Course Material

The papers in bold font are required reading and their content will be tested during quizzes.

Modules included in the course

The following content modules will be taught this time. Most of the lectures are based on recent papers from the top conferences and journals in computer security.

Course Orientation

lecture slides

Bootcamp in Computer Security

lecture slides

Adversary Models

lecture slides
Jonathan Herzog. 2005. A computational interpretation of Dolev-Yao adversaries. Theor. Comput. Sci. 340, 1 (June 2005), 57-81. DOI=10.1016/j.tcs.2005.03.003
Car breaking papers:
- Experimental Security Analysis of a Modern Automobile, Koscher, Karl; Czeskis, Alexei; Roesner, Franziska; Patel, Shwetak; Kohno, Tadayoshi; Checkoway, Stephen; McCoy, Damon; Kantor, Brian; Anderson, Danny; Shacham, Hovav; Savage, Stefan, Security and Privacy (SP), 2010 IEEE Symposium on , vol., no., pp.447-462, 16-19 May 2010, doi: 10.1109/SP.2010.34
- Comprehensive Experimental Analyses of Automotive Attack Surfaces, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, Tadayoshi Kohno, USENIX Security, August 10–12, 2011. (talk video)
Chip and PIN is Broken, Murdoch, Steven J.; Drimer, Saar; Anderson, Ross; Bond, Mike; , “Chip and PIN is Broken,” Security and Privacy (SP), 2010 IEEE Symposium on , vol., no., pp.433-446, 16-19 May 2010, doi: 10.1109/SP.2010.33 (talk video)
Scott Wolchok, Eric Wustrow, J. Alex Halderman, Hari K. Prasad, Arun Kankipati, Sai Krishna Sakhamuri, Vasavya Yagati, and Rop Gonggrijp. 2010. Security analysis of India’s electronic voting machines. In Proceedings of the 17th ACM conference on Computer and communications security (CCS ’10). ACM, New York, NY, USA, 1-14. DOI=10.1145/1866307.1866309
“Steal This Movie: Automatically Bypassing DRM Protection in Streaming Media Services” USENIX SEcurity 2013
Alex Halderman, Edward Felten, “Lessons from the Sony CD DRM Episode,” in Proceedings of the 15th USENIX Security Symposium, 31–August 4, 2006, Vancouver, BC, Canada. Presentation slides.
Matteo Bortolozzo, Matteo Centenaro, Riccardo Focardi, and Graham Steel. 2010. Attacking and fixing PKCS#11 security tokens. In Proceedings of the 17th ACM conference on Computer and communications security (CCS ’10). ACM, New York, NY, USA, 260-269. DOI=10.1145/1866307.1866337

Communication and Network Security

lecture slides

“New Attacks on Timing-based Network Flow Watermarks” USENIX Security 2012 (optional: Section 4.3)
Sherwood, R., Bhattacharjee, B., and Braud, R. 2005. Misbehaving TCP receivers can cause internet-wide congestion collapse. In Proceedings of the 12th ACM Conference on Computer and Communications Security (Alexandria, VA, USA, November 07 – 11, 2005). CCS ’05. ACM, New York, NY, 383-392. DOI= http://doi.acm.org/10.1145/1102120.1102170 (talk slides) (optional: Section 5)
“Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications” NDSS ’12 (optional: Section 5)
R. Zhang, X. Wang, R. Farley, X. Yang, and X. Jiang. “On the feasibility of launching the man-in-the-middle attacks on VoIP from remote attackers,” In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security (ASIACCS ’09). ACM, New York, NY, USA, 61-69. DOI=10.1145/1533057.1533069

Wireless Security

lecture slides
“Gone in 360 Seconds: Hijacking with Hitag2” USENIX Security 2012 (optional sections 3.4, 3.6, 3.7, 4.3, 5.3)
“A Practical, Targeted, and Stealthy Attack Against WPA Enterprise Authentication” NDSS ’13 (optional sections: 4, 5.3, 5.4, 5.6)
Bittau, A.; Handley, M.; Lackey, J., “The final nail in WEP’s coffin,” Security and Privacy, 2006 IEEE Symposium on, vol., no.pp. 15 pp.-, 21-24 May 2006.
“Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars” NDSS ’11. (talk slides)
“Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time” IEEE S&P ’13

