CSCI 680 Advanced Systems and Network Security (Fall 2015)

Course Description

This is a graduate level course on advanced systems security and network security. The course involves both a reading/lecture/discussion and a term project. We will read and discuss research papers on various aspects of systems and network security: operating system security, password management, virtual machine security, side channel attacks, Moving Target Defense, Mobile Security, Attacks, Web Security, Hardware Security, Honey Encryption, Authentication and Identity, etc. Students are expected to read papers before the class, participate in the discussion during the class, and take in-class quiz. The lecture will be conducted in an interactive fashion. The term projects can be either of the following types: design/implementation, measurement, and simulation. A team consisting of at most two students will identify and work on a research project. Each student is required to write 5 paper reviews and conduct 2 class presentations. There will be a final exam based on the research papers discussed in the class.

Course Information

Instructor: Kun Sun

Time: MW 3:30pm - 4:50pm
Location: Blow Memorial Hall #334
Office Hours: MW 1:30pm - 3:30pm, M-S Hall, #105

Grading Policy (tentative)

Grades will be computed as follows: 
    10% Class Participation 
    10% Paper Review
    20% Presentations
    30% Term Project  
    30% Final Exam 

Papers Reading List (tentative)

Presentation Evaluation Form

Textbook: No textbook is required for this course. Most of course readings come from seminal papers.

Class Schedule (tentative)

Note: the schedule will change as the course progresses. Please check frequently.
If you are particularly interested in certain topic not covered here, please send mail to the instructor.

Reading Material
Speakers and Slides
Class overview and topic summary

Kun Sun

  1. Course overview.
  2. Topic summary.

Hypervisor and
(Guess Lecturer)

  1. Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang, Xiaolan Zhang, and Nathan C. Skalsky. HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the 17th ACM conference on Computer and communications security, 2010.
  2. Flavio Lombardi and Roberto Di Pietro. 2009. KvmSec: a security extension for Linux kernel virtual machines. In Proceedings of the ACM symposium on Applied Computing, 2009.

    More reading material:
  • LXC/Docker and Security:
  • New LXC Unprivileged Containers
  • Linux Advanced Routing and Traffic Control:
  • IBM Virtualization Security Guidelines:!/linuxonibm/liaat/liaatseckickoff.htm

Chris Shenefield (slides)


Hardware-assisted Security
Add/drop Deadline: 09/04/15

  1. Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang, and Kun Sun. "Using Hardware Features for Increased Debugging Transparency". In the 36th IEEE Symposium on Security and Privacy (S&P), Fairmont, San Jose, CA, May 18-20, 2015.
  2. He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing. "TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens". To appear in the 22nd ACM Conference on Computer and Communications Security, Denver, Colorado, October 12-16, 2015.

Kun Sun (slides1, 2)


No Class
( Labor Day)

Journalist protection & Disassembling
  1. Susan E. McGregor and Polina Charters and Tobin Holliday and Franziska Roesner, "Investigating the Computer Security Practices and Needs of Journalists", Usenix Security 2015.
  2. Shuai Wang and Pei Wang and Dinghao Wu, "Reassembleable Disassembling", Usenix Security 2015.
  1. Bennett Summers (slides)
  2. Chuong Ngo (slides)

Cache as TEE & TLS Security

(1st paper review due)

  1. Patrick Colp, Jiawen Zhang, James Gleeson, Sahil Suneja, Eyal de Lara, Himanshu Raj, Stefan Saroiu, and Alec Wolman, "Protecting Data on Smartphones and Tablets from Memory Attacks", ASPLOS 2015.
  2. Benjamin Beurdouche and Karthikeyan Bhargavan and Antoine Delignat-Lavaud and Cdric Fournet and Markulf Kohlweiss and Alfredo Pironti and Pierre-Yves Strub and Jean Karim Zinzindohoue, "A Messy State of the Union: Taming the Composite State Machines of TLS", S&P 2015.
  1. Luren Wang (slides)
  2. Nan Liu (slides)
SDN Security & Pointer Integrity
  1. Scott-Hayward, S.; O'Callaghan, G.; Sezer, S., "Sdn Security: A Survey," in Future Networks and Services (SDN4FNS), 2013 IEEE SDN for , vol., no., pp.1-7, 11-13 Nov. 2013.
  2. Chao Zhang, Chengyu Song, Kevin Zhijie Chen, Zhaofeng Chen, Dawn Song, "VTint: Protecting Virtual Function Tables’ Integrity", NDSS 2015.
  1. Chris Shenefield (slides)
  2. Corey Ames (slides)
HE & App Auditing
  1. Juels, A.; Ristenpart, T., "Honey Encryption: Encryption beyond the Brute-Force Barrier," S&P, 2014.
  2. Mingyuan Xia, Lu Gong, Yuanhao Lv, Zhengwei Qi, Xue Liu, "Effective Real-time Android Application Auditing", S&P 2015.
  1. Shengye Wan (slides)
  2. Lihua Ren (slides)
System Decoupling & 3rd-party Tracking
  1. Gerd Zellweger, Simon Gerber, Kornilios Kourtis, and Timothy Roscoe, "Decoupling cores, kernels, and operating systems", OSDI 2014.
  2. Xiang Pan, Yinzhi Cao, and Yan Chen, "I Do Not Know What You Visited Last Summer: Protecting users from stateful third-party tracking with TrackingFree browser", NDSS 2015.
  1. Haonang Wang (slides)
  2. Fan Luo (slides)
MAC on Android
  1. Ruowen Wang and William Enck and Douglas Reeves and Xinwen Zhang and Peng Ning and Dingbang Xu and Wu Zhou and Ahmed M. Azab, "EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning", Usenix Security 2015.
  2. Soteris Demetriouy, Xiaoyong Zhouz, Muhammad Naveedy, Yeonjoon Leez, Kan Yuanz, XiaoFeng Wangz, Carl A Gunter, "What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources", NDSS 2015.
  1. Hongyang Zhao (slides)
  2. Cody Watson (slides)


