CS6204 Recent Advances in Computer Security and Privacy 3-credit graduate-level seminar

1. CS6204 Recent Advances in Computer Security and Privacy3-credit graduate-level seminar Danfeng (Daphne) Yao Spring 2010 Office hours: MW 3-4 pm in McBryde Hall 122 Introduction

2. Topics • Network security • Malware detection • System integrity • Data privacy • Application security • Applied cryptography • System evaluation • Human issues in security/privacy 2: Application Layer

3. Textbooks • REQUIRED textbook: The Craft Of System Security By Sean Smith and John Marchesini. • Recommended readings (available in the Library): • Computer Security: Art and Science by Matt Bishop. • Security in Computing (fourth edition) by Charles P. Pfleeger and Shari Lawrence Pfleeger. Introduction

4. Course workload • Course homepage • people.cs.vt.edu/~danfeng/courses/cs6204 • Class participation: 10% • You are required to make at least one intelligent comment for each paper discussed. • Written summaries for each paper: 5% • 1-2 paragraphs on each paper using your own words posted to scholar.vt.edu before the class. Please do NOT copy sentences from the paper or other people’s slides • Presentation: 25% • Slides preparation: 12% (intuitive yet with technical depth); organization of the talk and question-handling ability 13% -- Reading slides is not allowed • Project: 40% • 2-paragraph proposal: 5%, 1-page intermediate report: 5%, 3-page final report 20%, 5-10 minutes presentation: 10%) • Take-home final exam: 20% Introduction

5. More on presentation & project • Everyone posts paper summaries before class on schoalr.vt.edu • Late submission does not count • Join CS 6204: Recent Advances in Computer Security and Privacy at scholar.vt.edu • Use “forum” to post your summaries – everyone can see them • Make sure that you put down the title of paper for each summary and your name • Project is to be done by yourself – no group project • A list of project ideas will be posted • You are welcome to create your own project • Select projects will be submitted to security conferences with my help Introduction

6. Important dates • Project proposal due: 02/23 midnight (Tuesday) • Project intermediate report: 04/01 midnight (Thursday) • Project final report due: 05/06 midnight (Thursday) • Project presentation: The week of 05/03 • Take-home final exam: TBA Introduction

7. Design and implementation of a TCG-based integrity measurement architecture (CCS 04) • Toward Automated Information-Flow Integrity Verification For Security-Critical Applications (NDSS 06) • Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense (NDSS 09) • Not-A-Bot (NAB): improving service availability in the face of botnet attacks (NSDI 09) • Tamper-resistant, application-aware blocking of malicious network connections (RAID 07) • Design and Implementation of an Extrusion-based Break-In Detector for Personal Computers (ACSAC 05) • Privacy oracle: a system for finding application leaks with black box differential testing (CCS 08) • Protecting confidential data on personal computers with storage capsules (USENIX Security 09) • Effective Anomaly Detection With Scarce Training Data (NDSS 10) • The multi-principal OS construction of the Gazelle Web browser (USENIX 09) • Predicting Web spam with HTTP session information • Privacy-aware collaborative spam filtering (CEAS 07) • Efficient data structure for tamper-evident logging (USENIX Security 09) • Battle of Botcraft: Fighting Bots in Online Games With Human Observational Proofs (ACM CCS 09) • Quantifying the security of preference-based authentication

8. Academic Integrity • No cheating on project, and exam • Do not copy others’ slides, or text Introduction