On Passwords (and People)

lecture slides
“The science of guessing: analyzing an anonymized corpus of 70 million passwords” IEEE S&P ’12
“How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation,” USENIX Security 2012.
C. Castelluccia, M. Dürmuth, D. Perito, “Adaptive Password-Strength Meters from Markov Models” NDSS ’12.
Alexei Czeskis, Michael Dietz, Tadayoshi Kohno, Dan Wallach, and Dirk Balfanz. 2012. “Strengthening user authentication through opportunistic cryptographic identity assertions“. In Proceedings of the 2012 ACM conference on Computer and communications security (CCS ’12). ACM, New York, NY, USA, 404-414. DOI=10.1145/2382196.2382240
M. Alsaleh, M. Mannan, P.C. van Oorschot. Revisiting Defenses Against Large-Scale Online Password Guessing Attacks.IEEE TDSC 9(1):128-141, 2012.
A. Narayanan, and V. Shmatikov, “Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff,” CCS ’05
Matt Weir, Sudhir Aggarwal, Michael Collins, and Henry Stern. 2010. Testing metrics for password creation policies by attacking large sets of revealed passwords. In Proceedings of the 17th ACM conference on Computer and communications security (CCS ’10). ACM, New York, NY, USA, 162-175. DOI=10.1145/1866307.1866327
Yinqian Zhang, Fabian Monrose, and Michael K. Reiter. 2010. The security of modern password expiration: an algorithmic framework and empirical analysis. In Proceedings of the 17th ACM conference on Computer and communications security (CCS ’10). ACM, New York, NY, USA, 176-186. DOI=10.1145/1866307.1866328

Web Security

lecture slides
“Behind the Scenes of Online Attacks: an Analysis of Exploitation Behaviors on the Web” NDSS ’13
Thomas, K.; Grier, C.; Ma, J.; Paxson, V.; Song, D.; , “Design and Evaluation of a Real-Time URL Spam Filtering Service,” Security and Privacy (SP), 2011 IEEE Symposium on , vol., no., pp.447-462, 22-25 May 2011 doi: 10.1109/SP.2011.25
“Clickjacking: Attacks and Defenses,” USENIX Security 2012
Lin-Shung Huang, Zack Weinberg, Chris Evans, and Collin Jackson. 2010. Protecting browsers from cross-origin CSS attacks. In Proceedings of the 17th ACM conference on Computer and communications security (CCS ’10). ACM, New York, NY, USA, 619-629. DOI=10.1145/1866307.1866376
“Fix Me Up: Repairing Access-Control Bugs in Web Applications” NDSS ’13
Bau, Jason; Bursztein, Elie; Gupta, Divij; Mitchell, John, “State of the Art: Automated Black-Box Web Application Vulnerability Testing,” Security and Privacy (SP), 2010 IEEE Symposium on , vol., no., pp.332-345, 16-19 May 2010 doi: 10.1109/SP.2010.27

Usable Security

lecture slides
L. Cranor. A Framework for Reasoning About the Human in the Loop. Workshop on Usability, Psychology and Security, 2008.
Cristian Bravo-Lillo, Lorrie Cranor, Julie Downs, Saranga Komanduri, Stuart Schechter, and Manya Sleeper. 2012. “Operating system framed in case of mistaken identity: measuring the success of web-based spoofing attacks on OS password-entry dialogs,” In Proceedings of the 2012 ACM conference on Computer and communications security (CCS ’12). ACM, New York, NY, USA, 365-377. DOI=10.1145/2382196.2382237
“Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness” USENIX Security 2013
“User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems” IEEE S&P ’12
Dourish, P., Grinter, E., Delgado de la Flor, J., and Joseph, M. 2004. Security in the wild: user strategies for managing security as an everyday, practical problem. Personal Ubiquitous Comput. 8, 6 (Nov. 2004), 391-401. DOI= http://dx.doi.org/10.1007/s00779-004-0308-5
Rachna Dhamija, J. D. Tygar, and Marti Hearst, “Why phishing works,” In Proceedings of the SIGCHI conference on Human Factors in computing systems (CHI ’06), ACM, New York, NY, USA, 581-590. DOI=10.1145/1124772.1124861
Schechter, Dhamija, Ozment, Fischer, “The Emperor’s New Security Indicators,” IEEE Symposium on Security and Privacy, pp. 51-65, 2007
Garfinkel, S. L. and Miller, R. C. 2005 “Johnny 2: a user test of key continuity management with S/MIME and Outlook Express,” In Proceedings of the 2005 Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 06 – 08, 2005). SOUPS ’05, vol. 93. ACM Press, New York, NY, 13-24. DOI= http://doi.acm.org/10.1145/1073001.1073003
“Social Phishing” Communications of the ACM
Wu, M., Miller, R. C., and Garfinkel, S. L. 2006. Do security toolbars actually prevent phishing attacks?. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Montréal, Québec, Canada, April 22 – 27, 2006). R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and G. Olson, Eds. CHI ’06. ACM Press, New York, NY, 601-610. DOI= http://doi.acm.org/10.1145/1124772.1124863
list of other readings on usable security