HE on Password & GUI Forensics

(2nd paper review due)

  1. R. Chatterjee, J. Bonneau, A. Juels, and T. Ristenpart. "Cracking-Resistant Password Vaults using Natural Language Encoders", S&P, 2015.
  2. Brendan Saltaformaggio, Rohit Bhatia, Zhongshu Gu, Xiangyu Zhang, Dongyan Xu, "GUITAR: Piecing Together Android App GUIs from Memory Images", CCS 2015.
  1. Shengye Wan (slides)
  2. Yongsen Ma (slides)

Browser Security
(Project proposal due)

  1. Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee, "UCognito: Private Browsing without Tears", CCS 2015.
  2. Michael Weissbacher and William Robertson and Engin Kirda and Christopher Kruegel and Giovanni Vigna, "ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities", Usenix Security 2015.
  1. He Zhang (slides)
  2. Xianchen Meng (slides)
  1. Nikolaos Karapanos and Claudio Marforio and Claudio Soriente and Srdjan Capkun, "Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound", Usenix Security 2015.
  2. Nan Zhang, Kan Yuan, Muhammad Naveed, Xiaoyong Zhou, XiaoFeng Wang, "Leave Me Alone: App-level Protection Against Runtime Information Gathering on Android", S&P 2015.
  1. Rongdong Chai (slides)
  2. Fan Luo (slides)
No class.
(Fall Break)

No class.
(The instructor is out of town.)


Trusted UI & Parking Domains

(3rd paper review due)

  1. Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel and Giovanni Vigna, "What the App is That? Deception and Countermeasures in the Android User Interface", S&P 2015.
  2. Thomas Vissers, Wouter Joosen, and Nick Nikiforakis , "Parking Sensors: Analyzing and Detecting Parked Domains", NDSS 2015.
  1. Yongsen Ma (slides)
  2. Yi Yuan (slides)

Dynamic Javascript & KYO

Withdraw deadline: 10/23/15

  1. Sebastian Lekies and Ben Stock and Martin Wentzel and Martin Johns, "The Unexpected Dangers of Dynamic JavaScript", Usenix Security 2015.
  2. Benjamin Guldenring, Volker Roth and Lars Ries, "Knock Yourself Out: Secure Authentication with Short Re-Usable Passwords", NDSS 2015.
  1. Hao Xu (slides)
  2. Eunyoung Cho (slides)
JIT-ROP & Private Payment
  1. Michalis Athanasakis, Elias Athanasopoulos, Michalis Polychronakis, Georgios Portokalidis, Sotiris Ioannidis, "The Devil is in the Constants: Bypassing Defenses in Browser JIT Engines", NDSS 2015.
  2. Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, and Kim Pecina, "Privacy Preserving Payments in Credit Networks: Enabling trust with privacy in online marketplaces", NDSS 2015.
  1. Carlos Bernal-Cardenas (slides)
  2. Cody Watson (slides)
Android Permission & Analog Attacks
  1. Primal Wijesekera and Arjun Baokar and Ashkan Hosseini and Serge Egelman and David Wagner and Konstantin Beznosov, "Android Permissions Remystified: A Field Study on Contextual Integrity", Usenix Security 2015.
  2. Yasser Shoukry, Paul Martin, Yair Yona, Suhas Diggavi, Mani Srivastava, "PyCRA: Physical Challenge-Response Authentication for Active Sensors Under Spoofing Attacks", CCS 2015.
  1. Hongyang Zhao (slides)
  2. Hao Xu (slides)
Password Guessability & HE
  1. Blase Ur and Sean M. Segreti and Lujo Bauer and Nicolas Christin and Lorrie Faith Cranor and Saranga Komanduri and Darya Kurilova and Michelle L. Mazurek and William Melicher and Richard Shay, "Measuring Real-World Accuracies and Biases in Modeling Password Guessability", Usenix Security 2015.
  2. Z. Huang, E. Ayday, J.-P. Hubaux, J. Fellay, and A. Juels. "GenoGuard: Protecting Genomic Data against Brute-Force Attacks", S&P, 2015.
  1. Yue Li (slides)
  2. Chuong Ngo (slides)

