Mehrdad Nojoumian - CS591 Hot Topics in Cybersecurity

CS 591: Hot Topics in Cybersecurity

Department of Computer Science
Southern Illinois University
Carbondale, IL 62901

Information ^

Instructor: Mehrdad Nojoumian
Office: Faner 2132
Office Hours: TR 14:00 - 15:00
Email: nojoumian (at) cs.siu.edu
Lectures: Tuesdays & Thursdays 11:00 - 12:15 in Faner 1226.
Marking Scheme: Open-Book Exams in the Form of Oral Presentations: 40%, Cybersecurity Project: 30%, Final Exam: 20%, and Participation: 10%.
Reference Books:
Security in Computing, by Charles P. Pfleeger and Shari Lawrence Pfleeger, 4th e, Prentice Hall.
Cryptography: Theory and Practice, by Douglas R. Stinson, 3rd e, Chapman and Hall/CRC.
Handbook of Applied Cryptography, by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, CRC Press.

Presentations ^

For the open-book exams in the form of oral presentations, each student must select two recent papers (published after 2010) only from the conferences listed below. The first paper must be presented sometime between Jan 28 & Mar 06 and the second paper must be presented sometime between Mar 18 & Apr 24.

IEEE Symposium on Security and Privacy (S&P), ACM Conference on Computer and Communications Security (CCS), ACM Symposium on Information, Computer and Communications Security (AsiaCCS), Usenix Security Symposium (Security), Network and Distributed System Security Symposium (NDSS), IEEE Computer Security Foundations Symposium (CSF), Conference on Decision and Game Theory for Security (GameSec), International Conference on Information and Communications Security (ICICS), Information Security Conference (ISC), International Conference on Security and Privacy in Communication Networks (SecureComm), International Conference on Financial Cryptography and Data Security (FC), ACM Conference on Wireless Network Security (WiSec), Annual Computer Security Applications Conference (ACSAC), ACM Conference on Data and Application Security and Privacy (CODASPY), European Symposium on Research in Computer Security (ESORICS), IFIP International Information Security Conference (SEC), Privacy Enhancing Technologies Symposium (PETS), USENIX Workshop on Hot Topics in Security (HotSec), International Conference on Information Theoretic Security (ICITS), International Conference on Applied Cryptography and Network Security (ACNS), International Cryptology Conference (Crypto), European Cryptology Conference (EuroCrypt), Annual International Conference on Theory and Application of Cryptology and Information Security (AsiaCrypt).

Each presentation should have the following seven elements: (1) Contents of the Talk, (2) Problem Statement or Objectives or Motivation, (3) Contribution of the Paper, (4) Preliminaries or Background, (5) Body of the Paper, (6) Conclusion and Future Directions, and (7) Discussion by the Presenter. It is like an open-book exam, therefore, make sure to spend seven to ten days for each paper to fully understand it and to prepare your slides. Each week, you need to evaluate presenters by using Presentation Evaluation form.

Paper Selection Due Dates: First Paper Jan 27 and Second Paper Mar 10. If two or more students select the same paper, the person who has selected earlier will present the paper. Therefore, make sure to chose your papers as soon as possible.