Software Security

Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage. 2012. “Return-Oriented Programming: Systems, Languages, and Applications,” ACM Trans. Inf. Syst. Secur. 15, 1, Article 2 (March 2012), 34 pages. DOI=10.1145/2133375.2133377
Dimitris Geneiatakis, Georgios Portokalidis, Vasileios P. Kemerlis, and Angelos D. Keromytis. 2012. “Adaptive defenses for commodity software through virtual application partitioning,” In Proceedings of the 2012 ACM conference on Computer and communications security (CCS ’12). ACM, New York, NY, USA, 133-144. DOI=10.1145/2382196.2382214
Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, and Vitaly Shmatikov. “The most dangerous code in the world: validating SSL certificates in non-browser software,” In Proceedings of the 2012 ACM conference on Computer and communications security (CCS ’12). ACM, New York, NY, USA, 38-49. DOI=10.1145/2382196.2382204
Nigel Edwards and Liqun Chen. 2012. “An historical examination of open source releases and their vulnerabilities,” In Proceedings of the 2012 ACM conference on Computer and communications security (CCS ’12). ACM, New York, NY, USA, 183-194. DOI=10.1145/2382196.2382218
Leyla Bilge and Tudor Dumitras. 2012. “Before we knew it: an empirical study of zero-day attacks in the real world,” In Proceedings of the 2012 ACM conference on Computer and communications security (CCS ’12). ACM, New York, NY, USA, 833-844. DOI=10.1145/2382196.2382284

Mobile Security

lecture slides
“Progressive Authentication: Deciding When to Authenticate on Mobile Phones,” USENIX Security 2012. (optional section: 7.5)
“Aurasium: Practical Policy Enforcement for Android Applications,” USENIX Security 2012
Becher, M.; Freiling, F.C.; Hoffmann, J.; Holz, T.; Uellenbeck, S.; Wolf, C.; , “Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices,” Security and Privacy (SP), 2011 IEEE Symposium on , vol., no., pp.96-111, 22-25 May 2011
doi: 10.1109/SP.2011.29
“Greystar: Fast and Accurate Detection of SMS Spam Numbers in Large Cellular Networks Using Gray Phone Space,” USENIX Security 2013 (optional section: 6.2)
Myrto Arapinis, Loretta Mancini, Eike Ritter, Mark Ryan, Nico Golde, Kevin Redon, and Ravishankar Borgaonkar. 2012. “New privacy issues in mobile telephony: fix and verification,” In Proceedings of the 2012 ACM conference on Computer and communications security (CCS ’12). ACM, New York, NY, USA, 205-216. DOI=10.1145/2382196.2382221 (optional section: 6)
“PiOS: Detecting Privacy Leaks in iOS Applications,” NDSS ’11.
“Dissecting Android Malware: Characterization and Evolution” IEEE S&P ’12