Password & DEFY

(4th paper review due)

  1. Jeremiah Blocki, Saranga Komanduri, Lorrie Cranor, Anupam Datta, "Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords", NDSS 2015.
  2. Timothy M. Peters, Mark A. Gondree, Zachary N. J. Peterson, "DEFY: A Deniable, Encrypted File System for Log-Structured Storage", NDSS 2015.
  1. Lihua Ren (slides)
  2. Nan Liu (slides)
Bloom Cookies & Embedded Web Scripts
  1. Nitesh Mor, Oriana Riva, Suman Nath, John Kubiatowicz, "Bloom Cookies: Web Search Personalization without User Tracking", NDSS 2015.
  2. Yuchen Zhou, David Evans, "Understanding and Monitoring Embedded Web Scripts", S&P, 2015.
  1. Bennett Summers (slides)
  2. Zeyi Tao (slides)
Defeating Side Channel & DoS on SRIOV
  1. Ashay Rane and Calvin Lin and Mohit Tiwari, "Raccoon: Closing Digital Side-Channels through Obfuscated Execution", Usenix Security 2015.
  2. Igor Smolyar, Muli Ben-Yehuda, and Dan Tsafrir, "Securing Self-Virtualizing Ethernet Devices". Usenix Security 2015.
  1. Rongdong Chai (slides)
  2. Luren Wang (slides)
Email Security & Public Key Security
  1. Ian Foster, Jon Larson, Max Masich, Alex C. Snoeren, Stefan Savage, and Kirill Levchenko, "Security by Any Other Name: On the Effectiveness of Provider Based Email Security", CCS 2015.
  2. David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thome, Luke Valent, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, Paul Zimmerma ,Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice",CCS 2015.
  1. Yi Yuan (slides)
  2. Eunyoung Cho (slides)
Automatic Deobfuscation & Cookies Integrity
  1. Babak Yadegari, Brian Johannesmeyer , Benjamin Whitely, Saumya Debray, "A Generic Approach to Automatic Deobfuscation of Executable Code", S&P, 2015.
  2. Xiaofeng Zheng and Jian Jiang and Jinjin Liang and Haixin Duan and Shuo Chen and Tao Wan and Nicholas Weaver, "Cookies Lack Integrity: Real-World Implications", Usenix Security 2015.
  1. Corey Ames (slides)
  2. Zeyi Tao (slides)

Side Channel & Malicious Extensions

(5th paper review due)

  1. Stephen Crane, Andrei Homescu, Stefan Brunthaler, Per Larsen, and Michael Franz, "Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity", NDSS 2015.
  2. Nav Jagpal and Eric Dingle and Jean-Philippe Gravel and Panayiotis Mavrommatis and Niels Provos and Moheeb Abu Rajab and Kurt Thomas, "Trends and Lessons from Three Years Fighting Malicious Extensions", Usenix Security 2015.
  1. Xianchen Meng (slides)
  2. Haonan Wang (slides)
No Class
SDN & Browser Security
  1. Sungmin Hong, Lei Xu, Haopei Wang, Guofei Gu, "Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures", NDSS 2015.
  2. Sandy Clark, Michael Collis, Matt Blaze, and Jonathan M. Smith. "Moving Targets: Security and Rapid-Release in Firefox", CCS 2014.
  1. He Zhang (slides)
  2. Carlos Bernal-Cardenas (slides)

Security Development Lifecycle
(Guest Lecturer)

(Project final report due)

  1. Microsoft Security Development Lifecycle
  2. Secure Software Development Life Cycle Processes: A Technology Scouting Report
  3. NIST SP 800-63 Revision 2, Security Considerations in the System Development Life Cycle
  4. Verizon Data Breach Investigations Report
Chris Shenefield (slides)
Final Exam (9:00 am - noon)

Honor Code

Students are required to follow William and Mary's Honor System, as described in the student handbook.