高级计算机网络(侧重安全) 2017 夏

主讲教师:陈焰教授 (newyale@zju.edu.cn)

本课程我们会侧重于互联网安全, 先开始学习互联网安全的概述,然后主要集中于如下几个新兴的安全挑战和攻防对策领域:移动(智能手机)安 全, 软件漏洞及挖掘,和软件自定义网 络(SDN)安全。 通过这门课,同学们将阅读和讨论一些研究论文,获取一些开放性的研究问题,然后可以选择其中有兴趣的作为课 程项目。

上课时间地点:夏 (每周)星期三6-9节 玉泉曹光彪二期-204(多)

评分

  • 20% 课堂出勤及讨论
  • 50% 论文 presentations.  Each student is expected to co-present a paper.  There are more guidelines below.
  • 30% 论文调研 (survey).  Each student is expected to write a survey by the end of a quarter.  Topics will be discussed in the class.

Date

Lectures Topics

Speakers & Notes

Reading

5/3
智能网联汽车安全 科恩实验室
智能网联汽车安全讲课大纲

5/10   

Class Overview,
Intro to Advanced Persistent Threat (APT)
Software Security

[APT Detection]

[static analysis part1]
Yan, Roca

H. Xu, Y. Chen, et al., RAT Detection with Potentially Harmful Functions (PHFs)

Boyuan He, Vaibhav Rastogi, Yinzhi Cao, Yan Chen, V.N. Venkatakrishnan, Runqing Yang and Zhenrui Zhang, Vetting SSL Usage in Applications with SSLINT, in the Proc. of IEEE Symposium on Security and Privacy (Oakland), 2015 (55/402=13.7%).  Presentation PowerPoint in Chinese. 

5/15
Intro to SDN and NFV and their security issues [Slides by Shenker]
Yan
[Openflow]

The Future of Networking, and the Past of Protocols, Scott Shenker (video of talk at Ericsson)

How SDN will Shape Networking, talk by Nick McKeown at Open Network Summit, 2011.

5/22      

Intro to Mobile Security and Privacy

[AppShield]
Yan

Symantec Internet Security Threat Report, April 2017.
Zhengyang Qu, Guanyu Guo, Zhengyue Shao, Vaibhav Rastogi, Yan Chen, Hao Chen and Wangjun Hong, AppShield: Enabling Multi-entity Access Control Cross Platforms for Mobile App Management, in the Proc. of Securecomm 2016.
Zhengyang Qu, Tiantian Zhu, Jingsi Zhang, Zhengyue Shao, Yan Chen, Sandeep Prabhakar, Jianfeng Yang, "RiskCog: Implicit and Continuous User Identification on Smartphones in the Wild", under submission.

5/29 by Prof. Chunming Wu


6/7

by Prof. Chunming Wu



6/14 Survey/Paper presentations
2,4,5,8
6/21
Survey/Paper presentations 1,3,6,7,9

Notes: You may find the brochure useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.

Paper presentation list:


I. APT/malware  Detection:

1. Brown Farinholt, Mohammad Rezaeirad, Paul Pearce, Hitesh Dharmdasani, Haikuo Yin, Stevens Le Blond, Damon McCoy, and Kirill Levchenko,To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild, IEEE Symposium on Security & Privacy (Oakland), San Jose, CA, May 2017.
Survey: APT attack detection  (mentor: 许海涛  <haitao.wm@gmail.com>, (唐雷,唐凯宇) 6/21


2.  Caillat B, Gilbert B, Kemmerer R, et al. Prison: Tracking Process Interactions to Contain Malware, IEEE International Conference on High PERFORMANCE Computing and Communications (CSS), 2015
Survey: In memory attack detection.  (mentor: 杨润清 <rainkin1993@gmail.com>) (朱 梦凡, 王冠颖) 6/14


3. VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery,  Seulbae Kim (Korea University), Seunghoon Woo (Korea University), Heejo Lee (Korea University), Hakjoo Oh (Korea University), in IEEE Symposium S&P 2017.
Survey: The industry of automatic vulnerability discovery for large scale software  (mentor: 何博远 <heboyuan@gmail.com>) ( 周寒, 诸凯丽) 6/21

II. SDN/NFV Security and Diagnosis


4. Paper: Mahajan K, Poddar R, Dhawan M, et al. JURY: Validating Controller Actions in Software-Defined Networks, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).
Survey: Security issues for SDN base cloud (Openstack)  (mentor: 冷雪  <lengsnow2015@qq.com>) (张淼, 汪世元) 6/14


5. Paper:  Scott C, Wundsam A, Raghavan B, et al. Troubleshooting blackbox SDN control software with minimal causal sequences[J]. ACM SIGCOMM Computer Communication Review, 2015, 44(4): 395-406.  (mentor: 李星) (李星, 金羚) 6/14

Survey: Diagnosis of cloud based services

III. Mobile Security

6. Tao Feng, Ziyi Liu, Kyeong-An Kwon, Weidong Shi, Bogdan Carbunar, Yifei Jiang, and Nhung Nguyen. Continuous mobile authentication using touchscreen gestures. In 2012 IEEE Conference on Technologies for Homeland Security (HST), 2012.
Survey: User authentication for mobile and wearable devices.  (mentor: 朱添田 <laozhutt@gmail.com>) (吴越华,余晓峰) 6/21

7. Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, and Dawn Song. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE transactions on information forensics and security, 8(1):136148, 2013.Survey: Authentication for Internet of Things (IoT)  mentor: 朱添田 <laozhutt@gmail.com>) (翁荻, 宋麒) 6/21

8. Kusner M, Sun Y, Kolkin N, et al. From wo ​rd embeddings to document distances. International Conference on Machine Learning. 2015  (mentor: Du Xuechao)
Survey: Knowledge based NLP techniques and its applications. (mentor: 杜学超 <xcdu@foxmail.com>)  (余平刚, 杨荣钦) 6/14

9. Grace, Michael C, et al. "Unsafe exposure analysis of mobile in-app advertisements." ACM Conference on Security and Privacy in Wireless and Mobile Networks ACM, 2012:101-112
Survey: mobile ads economic market, fraud and attacks  (mentor: Ling Jin <ljin1995@qq.com>)  (Yu Guo, 刘皇敏) 6/21

Each team will consist of two students.   The first four teams presenting on 6/14 will have 35 minutes each and the last five teams presenting on 6/21 will have 30 minutes each (I try to encourage people to present earlier).  The work division will be reported at the final survey report.

Please mainly present the survey for 20-25 minutes and cover the paper in about 5-10 minutes.  


For the paper, plz mainly just present the key ideas, contributions, and highlight results.

Try to use Google scholar.
Top 4 security conferences: IEEE Symposium on Security and Privacy (Oakland),  ACM CCS,  USENIX Security,  NDSS
journals: IEEE Transaction on information security (TSEC),   IEEE Transaction on Information Forensics and Security (TIFS)

A sample of the survey paper is as follows:
Hongyu Gao, Jun Hu, Tuo Huang, Jingnan Wang and Yan Chen, Security Issues in Online Social Networks, in IEEE Internet Computing, Volume 15, No. 4, July/August, 2011, pp. 56-63.