Cloud Security

lecture slides
Amir Herzberg, Haya Shulman, Johanna Ullrich, and Edgar Weippl. “Cloudoscopy: services discovery and topology mapping,” In Proceedings of the 2013 ACM Cloud computing security workshop (CCSW ’13). ACM, New York, NY, USA, 113-122. DOI=10.1145/2517488.2517491
Sven Bugiel, Stefan Nürnberger, Thomas Pöppelmann, Ahmad-Reza Sadeghi, and Thomas Schneider, “AmazonIA: when elasticity snaps back,” In Proceedings of the 18th ACM conference on Computer and communications security (CCS ’11). ACM, New York, NY, USA, 389-400. DOI=10.1145/2046707.2046753
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds,” In Proceedings of the 16th ACM conference on Computer and communications security (CCS ’09). ACM, New York, NY, USA, 199-212. DOI=10.1145/1653662.1653687
H. Liu, “A new form of DOS attack in a cloud and its avoidance mechanism,” In Proceedings of the 2010 ACM workshop on Cloud computing security workshop (CCSW ’10). ACM, New York, NY, USA, 65-76. DOI=10.1145/1866835.1866849
J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, Nils Gruschka, and Luigi Lo Iacono, “All your clouds are belong to us: security analysis of cloud management interfaces,” In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (CCSW ’11). ACM, New York, NY, USA, 3-14. DOI=10.1145/2046660.2046664
Yinqian Zhang; Juels, A.; Oprea, A.; Reiter, M.K.; , “HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis,” Security and Privacy (SP), 2011 IEEE Symposium on , vol., no., pp.313-328, 22-25 May 2011 doi: 10.1109/SP.2011.31

Smart Meter/Grid Security & Privacy

lecture slides
Ishtiaq Rouf, Hossen Mustafa, Miao Xu, Wenyuan Xu, Rob Miller, and Marco Gruteser. 2012. “Neighborhood watch: security and privacy analysis of automatic meter reading systems,” In Proceedings of the 2012 ACM conference on Computer and communications security (CCS ’12). ACM, New York, NY, USA, 462-473. DOI=10.1145/2382196.2382246
Weining Yang, Ninghui Li, Yuan Qi, Wahbeh Qardaji, Stephen McLaughlin, and Patrick McDaniel. 2012. “Minimizing private data disclosures in the smart grid,” In Proceedings of the 2012 ACM conference on Computer and communications security (CCS ’12). ACM, New York, NY, USA, 415-427. DOI=10.1145/2382196.2382242
Rui Tan, Varun Badrinath Krishna, David K.Y. Yau, and Zbigniew Kalbarczyk. 2013. “Impact of integrity attacks on real-time pricing in smart grids,” In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS ’13). ACM, New York, NY, USA, 439-450. DOI=10.1145/2508859.2516705

Social Networks Security and Privacy

lecture slides
Lars Backstrom, Cynthia Dwork, and Jon Kleinberg. 2007. Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In Proceedings of the 16th international conference on World Wide Web (WWW ’07). ACM, New York, NY, USA, 181-190.
“Efficient and Scalable Socware Detection in Online Social Networks” USENIX Security 2012
“De-anonymizing Social Networks” (Oakland ’09)
Tao Stein, Erdong Chen, and Karan Mangla. 2011. Facebook immune system. In Proceedings of the 4th Workshop on Social Network Systems (SNS ’11). ACM, New York, NY, USA.
“COMPA: Detecting Compromised Accounts on Social Networks” NDSS ’13 (optional section: 3)
Randy Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee, and Daniel Starin. 2009. Persona: an online social network with user-defined privacy. In Proceedings of the ACM SIGCOMM 2009 conference on Data communication (SIGCOMM ’09). ACM, New York, NY, USA, 135-146.
Zi Chu; Gianvecchio, S.; Haining Wang; Jajodia, S., “Detecting Automation of Twitter Accounts: Are You a Human, Bot, or Cyborg?,” Dependable and Secure Computing, IEEE Transactions on , vol.9, no.6, pp.811,824, Nov.-Dec. 2012, doi: 10.1109/TDSC.2012.75 (optional section: 4)

Other Modules (not included in the 2013 version of the course)

Economics of Security (guest lecture by Prof. Hasan Cavusoglu)

lecture slides
Cavusoglu, Cavusoglu, and Zhang, “Security Patch Management: Share the Burden or Share the Damage?” Management Science 54(4), April 2008, pp. 657–670.
Cavusoglu, H.; Raghunathan, S., “Efficiency of Vulnerability Disclosure Mechanisms to Disseminate Vulnerability Knowledge,” Software Engineering, IEEE Transactions on , vol.33, no.3, pp.171-185, March 2007, doi: 10.1109/TSE.2007.26
Cavusoglu, Mishra, and Raghunathan, “The Value of Intrusion Detection Systems in Information Technology Security Architecture,” Information Systems Research 16(1), pp. 28–46, March 2005.

