The information in this schedule is subject to change—please check back regularly!
Deadlines for assignments listed below are 11:59 PM ET on the day listed. Deadlines for Perusall assignments (paper discussions) are 8:00 AM on the day listed.
Last updated: October 6, 2022.
| Week | Day | Date | Topics | Readings (Presenter) | Deadlines |
|---|---|---|---|---|---|
| 1 | M | August 24 | Introduction | ||
| 2 | M | August 29 | Access control | Bishop chapters 2, 3 | |
| 2 | W | August 31 | Security policies | Bishop chapter 4 | |
| 3 | M | September 5 | No class (Labor Day) – held on Tuesday | ||
| 3 | T | September 6 | Confidentiality and integrity policies | Bishop chapters 5, 6 | |
| 3 | W | September 7 | Trust and identity | Bishop chapters 6.5, 15 | |
| 4 | M | September 12 | Noninterference and policy composition | Bishop chapter 9 | |
| 4 | W | September 14 | Design and implementation principles | Bishop chapters 14, 17, 18 | |
| 5 | M | September 19 | Network security | ||
| 5 | W | September 21 | Network security | HW 1 due | |
| 6 | M | September 26 | OS security | ||
| 6 | W | September 28 | OS security | HW 2 due | |
| 7 | M | October 3 | Software security | ||
| 7 | W | October 5 | Reading and writing research papers | Term project proposal due | |
| 8 | M | October 10 | No class (Mid-Semester Holiday) | ||
| 8 | W | October 12 | No class (Midterm take home) | ||
| 9 | M | October 17 | Paper discussions: Network protocols |
“PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP” (Feng et al., NDSS ‘22) “Off-Path Network Traffic Manipulation via Revitalized ICMP Redirect Attacks” (Feng et al., USENIX Security ‘22) |
|
| 9 | W | October 19 | Paper discussions: Network architectures |
“EqualNet: A Secure and Practical Defense for Long-term Network Topology Obfuscation” (Kim et al., NDSS ‘22) “ditto: WAN Traffic Obfuscation at Line Rate” (Meier et al., NDSS ‘22) |
|
| 10 | M | October 24 | Paper discussions: Web security |
“Probe the Proto: Measuring Client-Side Prototype Pollution Vulnerabilities of One Million Real-world Websites” (Kang et al., NDSS ‘22) “Mining Node.js Vulnerabilities via Object Dependence Graph and Query” (Li et al., USENIX Security ‘22) |
|
| 10 | W | October 26 | Paper discussions: Web security |
“Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World” (Cherubin et al., USENIX Security ‘22) “Automating Cookie Consent and GDPR Violation Detection” (Bollinger et al., USENIX Security ‘22) |
|
| 11 | M | October 31 | Paper discussions: Cloud and edge networks |
“Measuring and Mitigating the Risk of IP Reuse on Public Clouds” (Pauley et al., IEEE S&P ‘22) “Alastor: Reconstructing the Provenance of Serverless Intrusions” (Datta et al., USENIX Security ‘22) |
|
| 11 | W | November 2 | Paper discussions: IoT and smart devices |
“The Truth Shall Set Thee Free: Enabling Practical Forensic Capabilities in Smart Environments” (Babun et al., NDSS ‘22) | Term project midpoint report due |
| 12 | M | November 7 | Paper discussions: Fuzzing |
“EMS: History-Driven Mutation for Coverage-based Fuzzing” (Lyu et al., NDSS ‘22) “Stateful Greybox Fuzzing” (Ba et al., USENIX Security ‘22) |
|
| 12 | W | November 9 | Paper discussions: Software |
“Cross-Language Attacks” (Mergendahl et al., NDSS ‘22) | |
| 13 | M | November 14 | Paper discussions: Forensics |
“ShadeWatcher: Recommendation-guided Cyber Threat Analysis using System Audit Records” (Zeng et al., IEEE S&P ‘22) “DepComm: Graph Summarization on System Audit Logs for Attack Investigation” (Xu et al., IEEE S&P ‘22) |
|
| 13 | W | November 16 | Paper discussions: Trust |
“F-PKI: Enabling Innovation and Trust Flexibility in the HTTPS Public-Key Infrastructure” (Chuat et al., NDSS ‘22) “Let’s Downgrade Let’s Encrypt” (Dai et al., ACM CCS ‘21) |
|
| 14 | M | November 21 | Paper discussions: Censorship |
“GET /out: Automated Discovery of Application-Layer Censorship Evasion Strategies” (Harrity et al., USENIX Security ‘22) “Many Roads Lead To Rome: How Packet Headers Influence DNS Censorship Measurement” (Bhaskar et al., USENIX Security ‘22) |
|
| 14 | W | November 23 | No class (Fall Holiday) | ||
| 15 | M | November 28 | Paper discussions: VPNs |
“VPNalyzer: Systematic Investigation of the VPN Ecosystem” (Ramesh et al., NDSS ‘22) “OpenVPN is Open to VPN Fingerprinting” (Xue et al., USENIX Security ‘22) |
|
| 15 | W | November 30 | Project presentations | Term project presentation due | |
| 16 | M | December 5 | Project presentations | ||
| 16 | W | December 7 | No class (Study Day) | ||
| 17 | M | December 12 | No class | ||
| 17 | W | December 14 | No class | ||
| 17 | T | December 15 | No class (Final Exam) | Term project final report due |