Papers Reading List for CSCI 680: Advanced Systems and Network Security
Group 1: Operating System Security
- [SBT15] Igor Smolyar, Muli Ben-Yehuda, and Dan Tsafrir, "Securing Self-Virtualizing Ethernet Devices". Usenix Security 2015.
- [CZGSL15] Patrick Colp, Jiawen Zhang, James Gleeson, Sahil Suneja, Eyal de Lara, Himanshu Raj, Stefan Saroiu, and Alec Wolman, "Protecting Data on Smartphones and Tablets from Memory Attacks", ASPLOS 2015.
- [HSKS15] Matthew Hicks, Cynthia Sturton, Samuel T. King, and Jonathan M. Smith, "SPECS: A Lightweight Runtime Mechanism for Protecting Software from Security-Critical Processor Bugs", ASPLOS 2015.
- [ZGKR14] Gerd Zellweger, Simon Gerber, Kornilios Kourtis, and Timothy Roscoe, "Decoupling cores, kernels, and operating systems", OSDI 2014
- [KSPC14] Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, Dawn Song. "Code-Pointer Integrity", OSDI 2014.
Group 2: Attacks
- [CHBLF15] Stephen Crane, Andrei Homescu, Stefan Brunthaler, Per Larsen, and Michael Franz, "Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity", NDSS 2015.
- [IES15] Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar, "S$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing—and its Application to AES", S&P 2015.
- [LYGHL15] Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, Ruby B. Lee, "Last-Level Cache Side-Channel Attacks are Practical ", S&P 2015.
- [GSM15] Daniel Gruss and Raphael Spreitzer and Stefan Mangard, "Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches", Usenix Security 2015.
- [ZSCC15] Chao Zhang, Chengyu Song, Kevin Zhijie Chen, Zhaofeng Chen, Dawn Song, "VTint: Protecting Virtual Function Tables’ Integrity", NDSS 2015.
- [JDGMP15] Nav Jagpal and Eric Dingle and Jean-Philippe Gravel and Panayiotis Mavrommatis and Niels Provos and Moheeb Abu Rajab and Kurt Thomas, "Trends and Lessons from Three Years Fighting Malicious Extensions", Usenix Security 2015.
- [SBGZX15] Brendan Saltaformaggio, Rohit Bhatia, Zhongshu Gu, Xiangyu Zhang, Dongyan Xu, "GUITAR: Piecing Together Android App GUIs from Memory Images", CCS 2015.
Group 3: Android Security
- [WERZN15] Ruowen Wang and William Enck and Douglas Reeves and Xinwen Zhang and Peng Ning and Dingbang Xu and Wu Zhou and Ahmed M. Azab, "EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning",, Usenix Security 2015.
- [WBHEW15] Primal Wijesekera and Arjun Baokar and Ashkan Hosseini and Serge Egelman and David Wagner and Konstantin Beznosov, "Android Permissions Remystified: A Field Study on Contextual Integrity", Usenix Security 2015.
- [BCIFKV15] Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel and Giovanni Vigna, "What the App is That? Deception and Countermeasures in the Android User Interface", S&P 2015.
- [ZYNZW15] Nan Zhang, Kan Yuan, Muhammad Naveed, Xiaoyong Zhou, XiaoFeng Wang, "Leave Me Alone: App-level Protection Against Runtime Information Gathering on Android", S&P 2015.
- [XGLQL15] Mingyuan Xia, Lu Gong, Yuanhao Lv, Zhengwei Qi, Xue Liu, "Effective Real-time Android Application Auditing", S&P 2015.
- [PCC15] Xiang Pan, Yinzhi Cao, and Yan Chen, "I Do Not Know What You Visited Last Summer: Protecting users from stateful third-party web tracking with TrackingFree browser", NDSS 2015.
- [DZNL15] Soteris Demetriouy, Xiaoyong Zhouz, Muhammad Naveedy, Yeonjoon Leez, Kan Yuanz, XiaoFeng Wangz, Carl A Gunter, "What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources", NDSS 2015.
Group 4: Hardware Security
- [BPH14] Andrew Baumann and Marcus Peinado and Galen Hunt, "Shielding Applications from an Untrusted Cloud with Haven", OSDI 2014.
- [SCFGP15] Felix Schuster, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, Mark Russinovich, "VC3: Trustworthy Data Analytics in the Cloud using SGX", S&P 2015.
- [XCP15] Yuanzhong Xu, Weidong Cui, Marcus Peinado, "Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems", S&P 2015.
Group 5: Authentication and Identity
Group 6: Web Security
- [ZJLD15] Xiaofeng Zheng and Jian Jiang and Jinjin Liang and Haixin Duan and Shuo Chen and Tao Wan and Nicholas Weaver, "Cookies Lack Integrity: Real-World Implications", Usenix Security 2015.
- [LSWJ15] Sebastian Lekies and Ben Stock and Martin Wentzel and Martin Johns, "The Unexpected Dangers of Dynamic JavaScript", Usenix Security 2015.
- [WRKKV15] Michael Weissbacher and William Robertson and Engin Kirda and Christopher Kruegel and Giovanni Vigna, "ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities", Usenix Security 2015.