Electronic Voting

“Clash Attacks on the Verifiability of E-Voting Systems” IEEE S&P ’12
Kohno, T.; Stubblefield, A.; Rubin, A.D.; Wallach, D.S., “Analysis of an electronic voting system,” In Proceedings IEEE Symposium on Security & Privacy, pp. 27- 40, 9-12 May 2004.
A. J. Feldman, J. A. Halderman, and E. W. Felten, Security Analysis of the Diebold AccuVote-TS Voting Machine, September 2006.
Küesters, R.; Truderung, T.; Vogt, A.; , “Verifiability, Privacy, and Coercion-Resistance: New Insights from a Case Study,” IEEE Symposium on Security and Privacy (SP), pp.538-553, 22-25 May 2011
doi: 10.1109/SP.2011.21
Garera, S. and Rubin, A. D. 2007. An independent audit framework for software dependent voting systems. In Proceedings of the 14th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 28 – 31, 2007). CCS ’07. ACM, New York, NY, 256-265. DOI= http://doi.acm.org/10.1145/1315245.1315278
Tampering with Special Purpose Trusted Computing Devices: A Case Study in Optical Scan E-Voting, ACSAC 2007.
C. Karlof, N. Sastry, and D. Wagner, “Cryptographic Voting Protocols: A Systems Perspective,” USENIX Security 2005.
M. I. Shamos. Paper v. Electronic Voting Records – An Assessment, April 2004.
Scott Wolchok, Eric Wustrow, J. Alex Halderman, Hari K. Prasad, Arun Kankipati, Sai Krishna Sakhamuri, Vasavya Yagati, and Rop Gonggrijp. 2010. Security analysis of India’s electronic voting machines. In Proceedings of the 17th ACM conference on Computer and communications security (CCS ’10). ACM, New York, NY, USA, 1-14. DOI=10.1145/1866307.1866309

Authenticating people and machines over insecure networks

lecture slides
David P. Jablon. 1996. Strong password-only authenticated key exchange. SIGCOMM Comput. Commun. Rev. 26, 5 (October 1996), 5-26. DOI=10.1145/242896.242897
Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attack, Bellovin and Merritt (IEEE S&P 1992).
The Secure Remote Password Protocol, T. Wu (NDSS 1998)
Optional/supplementary (attacks on EKE; alternatives SPEKE, SRP): Number Theoretic Attacks on Secure Password Schemes, S. Patel (IEEE S&P 1997); Strong Password-Only Authenticated Key Exchange, D. Jablon (ACM Computer Communcations Review, October 1996); Extended Password Key Exchange Protocols Immune to Dictionary Attack, D. Jablon (WET-ICE 1997)
Adam Groce and Jonathan Katz. 2010. A new framework for efficient password-based authenticated key exchange. In Proceedings of the 17th ACM conference on Computer and communications security (CCS ’10). ACM, New York, NY, USA, 516-525. DOI=10.1145/1866307.1866365
M. Kaminsky, G. Savvides, D. Mazières, and M. F. Kaashoek. “Decentralized user authentication in a global file system.” In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP) , Bolton Landing, NY, October 2003, pp. 60-73.

