Fast Internet-Wide Scanning and its Security Applications (Johnny)

Papers 2: BeyondCorp (Kai)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
May 8 Paper 1: Y. Kim et al. Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors (Asher)

Paper 2: R. Schuster et al. Beauty and the Burst: Remote Identification of Encrypted Video Streams (Neelay)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
May 10 Paper 1: P. Kocher et al. Spectre Attacks: Exploiting Speculative Execution (Kenny and Chris)

Paper 2: M. Lipp et al. Meltdown (Yuxiang and Dusty)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
May 15 Paper 1: M. Sharif et al. Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition (David)

Paper 2: M. Jagielski et al. Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning (Will)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
May 17 Paper 1: K. Chen et al. Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale (Kenny and Chris)

Paper 2: Birding Guide: How to make the most of your Canaries (Tom and Manpreet)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
May 22 Paper 1: P. Ney et al. Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More (Randy and Leslie)

Paper 2: KLEE (David and Teal)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
May 24 Paper 1: Bitcoin (Chris/Kenny)

Paper 2: Ethereum (Presentation to be made available as screencast due to scheduling SNAFU)

Special Topic: Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications (Charles)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
May 29 Paper 1: Control Flow Bending (Yuxiang/Dusty)

Paper 2: Type Casting Verification (Will/Ian)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
May 31 Paper 1: WiFi KRACK Exploit (Manpreet/Tom)

Paper 2: Weak Diffie-Hellman (Ben/Asher)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
June 5 Paper 1: kAFL: Fuzzing OS Kernels (Shawn/Nathan)

Paper 2: Hardware-Assisted Rootkits (Kai/Johnny)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
June 7 Paper 1: File Injection Attacks (Kevin/Geoff)

Paper 2: Security Analysis of Signal (Neelay)
Submit reviews in D2L by 6:00am

(See "review-assignments.csv" in D2L for your review assignments.)
...
June 14 Final Exam 10:15-12:05
Submit your screencast by 6am the day of the exam. Spend the exam period watching your classmates' screencasts and giving constructive feedback. Please bring a laptop or tablet and a set of headphones with you to the exam.