Jan 14 - Jan 16:
Mathematical Background
----------
Jan 21 - Jan 23:
Security and Cryptography Background
----------
Jan 28 - Jan 30:
Secret Sharing Schemes for Very Dense Graphs (Crypto'12)
The Parrot is Dead: Observing Unobservable Network Communications (S&P'13)
Memento: Learning Secrets from Process Footprints (S&P'12)
----------
Feb 04 - Feb 06:
Transparent, Distributed, and Replicated Dynamic Provable Data Possession (ACNS'13)
Experimental Security Analysis of a Modern Automobile (S&P'10)
----------
Feb 11 - Feb 13:
Before We Knew It: An Empirical Study of Zero-Day Attacks In The Real World (CCS'12)
Permission Evolution in the Android Ecosystem (ACSAC'12)
How to Ask For Permission (HotSec'12)
----------
Feb 18 - Feb 20:
Group Behavior Metrics for P2P Botnet Detection (ICICS'12)
Cars, Condoms, and Facebook (ISC'13)
Guess Who's Texting You? Evaluating the Security of Smartphone Messaging Applications (NDSS'12)
Third-Party Web Tracking: Policy and Technology (S&P'12)
----------
Feb 25 - Feb 27:
Tapas: Design, Implementation, and Usability Evaluation of a Password Manager (ACSAC'12)
SoK: Secure Data Deletion (S&P'13)
----------
Mar 04 - Mar 06:
Applying Time-Bound Hierarchical Key Assignment in Wireless Sensor Networks (ICICS'11)
Comprehensive Experimental Analyses of Automotive Attack Surfaces (Security'11)
Facing the Facts About Image Type in Recognition-Based Graphical Passwords (ACSAC'11)
----------
Mar 11 - Mar 13: Spring Vacation
----------
Mar 18 - Mar 20:
Inferring Protocol State Machine from Network Traces: A Probabilistic Approach (ACNS'11)
Automated Remote Repair for Mobile Malware (ACSAC'11)
----------
Mar 25 - Mar 27:
Ideal Secret Sharing Schemes with Share Selectability (ICICS'11)
Developing an International Cooperation on Cyber Defense and Deterrence Against Cyber Terrorism (ICCC'11)
----------
Apr 01 - Apr 03:
The Socialbot Network: When Bots Socialize for Fame and Money (ACSAC'11)
Scriptless Attacks - Stealing the Pie Without Touching the Sill (CCS'12)
Defeat Information Leakage from Browser Extensions via Data Obfuscation (ICICS'13)
Towards End-to-End Secure Content Storage and Delivery with Public Cloud (CODASPY'12)
----------
Apr 08 - Apr 10:
Trustworthy Distributed Computing on Social Networks (AsiaCCS'13)
I Still Know What You Visited Last Summer (S&P'12)
Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems (CCS'12)
----------
Apr 15 - Apr 17:
Evading Censorship with Browser-Based Proxies (PETS'12)
Take a Bite - Finding the Worm in the Apple (ICICS'13)
----------
Apr 22 - Apr 24:
Botcoin: Monetizing Stolen Cycles (NDSS'14)
Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation (Security'13)
Towards Active Detection of Identity Clone Attacks on Online Social Networks (CODASPY'11)
The Crossfire Attack (S&P'13)
----------
Apr 29 - May 01: Cybersecurity Project Presentations
----------
May 05: Final Exam - Monday from 12:50 to 02:50 PM.

Projects ^

Each project can be accomplished individually or in a team of two or three students. The project can be "implementation and evaluation", "new cryptographic/security protocols", "a new cybersecurity system", or "a comprehensive survey in certain situations". Topics of interest include, but are not limited to, the following:

Security in auctions or economics, economics of security and privacy, e-commerce security, secure banking and financial web services, security in e-health, security in e-voting systems, privacy enhancing technologies, secure localization and location privacy, censorship and censorship-resistance, security and privacy in social networks, applications of game theory in security, smart grid security and privacy, distributed systems security, cloud computing security, data outsourcing security, security for mobile computing, database security, secure information retrieval, wireless security, security and privacy for smart devices, network security, operating system security, software security, web security and privacy, attacks and defenses in cyberwars, applied cryptography, etc.
Deadline for the Project Approval: Mar 10
Project Submission Due Date: Apr 28

Links ^

Policies ^

Course Policies: This is a research-based course. Students are initially introduced to some basic concepts of computer security and applied cryptography. Subsequently, the instructor and students present the most recent papers and articles from well-known conferences and journals. It is important to attend all lectures since discussions and clarifications will not be posted on the course homepage. I will consider 10% of the final mark for students' participation and class activities. Students are not allowed to use laptops, smart phones, tablets, etc in the class. Students with disabilities should come and see me. Finally, all exams will be closed-book and there will be no make-up unless a medical report is provided.
Academic Integrity: By enrolling in this course, each student assumes the responsibilities of an active participant in SIUC�s scholarly community in which everyone�s academic work and behaviors are held to the highest standards of honesty. If we catch anyone cheating, we will take the maximum action possible against them, including reporting the matter to the appropriate university authorities. Please cooperate by doing your own work and not seeking inappropriate help from your classmates. You may, of course, discuss assignment solutions and assignments amongst yourselves, as long as that discussion does not lead to an exchange of solutions.
Emergency Procedures: SIUC is committed to providing a safe and healthy environment for study and work. Because some health and safety circumstances are beyond our control, we ask that you become familiar with the SIUC Emergency Response Plan and Building Emergency Response Team (BERT) program. Emergency response information is available on posters in buildings on campus, available on BERT's website, Department of Safety's website (disaster drop down) and in Emergency Response Guideline pamphlet. Know how to respond to each type of emergency. Instructors will provide guidance and direction to students in the classroom in the event of an emergency affecting your location. It is important that you follow these instructions and stay with your instructor during an evacuation or sheltering emergency. The Building Emergency Response Team will provide assistance to your instructor in evacuating the building or sheltering within the facility.