|Jan 5||Class cancelled (Stefan at NSF)|
|Jan 7||Class Introduction:
|Jan 12||Software Vulnerabilities:
“Low-Level Software Security by Example,” (just this chapter) Handbook of Information and Communication Security 2010. Slides.
|Jan 14||Software Defenses:
“Control-Flow Integrity: Principles, Implementations, and Applications,” ACM CCS 2005 and “NOZZLE: A Defense Against Heap-spraying Code Injection Attacks,” USENIX Sec. 2009.
|Jan 19||MLK's birthday|
|Jan 21||Software Vulnerabilities II: “Is finding security holes a good idea?” IEEE S&P 2005 and “Milk or Wine: Does Software Security Improve with Age?” USENIX Sec. 2006.|
|Jan 26||Software Vulnerabilities: Automation “AEG: Automatic Exploit Generation,” NDSS 2011 and “Vigilante: End-to-End Containment of Internet Worms,” ACM SOSP 2005.|
|Jan 28||Browser Security “The Security Architecture of the Chromium Browser”, Technical report, 2008. and “Clickjacking: Attacks and Defenses ”,USENIX Security 2012.|
|Feb 2||Usability I: The Psychology of Security, CACM, 51(4), April 2008 (short) and Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0, USENIX Security 1999 and Why Phishing Works, CHI 2006.|
|Feb 4||Usability II (research methods): You've Been Warned: An empirical Study of the Effectiveness of Web Browser Phishing Warnings, CHI 2010 and The Emperor's New Security Indicators, IEEE Security and Privacy (Oakland), 2007.
|Feb 9||Ecosystem I: Click Trajectories: End-to-End Analysis of the Spam Value Chain IEEE S&P 2011 and Re: CAPTCHAs -- Understanding CAPTCHA-Solving from an Economic Context USENIX Sec. 2010.|
|Feb 11||Ecosystem II: Examining the Impact of Website Take-down on Phishing, APWG eCrime Summit, 2007. and The Underground Economy of Fake Antivirus Software, WEIS 2011.|
|Feb 16||President's Day|
|Feb 18||Side Channels: Keyboard Acoustic Emanations Revisited, CCS 2005 and Lest we Remember: Cold Boot Attacks on Encryption Keys, USENIX Security 2008.|
|Feb 23||CyberEspionage: Shadows in the Cloud: Investigating CyberEspionage 2.0; Information Warfare Monitor/Shadowserver Foundation 2010 and When Governments Hack Opponents: A Look at Actors and Technology, USENIX Security 2014.|
|Feb 25||Zero Days and cyberweapons: Before We Knew It: An Empirical Study of Zero-Day Attacks In The Real World, ACM CCS 2012 and W32.Stuxnet Dossier Symantec 2011 Whitepaper.|
|Mar 2||Privacy and Big Data: Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing, USENIX Security 2014 and A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, IMC 2014.|
|Mar 4||Privacy & Your Browser (special guest lecture Hovav Shacham): Beware of Finger-Grained Origins, W2SP 2008 and PPixel Perfect Timing Attacks with HTML5, BlackHat USA 2013.|
|Mar 9||SSL/TLS: The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software, CCS 2012 and Analysis of the HTTPS Certificate Ecosystem, IMC 2013.|