Draft Syllabus / CS 294-28 / Network Security / Spring 2009

Here are the currently planned lecture topics for the course (subject to change). Usually, for each lecture the first paper is required reading and needs to be written up for homework prior to the lecture, while the remaining papers are optional.

1. Denial-of-Service
   Inferring Internet Denial of Service Activity, David Moore, Geoffrey Voelker, and Stefan Savage, USENIX Security 2001
   Analysis of a Denial of Service Attack on TCP, Christoph Schuba et al, IEEE S&P 1997
   An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks, Vern Paxson, Computer Communication Review 31(3), 2001
   
   
2. Traceback
   Practical Network Support for IP Traceback, Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, SIGCOMM 2000
   Single-Packet IP Traceback, Alex Snoeren et al, IEEE/ACM Transactions on Networking 10(6), 2002
   Advanced and Authenticated Marking Schemes for IP Traceback, Dawn Song and Adrian Perrig, INFOCOM 2001
   
   
3. Network Capabilities
   SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks, Abraham Yaar, Adrian Perrig, and Dawn Song, IEEE S&P 2004
   PI: A Path Identification Mechanism to Defend against DDoS Attacks, Abraham Yaar, Adrian Perrig and Dawn Song, IEEE S&P 2003
   
   
4. DoS Defense
   Mayday: Distributed Filtering for Internet Services, David Andersen, USITS 2003
   SOS: Secure overlay services, A. Keromytis, V. Misra, and D. Rubenstein, SIGCOMM 2002
   New client puzzle outsourcing techniques for DoS resistance, Brent Waters, Ari Juels, J. Alex Halderman, Edward W. Felten, CCS 2004
   
   
5. Legality and Ethics
   Conducting Cybersecurity Research Legally and Ethically, Aaron Burstein, LEET 2008
   Designing and Conducting Phishing Experiments, Peter Finn and Markus Jakobsson, IEEE Technology and Society Magazine Special Issue on Usability and Security, 2007
   
   
6. Network Intrusion Detection
   Bro: A System for Detecting Network Intruders in Real-Time, Vern Paxson, Computer Networks, 31(23-24), pp. 2435-2463, 14 Dec. 1999.
   NetSTAT: A Network-based Intrusion Detection System, Giovanni Vigna and Richard Kemmerer, Journal of Computer Security 7(1), pp 37-71, 1999
   Snort - Lightweight Intrusion Detection for Networks, Martin Roesch, LISA '99
   Intrusion and intrusion detection, John McHugh, International Journal of Information Security 1(1), 14-35, 2001
   
   
7. NIDS Evasion
   Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics, Mark Handley, Christian Kreibich and Vern Paxson, USENIX Security 2001
   Insertion, Evasion, and Denial Of Service: Eluding Network Intrusion Detection, Thomas H. Ptacek and Timothy N. Newsham, Secure Networks techncial report, 1998
   Robust TCP Stream Reassembly in the Presence of Adversaries, Sarang Dharmapurikar and Vern Paxson, USENIX Security 2005
   Denial of Service via Algorithmic Complexity Attacks, Scott Crosby and Dan Wallach, USENIX Security 2003
   
   
8. NIDS Evaluation
   Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Off-line Intrusion Detection System Evaluation as Performed by Lincoln Laboratory, John McHugh, ACM Transactions on Information and System Security, 3(4). November, 2000.
   Difficulties in Simulating the Internet, Sally Floyd and Vern Paxson, IEEE/ACM Transactions on Networking 9(4), 2001
   Strategies for Sound Internet Measurement, Vern Paxson, Proc. ACM IMC 2004
   
   
9. The Threat of Worms
   How to 0wn the Internet in Your Spare Time, Stuart Staniford, Vern Paxson and Nicholas Weaver, USENIX Security 2002
   With microscope and tweezers: An analysis of the Internet virus of November 1988, Mark Eichin and Jon Rochlis, IEEE S&P 1989
   A Worst-Case Worm, Nicholas Weaver and Vern Paxson, Proc. WEIS 2004
   
