Network Security

CS/ECE 5584: Network Security, Fall 2017

Instructor: Ning Zhang, ningzh@vt.edu
Meeting: Monday 4:00 pm - 6:45 pm
Classroom: NVC 323 / Torgersen Hall 1100C
Slack: networksecurityvt.slack.com

Announcements


Sep 09   Instructor in Blacksburg Sep 10

Sep 07   NVC classroom moved to 323

Sep 07   Readings Updated, Blog Sample Updated

Aug 27   Course Website is up

Syllabus


Syllabus in PDF

Schedule


Weeks Topics
08.28.17 Class Introduction and Logistics
Security Fundamentals - Threat Model and Security Objectives
09.04.17 Labor Day - No Class
09.11.17 Cryptography Review - Symmetric Key Cryptography
09.18.17 Cryptography Review - Asymmetric Key Cryptography
Class Project Proposal
09.25.17 Cryptography Review - Asymmetric Key Cryptography
Ruide - Vale: Verifying High-Performance Cryptographic Assembly Code
10.02.17 User Authentication
Blog Assignment 1 - Due
10.09.17 No Class, Project Individual Meeting on Project
10.16.17 Lei - Using Reflexive Eye Movements For Fast Challenge-Response Authentication
IPSec
SSL/TLS
10.23.17 Public Key Infrastructures, HTTPS and E-mail
Kaidi - The Security Impact of HTTPS Interception
Kate - SoK: SSL and HTTPS
10.30.17 Firewalls, Network Intrusion Detection
Network Fingerprinting, Software Defined Network Security
Jonathan - A Survey of Securing Networks Using Software Defined Networking
Class Project Progress Report
11.06.17 Denial of Service
Network Malware - Bots and Worms
Mischa - SoK: P2PWNED
Blog Assignment 2 - Due
11.13.17 Anonymous Communication and Anti-Censorship
Weisheng - Hello from the Other Side
Ya - Counter-RAPROR
Joel - Obstacles to the Adoption of Secure Communication Tools
11.27.17 Big Data Security
Taoran - Towards Evaluating the Robustness of Neural Networks
Yang - Membership Inference Attacks Against Machine Learning Models
Xuchao - Explaining and Harnessing Adversarial Examples
12.04.17 Class Project Presentation
12.11.17 Class Project Presentation
12.20.17 Class Project Writeup Due

Project


[ Project Ideas ]

[ Project Teams ]

Teams Project Name
Joel Antivirus Software Survey
Jonathan IoT Protection using SDN
Ya Program Analysis of vulnerabilities in cryptographic implementation
Yang Black-box attack against state-of-the-art classification systems and potential countermeasures
Mischa Defensive applications of Machine Learning in network security
Kate building an automated way to detect Bluetooth vulnerabilities within devices
Kaidi Context Recovery of Network Services in Operating System
Ruide Large-scale automatic bug finding and exploitation generation for IoT devices
Taoran
WeiSheng
Early Cyber Attack Detection Using Social Media
Xuchao
Lei
Robust Regression via Online Feature Selection

Readings


[ Security Fundamentals - What do you mean ?]

Ken Thompson, Reflections on Trusting Trust , Communications of the ACM, 1984 PDF

Aleph One, Smashing The Stack For Fun And Profit , Phrack 49 PDF

[ Network Security - How do you build it ?]

Niels Ferguson, Bruce Schneier, A Cryptographic Evaluation of IPsec PDF

David Adrian et al., Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice, ACM CCS 15. PDF, Website

Nimrod Aviram et al., DROWN: Breaking TLS using SSLv2, USENIX Security 2016. PDF, Website

Y. Sheffer, et al., RFC on known attacks: Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS), RFC 7457. February 2015. PDF

Martin Georgiev et al., The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software, ACM CCS 2012. PDF

[ Internet Security - You can do that ?]

Zakir Durumeric et al., The Security Impact of HTTPS Interception, NDSS 2017. PDF Slides

Ruba Abu-Salma et al., Obstacles to the Adoption of Secure Communication Tools, IEEE S&P (Oakland) 2017. PDF

Jeremy Clark and Paul C. van Oorschot, SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements, IEEE S&P (Oakland) 2013. PDF

Taejoong Chung et al., A Longitudinal, End-to-End View of the DNSSEC Ecosystem, USENIX Security 2017. PDF

[ Big Data Security - How do you know that ? ]

Nicholas Carlini, David Wagner, Towards Evaluating the Robustness of Neural Networks, IEEE S&P (Oakland) 2017. PDF, YouTube

Reza Shokri et al., Membership Inference Attacks Against Machine Learning Models, IEEE S&P (Oakland) 2017. PDF

[ Network Software Security - Can you hack me ?]

Karthikeyan Bhargavan el. al. Implementing TLS with Verified Cryptographic Security, IEEE S&P (Oakland) 2017. PDF

Zakir Durumeric et al., ZMap: Fast Internet-Wide Scanning and its Security Applications, USENIX Security 2013. PDF Website

Suman Jana et al., Automatically Detecting Error Handling Bugs using Error Specifications. USENIX Security 2016. PDF

Amit Kumar Sikder et al. 6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices, USENIX Security 2017. PDF

Barry Bond et al. Vale: Verifying High-Performance Cryptographic Assembly Code USENIX Security 2017. PDF

Jens Müller et al., SoK: Exploiting Network Printers. IEEE S&P (Oakland) 2017. PDF

Claude Fachkha et al., Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis, NDSS 2017. PDF

Yinzhi Cao et al., (Cross-)Browser Fingerprinting via OS and Hardware Level Features, NDSS 2017. PDF

[ Network Malware - Can you hear me ? ]

Chaz Lever et al., A Lustrum of Malware Network Communication: Evolution and Insights, IEEE S&P (Oakland) 2017. PDF

Clementine Maurice et al., Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud, NDSS 2017. PDF Slides

Christian Rossow et al., SoK: P2PWNED — Modeling and Evaluating the Resilience of Peer-to-Peer Botnets, , IEEE S&P (Oakland) 2013. PDF

Michael Rushanan et al., SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks, , IEEE S&P (Oakland) 2014. PDF Slides

[ Anonymous Communication - It wasn't me ! ]

Yixin Sun et al., Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks, , IEEE S&P (Oakland) 2017. PDF

Paul Pearce et al., Augur: Internet-Wide Detection of Connectivity Disruptions, , IEEE S&P (Oakland) 2017. PDF

Sebastian Angel, Srinath Setty, Unobservable Communication over Fully Untrusted Infrastructure USENIX OSDI 16, PDF

Michael Carl Tschantz et al., SoK: Towards Grounding Censorship Circumvention in Empiricism, , IEEE S&P (Oakland) 2016. PDF

Ethics


With greater power, comes greater responsibility. In this course, we will be learning about and exploring some vulnerabilities that could be used to attack systems. Students are expected to behave responsibly and ethically. You may not attack any system prior approval of the site owners, and may not use anything you learn in this class to disrupt services or harm others. If you have any doubts about whether or not something you want to do is ethical and legal, you should check with the course instructor.

CS/ECE 5584: Network Security, Fall 2017, Ning Zhang