The information in this schedule is subject to change—please check back regularly!
Deadlines for assignments listed below are 11:59 PM ET on the day listed. Deadlines for Perusall assignments (paper discussions) are 11:00 AM on the day listed.
Last updated: September 18, 2024.
| Week | Day | Date | Topics | Readings | Deadlines |
|---|---|---|---|---|---|
| 1 | T | August 29 | Introduction | ||
| 2 | T | September 3 | No class (follow Monday schedule) | ||
| 2 | Th | September 5 | Access control | Bishop chapters 2, 3 | |
| 3 | T | September 10 | Security policies | Bishop chapter 4 | |
| 3 | Th | September 12 | Confidentiality and integrity policies | Bishop chapters 5, 6 | |
| 4 | T | September 17 | Trust and identity | Bishop chapters 6.5, 15 | |
| 4 | Th | September 19 | Noninterference and policy composition | Bishop chapter 9 | |
| 5 | T | September 24 | Design and implementation principles | Bishop chapters 14, 17, 18 | |
| 5 | Th | September 26 | Network security | HW 1 due | |
| 6 | T | October 1 | OS security | ||
| 6 | Th | October 3 | OS security | HW 2 due | |
| 7 | T | October 8 | Software security | ||
| 7 | Th | October 10 | Reading and writing research papers | Term project proposal due | |
| 8 | T | October 15 | No class (Study day) | ||
| 8 | Th | October 17 | Midterm exam | ||
| 9 | T | October 22 | Paper discussions: Network protocols |
“Practical Attacks against DNS Reputation Systems” (Galloway et al., IEEE S&P’ 24) “Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks” (Yang et al., NDSS ‘24) |
|
| 9 | Th | October 24 | Paper discussions: Next-generation networks |
“5G-Spector: An O-RAN Compliant Layer-3 Cellular Attack Detection Service” (Wen et al., NDSS ‘24) “On the Criticality of Integrity Protection in 5G Fronthaul Networks” (Xing et al., USENIX Security ‘24) |
|
| 10 | T | October 29 | Paper discussions: Mobile |
“DARKFLEECE: Probing the Dark Side of Android Subscription Apps” (Yue et al., USENIX Security ‘24) “Peep With A Mirror: Breaking The Integrity of Android App Sandboxing via Unprivileged Cache Side Channel” (Lin et al, USENIX Security ‘24 |
|
| 10 | Th | October 31 | Paper discussions: Internet of Things |
“Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic Network” (Sasaki et al., IEEE S&P ‘24) “Patchy Performance? Uncovering the Vulnerability Management Practices of IoT-Centric Vendors” (Perez et al., IEEE S&P ‘24) |
|
| 11 | T | November 5 | Paper discussions: Web |
“Where URLs Become Weapons: Automated Discovery of SSRF Vulnerabilities in Web Applications” (Wang et al., IEEE S&P ‘24) “The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web” (Khodayari et al., IEEE S&P ‘24) |
|
| 11 | Th | November 7 | Paper discussions: Operating systems |
“Page-Oriented Programming: Subverting Control-Flow Integrity of Commodity Operating System Kernels with Non-Writable Code Pages” (Han et al., USENIX Security ‘24) “Endokernel: A Thread Safe Monitor for Lightweight Subprocess Isolation” (USENIX Security ‘24) |
|
| 12 | T | November 12 | Paper discussions: Software |
"”False negative - that one is going to kill you.” - Understanding Industry Perspectives of Static Analysis based Security Testing” (Ami et al., IEEE S&P ‘24) “A Taxonomy of C Decompiler Fidelity Issues” (Drama et al., USENIX Security ‘24) |
Term project midpoint report due |
| 12 | Th | November 14 | Paper discussions: Programming languages |
“RustSan: Retrofitting AddressSanitizer for Efficient Sanitization of Rust” (Cho et al., USENIX Security ‘24) “MetaSafe: Compiling for Protecting Smart Pointer Metadata to Ensure Safe Rust Integrity” (Kayondo et al., USENIX Security ‘24) |
|
| 13 | T | November 19 | Paper discussions: Cloud |
“Stateful Least Privilege Authorization for the Cloud” (Cao et al., USENIX Security ‘24) “TrustSketch: Trustworthy Sketch-based Telemetry on Cloud Hosts” (Cheng et al., NDSS ‘24) |
|
| 13 | Th | November 21 | Paper discussions: Intrusion detection |
“R-CAID: Embedding Root Cause Analysis within Provenance-based Intrusion Detection” (Goyal et al., IEEE S&P ‘24) “KAIROS: Practical Intrusion Detection and Investigation using Whole-system Provenance” (Cheng et al., IEEE S&P ‘24) |
|
| 14 | T | November 26 | Paper discussions: Fuzzing |
“Critical Code Guided Directed Greybox Fuzzing for Commits” (Xiang et al., USENIX Security ‘24) “Large Language Model guided Protocol Fuzzing” (Meng et al., NDSS ‘24) |
|
| 14 | Th | November 28 | No class (Fall Holiday) | ||
| 15 | T | December 3 | Paper discussions: Anonymity |
“MirageFlow: A New Bandwidth Inflation Attack on Tor” (Sendner et al., NDSS ‘24) “Attacking and Improving the Tor Directory Protocol” (Luo et al., IEEE S&P ‘24) |
|
| 15 | Th | December 5 | Paper discussions: Large language models Project presentations |
“Exploring ChatGPT’s Capabilities on Vulnerability Management” (USENIX Security ‘24) | |
| 15 | T | December 10 | Project presentations | ||
| 15 | Th | December 12 | No class (Study Day) | ||
| 16 | T | December 17 | No class | ||
| 16 | Th | December 19 | No class (Final Exam) | Term project final report due |