Privacy

lecture slides
Bob Blakley, “What is Privacy, Realy?” presentation from Digital ID World 2006. You should both watch the slides and listen to the audio track that accompanies the slides.
Miro Enev, Sidhant Gupta, Tadayoshi Kohno, and Shwetak N. Patel. “Televisions, video privacy, and powerline electromagnetic interference,” In Proceedings of the 18th ACM conference on Computer and communications security (CCS ’11). ACM, New York, NY, USA, 537-550. DOI=10.1145/2046707.2046770
Calandrino, J.A.; Kilzer, A.; Narayanan, A.; Felten, E.W.; Shmatikov, V.; , ““You Might Also Like:” Privacy Risks of Collaborative Filtering,” Security and Privacy (SP), 2011 IEEE Symposium on , pp.231-246, 22-25 May 2011
doi: 10.1109/SP.2011.40
Airi Lampinen, Vilma Lehtinen, Asko Lehmuskallio, and Sakari Tamminen, 2011, “We’re in it together: interpersonal management of disclosure in social network services,” In Proceedings of the 2011 annual conference on Human factors in computing systems (CHI ’11). ACM, New York, NY, USA, 3217-3226. DOI=10.1145/1978942.1979420
Nathaniel Husted and Steven Myers. 2010. Mobile location tracking in metro areas: malnets and others. In Proceedings of the 17th ACM conference on Computer and communications security (CCS ’10). ACM, New York, NY, USA, 85-96. DOI=10.1145/1866307.1866318
Gilbert Wondracek, Thorsten Holz, Engin Kirda, and Christopher Kruegel. A practical attack to de-anonymize social network users. In 2010 IEEE Symposium on Security and Privacy, pages 223–238. IEEE, May 2010.
Carlos Jensen, Colin Potts, Christian Jensen, “Privacy practices of Internet users: Self-reports versus observed behavior,” International Journal of Human-Computer Studies, Volume 63, Issues 1–2, July 2005, Pages 203-227, ISSN 1071-5819, 10.1016/j.ijhcs.2005.04.019.

Intrusion Detection

lecture slides
Paxson, V. 1998. Bro: a system for detecting network intruders in real-time. In Proceedings of the 7th Conference on USENIX Security Symposium, 1998 – Volume 7 (San Antonio, Texas, January 26 – 29, 1998). USENIX Association, Berkeley, CA, 3-3.
Stefan Axelsson, “The base-rate fallacy and the difficulty of intrusion detection,” ACM Trans. Inf. Syst. Secur. v.3 n.3, (August 2000), 186-205. DOI=10.1145/357830.357849
Wagner, D. and Soto, P. 2002. Mimicry attacks on host-based intrusion detection systems. In Proceedings of the 9th ACM Conference on Computer and Communications Security (Washington, DC, USA, November 18 – 22, 2002). V. Atluri, Ed. CCS ’02. ACM, New York, NY, 255-264. DOI= http://doi.acm.org/10.1145/586110.586145
Outside the Closed World: On Using Machine Learning For Network Intrusion Detection.
“Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection“

Sybils

lecture slides
Douceur, J.R. “The Sybil attack” in First International Workshop Peer-to-Peer Systems, IPTPS, 2002 Cambridge, MA, USA, March 7-8, 2002, pp. 251-260.
“Social Turing Tests: Crowdsourcing Sybil Detection” NDSS ’13
“Detecting Sybil Nodes using Social Networks,” NDSS ’09.
Bimal Viswanath, Ansley Post, Krishna P. Gummadi, and Alan Mislove, “An analysis of social network-based Sybil defenses,” In Proceedings of the ACM SIGCOMM 2010 conference on SIGCOMM (SIGCOMM ’10). ACM, New York, NY, USA, 363-374. DOI=10.1145/1851182.1851226
Bruschi, D.; Cavallaro, L.; Lanzi, A., “An Efficient Technique for Preventing Mimicry and Impossible Paths Execution Attacks,” Performance, Computing, and Communications Conference, 2007. IPCCC 2007. IEEE Internationa , vol., no., pp.418-425, 11-13 April 2007
Zhi Yang, Christo Wilson, Xiao Wang, Tingting Gao, Ben Y. Zhao, and Yafei Dai. 2011. Uncovering social network sybils in the wild. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference (IMC ’11). ACM, New York, NY, USA, 259-268.
Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman, “SybilGuard: defending against sybil attacks via social networks” SIGCOMM Comput. Commun. Rev. 36, 4 (August 2006), 267-278. DOI=10.1145/1151659.1159945
Z. Cai, C. Jermaine, “The Latent Community Model for Detecting Sybils in Social Networks,” NDSS ’12
Kevin Hoffman, David Zage, and Cristina Nita-Rotaru, “A survey of attack and defense techniques for reputation systems,” ACM Comput. Surv. 42, 1, Article 1 (December 2009), 31 pages. DOI=10.1145/1592451.1592452