   
10. Worm Signatures
    Polygraph: Automatically Generating Signatures for Polymorphic Worms, James Newsome, Brad Karp and Dawn Song, IEEE S&P 2005
    Automated worm fingerprinting, Sumeet Singh, Cristian Estan, George Varghese, Stefan Savage, OSDI 2004
    On Deriving Unknown Vulnerabilities from Zero-Day Polymorphic and Metamorphic Worm Exploits, Jedidiah Crandall, Zhengon Su, S. Felix Wu, and Frederic Chong, CCS 2005
    
    
11. Worm Detection
    Scalability, fidelity, and containment in the Potemkin virtual honeyfarm, Michael Vrable et al, SOSP 2005
    A behavioral approach to worm detection, Daniel Ellis, John Aiken, Kira Attwood, Scott Tenaglia, WORM 2004
    Design Space and Analysis of Worm Defense Strategies, David Brumley, Li-Hao Liu, Pongsin Poosankam and Dawn Song, ASIACCS'06
    Can we contain Internet worms?, Manuel Costa, Jon Crowcroft, Miguel Castro and Antony Rowstron, HotNets III 2004
    
    
12. Scanning
    Fast Portscan Detection Using Sequential Hypothesis Testing, Jaeyeon Jung, Vern Paxson, Arthur Berger, and Hari Balakrishnan, IEEE S&P 2004
    The art of portscanning, Fyodor, Phrack Magazine 7(51), 1997
    DNS-based Detection of Scanning Worms in an Enterprise Network, David Whyte, Evangelos Kranakis, Paul C. van Oorschot, NDSS 2005
    New Streaming Algorithms for Fast Detection of Superspreaders, Shobha Venkataraman, Dawn Xiaodong Song, Phillip B. Gibbons, Avrim Blum, NDSS 2005
    A Brief History of Scanning, Mark Allman, Vern Paxson and Jeff Terrell, IMC 2007
    
    
13. Forensics
    Toward a Framework for Internet Forensic Analysis, Vyas Sekar, Yinglian Xie, David A. Maltz, Michael K. Reiter and Hui Zhang, HotNets 2004
    Public Review of 'Toward a Framework for Internet Forensic Analysis', Alex Snoeren, HotNets 2004 Public Reviews (pp. 13-14)
    Exploiting Underlying Structure for Detailed Reconstruction of an Internet Scale Event, Abhishek Kumar, Vern Paxson and Nicholas Weaver, Proc. ACM IMC, October 2005
    
    
14. Timing and Traffic Analysis
    Timing Analysis of Keystrokes and Timing Attacks on SSH, Dawn Song, David Wagner, Xuqing Tian, USENIX Security 2001
    Detecting stepping stones, Yin Zhang and Vern Paxson, USENIX Security 2000
    Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet, Xinyuan Wang, Shiping Chen, Sushil Jajodia, CCS 2005
    Statistical Identification of Encrypted Web Browsing Traffic, Qixiang Sun et al, IEEE S&P 2002
    BLINC: Multilevel Traffic Classification in the Dark, Thomas Karagiannis, Konstantina Papagiannaki, Michalis Faloutsos, SIGCOMM 2005
    
    
15. Anonymity
    Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, Paul Syverson, USENIX Security 2004
    
    
16. Architecture
    Ethane: Taking Control of the Enterprise, Martin Casado et al, SIGCOMM 2007
    Tussle in Cyberspace: Defining Tomorrow's Internet, David D. Clark, John Wroclawski, Karen Sollins and Robert Braden, SIGCOMM 2002
    A DoS-limiting network architecture, Xiaowei Yang, David Wetherall, Thomas Anderson, SIGCOMM 2005
    
    
17. Wireless/Devices
    Can Ferris Bueller Still Have His Day Off? Protecting Privacy in the Wireless Era, Ben Greenstein et al, HotOS 2007
    On Attack Causality in Internet-Connected Cellular Networks, Patrick Traynor, Patrick McDaniel, and Thomas La Porta, USENIX Security 2007
    Proximity Breeds Danger: Emerging Threats in Metro-area Wireless Networks, P. Akritidis et al, USENIX Security 2007
    
