Calendar

March 16 Presenters TBD

Date Papers to critique and discuss Presenters
January 8
  1. Introduction and overview of the course
  2. Security bootcamp
January 12
  1. Read before the class:
    1. Alan Jay Smith. 1990. The Task of the Referee. Computer 23, 4 (April 1990), 65-71.
    2. Enck, William, Machigar Ongtang, and Patrick Drew McDaniel. “Understanding Android Security.” IEEE security & privacy 7, no. 1 (2009): 50-57.
    3. Y. Zhou and X. Jiang, “Dissecting Android malware: Characterization and evolution,” in Proceedings of the 33th IEEE Symposium on Security and Privacy, SP’12, 2012.
  2. Lecture: (1) adversary model, (2) big picture of mobile security & privacy
  3. In-class critiquing: Y. Zhou and X. Jiang, “Dissecting Android malware: Characterization and evolution,” in Proceedings of the 33th IEEE Symposium on Security and Privacy, SP’12, 2012.
January 15
  1.  W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A study of Android application security,” in Proceedings of the 2011 USENIX Security Symposium, SEC’11, 2011.
  2. L. Wu, M. Grace, Y. Zhou, C. Wu, and X. Jiang, “The impact of vendor customizations on Android security,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, 2013.
  1. Wali
  2. David
January 19
  1.  A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin, “Permission re-delegation: Attacks and defenses,” in Proceedings of the 2011 USENIX Security Symposium, SEC’11, 2011.
  2. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry, “Towards taming privilege-escalation attacks on Android,” in Proceedings of the 2012 Network and Distributed System Security Symposium, NDSS’12, 2012.
  1. Da
  2. Ivan
January 22
  1. L. K. Yan and H. Yin, “DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis,” in Proceedings of the 2012 USENIX Security Symposium, SEC’12, 2012.
  2. Zhengyang Qu, Vaibhav Rastogi, Xinyi Zhang, Yan Chen, Tiantian Zhu, Zhong Chen “AutoCog: Measuring the Description-to-permission Fidelity in Android Applications” ACM CCS 2014
  1. Nam
  2. Jonathan
January 26
  1. R. Wang, L. Xing, X. Wang, and S. Chen, “Unauthorized origin crossing on mobile platforms: Threats and mitigation,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, 2013.
  2. M. Georgiev, S. Jana, and V. Shmatikov, “Breaking and fixing origin-based access control in hybrid web/mobile application frameworks,” in Proceedings of the 2014 Network and Distributed System Security Symposium, NDSS’14, 2014.
  1. Nam
  2. Jonathan
January 29
  1. term paper proposal presentations
  2. B. Livshits and J. Jungo, “Automatic mediation of privacy-sensitive resource access in smartphone applications,” in Proceedings of the 2013 USENIX Security Symposium, SEC’13, 2013.
 Wali
February 2
  1. C. Marforio, N. Karapanos, C. Soriente, K. Kostiainen, and S. Capkun, “Smartphones as practical and secure location verification tokens for payments,” in Proceedings of the 2014 Network and Distributed System Security Symposium, NDSS’14, 2014.
  2. Chunyi Peng, Chi-Yu Li, Hongyi Wang, Guan-Hua Tu, Songwu Lu, “Real Threats to Your Data Bills: Security Loopholes and Defenses in Mobile Data Charging,” ACM CCS 2014.
  1. David
  2. Da
March 2  Pre-final drafts of the term papers are due via e-mail to Kosta
 reviewing pre-final drafts
March 13  Reviews of pre-final drafts of the term papers are due via e-mail to Kosta
March 16
  1. On Implementing Deniable Storage Encryption for Mobile Devices” NDSS ‘13
  2. What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources” NDSS ‘15
  1. Wali
  2. No presenter
March 19
  1.  Joel Reardon, Srdjan Capkun, and David Basin. 2012. Data node encrypted file system: efficient secure deletion for flash memory. In Proceedings of the 21st USENIX conference on Security symposium (Security’12). USENIX Association, Berkeley, CA, USA, 17-17.
  2. Adam Skillen, David Barrera, and Paul C. van Oorschot. 2013. Deadbolt: locking down android disk encryption. In Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices (SPSM ’13). ACM, New York, NY, USA, 3-14.
  1. David
  2. Nam
March 26
  1. “DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices” NDSS ‘15
  2. A. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar, G. Ganesh, J. Ma, and W. Shen. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In Proceedings of the 21th ACM Conference on Computer and Communications Security (CCS), Scottsdale, AZ, Nov. 2014.
  1. Jonathan
  2. Wali
 April 2
  1.  Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna, “What the App is That? Deception and Countermeasures in the Android User Interface” IEEE Security & Privacy Symposium 2015
  2. Qinggang Yue, Zhen Ling, Xinwen Fu, Benyuan Liu, Kui Ren, Wei Zhao, “Blind Recognition of Touched Keys on Mobile Devices” ACM CCS 2014
  1. Jonathan
  2. Jonathan
April 9
  1.  Serge Egelman, Sakshi Jain, Rebecca S. Portnoff, Kerwell Liao, Sunny Consolvo, David Wagner, “Are You Ready to Lock?” ACM CCS 2014
  2. Y. Song, G. Cho, S. Oh, H. Kim, J. H. Huh, “On the Effectiveness of Pattern Lock Strength Meters – Measuring the Strength of Real World Pattern Locks,” in Proceedings of the 2015 ACM SIG CHI.
  1.  Nam
  2. David
 April 27  Term Paper Presentations
May 4  Final versions of the term papers are due via e-mail to Kosta