- [ZE15] Yuchen Zhou, David Evans, "Understanding and Monitoring Embedded Web Scripts", S&P, 2015.
- [VJN15] Thomas Vissers, Wouter Joosen, and Nick Nikiforakis , "Parking Sensors: Analyzing and Detecting Parked Domains", NDSS 2015.
- [BCJP15] Lujo Bauer, Shaoying Cai, Limin Jia, Timothy Passaro, Michael Stroucken, Yuan Tian, "Run-time Monitoring and Formal Analysis of Information Flows in Chromium", NDSS 2015.
- [XJXKL15] Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee, "Cognito: Private Browsing without Tears", CCS 2015.
Group 7: Obfuscation for good and bad.
- [YJWD15] Babak Yadegari, Brian Johannesmeyer , Benjamin Whitely, Saumya Debray, "A Generic Approach to Automatic Deobfuscation of Executable Code", S&P, 2015.
- [RLT15] Ashay Rane and Calvin Lin and Mohit Tiwari, "Raccoon: Closing Digital Side-Channels through Obfuscated Execution", Usenix Security 2015.
Group 8: Network Security (TLS)
- [ABDG15] David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thome, Luke Valent, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, Paul Zimmerman," Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice",CCS 2015.
- [FLMSS15] Ian Foster, Jon Larson, Max Masich, Alex C. Snoeren, Stefan Savage, and Kirill Levchenko, "Security by Any Other Name: On the Effectiveness of Provider Based Email Security", CCS 2015
- [BBLF15] Benjamin Beurdouche and Karthikeyan Bhargavan and Antoine Delignat-Lavaud and Cdric Fournet and Markulf Kohlweiss and Alfredo Pironti and Pierre-Yves Strub and Jean Karim Zinzindohoue, "A Messy State of the Union: Taming the Composite State Machines of TLS", S&P 2015.
- [DPMM15] Mohan Dhawan, Rishabh Poddar, Kshiteej Mahajan, Vijay Mann, "SPHINX: Detecting Security Attacks in Software-Defined Networks", NDSS 2015.
- [HRCCV15] Boyuan He, Vaibhav Rastogi, Yinzhi Cao, Yan Chen, V.N. Venkatakrishnan, Runqing Yang and Zhenrui Zhang, "Vetting SSL Usage in Applications with SSLINT", S&P 2015.
- [HXWG15] Sungmin Hong, Lei Xu, Haopei Wang, Guofei Gu, "Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures", NDSS 2015.
Group 9: Privacy and Anonymity
- [MRNK15] Nitesh Mor, Oriana Riva, Suman Nath, John Kubiatowicz, "Bloom Cookies: Web Search Personalization without User Tracking", NDSS 2015.
- [ZM15] Lianying Zhao and Mohammad Mannan, "Gracewipe: Secure and Verifiable Deletion under Coercion", NDSS 2015.
- [SKMP15] Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, and Kim Pecina, "Privacy Preserving Payments in Credit Networks: Enabling trust with privacy in online marketplaces", NDSS 2015.
- [PGP15] Timothy M. Peters, Mark A. Gondree, Zachary N. J. Peterson, "DEFY: A Deniable, Encrypted File System for Log-Structured Storage", NDSS 2015.
Group 10: Password Management
- [USBC15] Blase Ur and Sean M. Segreti and Lujo Bauer and Nicolas Christin and Lorrie Faith Cranor and Saranga Komanduri and Darya Kurilova and Michelle L. Mazurek and William Melicher and Richard Shay, "Measuring Real-World Accuracies and Biases in Modeling Password Guessability", Usenix Security 2015.
- [BKCD15] Jeremiah Blocki, Saranga Komanduri, Lorrie Cranor, Anupam Datta, "Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords", NDSS 2015.
- [GRR15] Benjamin Guldenring, Volker Roth and Lars Ries, "Knock Yourself Out: Secure Authentication with Short Re-Usable Passwords", NDSS 2015.
Group 11: Honey Encryption
- [JR14] Juels, A.; Ristenpart, T., "Honey Encryption: Encryption beyond the Brute-Force Barrier," S&P, 2014.
- [CBJR15] R. Chatterjee, J. Bonneau, A. Juels, and T. Ristenpart. "Cracking-Resistant Password Vaults using Natural Language Encoders", S&P, 2015.
- [HAHFJ15] Z. Huang, E. Ayday, J.-P. Hubaux, J. Fellay, and A. Juels. "GenoGuard: Protecting Genomic Data against Brute-Force Attacks", S&P, 2015.
Group 12: Misc.
- [MCHR15]Susan E. McGregor and Polina Charters and Tobin Holliday and Franziska Roesner, "Investigating the Computer Security Practices and Needs of Journalists", Usenix Security 2015.
- [WWW15] Shuai Wang and Pei Wang and Dinghao Wu, "Reassembleable Disassembling", Usenix Security 2015.
- [CY15] Yinzhi Cao, Junfeng Yang, "Towards Making Systems Forget with Machine Unlearning", S&P 2015.
- [JMLDR15] Brendan Juba, Christopher Musco, Fan Long, Stelios Sidiroglou-Douskos and Martin Rinard, "Principled Sampling for Anomaly Detection", NDSS 2015.