    
18. Web Authentication
    Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication, Chris Karlof, J.D. Tygar, and David Wagner, NDSS 2009
    
    
19. Web Attacks
    Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves, Adam Barth, Juan Caballero, and Dawn Song, IEEE S&P 2009
    Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments, Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang, IEEE S&P 2009
    Automated Web Patrol with Strider HoneyMonkeys, Yi-min Wang et al, NDSS 2006
    The Ghost In The Browser: Analysis of Web-based Malware, Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu, HotBots 2007
    
    
20. Botnets
    Your Botnet is My Botnet: Analysis of a Botnet Takeover, Brett Stone-Gross et al, CCS 2009
    Studying Spamming Botnets Using Botlab, John P.John, Alexander Moshchuk, Steven D. Gribble, and Arvind Krishnamurthy, NSDI 2009
    A Multifaceted Approach to Understanding the Botnet Phenomenon, Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis, IMC 2006
    
    
21. Scams
    Spamscatter: Characterizing Internet Scam Hosting Infrastructure, David Anderson, Chris Fleizach, Stefan Savage and Geoffrey Voelker, USENIX Security 2007
    Examining the impact of website take-down on phishing, Tylor Moore and Richard Clayton, Proc. Anti-Phishing Working Group eCrime Researchers Summit, 2007
    
    

    ---

    
    We likely won't have time to get to these additional topics:
    
    
22. Web Server Attacks
    Anomaly Detection of Web-based Attacks, Christopher Kruegel and Giovanni Vigna, CCS 2003
    SQL Injection Attacks by Example, Steve Friedl, http://www.unixwiz.net/techtips/sql-injection.html
    
    
23. Securing Infrastructure
    A Survey of BGP Security Issues and Solutions, Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer Rexford, (in submission)
    A Fundamental Look at DNSSEC, Deployment, and DNS Security Extensions, Geoff Huston, CircleID, 2006
    BGP Security Vulnerabilities Analysis, S. Murphy, RFC 4272, 2006
    Generic Threats to Routing Protocols, A Barbir, S. Murphy and Y. Yang, RFC 4593, 2006
    Bootstrapping the Adoption of Internet Security Protocols, Andy Ozment and Stuart Schechter, WEIS 2006
    Modeling adoptability of secure BGP protocols, Haowen Chan, Debabrata Dash, Adrian Perrig, Hui Zhang, SIGCOMM 2006
    
    
24. Peer-to-Peer
    A Survey of Peer-to-Peer Security Issues, Dan Wallach, International Symposium on Software Security, 2002
    SybilGuard: Defending Against Sybil Attacks via Social Networks, Haifeng Yu, Michael Kaminsky, Phillip Gibbons, Abraham Flaxman, SIGCOMM 2006
    
    
25. Trace anonymization
    The Devil and Packet Trace Anonymization, Ruoming Pang, Mark Allman, Vern Paxson and Jason Lee, CCR 36(1), January 2006
    
    
26. Underground Economy
    The Underground Economy: Priceless, Rob Thomas and Jerry Martin, USENIX ;login:, 31(6), December 2006
    An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants, Jason Franklin, Vern Paxson, Adrian Perrig, and Stefan Savage, CCS 2007
    
    
27. Side Channels
    Remote Timing Attacks are Practical, David Brumley and Dan Boneh, USENIX Security 2003
    Information Leakage from Optical Emanations, Joe Loughry and David Umphress, ACM Transactions on Information and System Security, 5(3) 2002
    Information Flow in the Peer-Reviewing Process (Extended Abstract), Michael Backes, Markus D¨urmuth, Dominique Unruh, IEEE S&P 2007
    
    
28. Firewalls
    Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits, Helen J. Wang, Chuanxiong Guo, Daniel R. Simon, and Alf Zugenmaier, SIGCOMM 2004