Security Reading Group
The security reading group meets Wednesdays during the semester typically at 12:30 in the CITP Conference Room (Sherrerd Hall, 3rd floor). Sushi lunch is provided. Each week participants read and discuss a technical paper.
To find out about upcoming meetings, join the security-reading list.
For specific times, locations, and readings, see the CITP online calendar: XML ICAL HTML
Upcoming Events
| Today Oct. 21 |
A Micro-Payment Scheme Encouraging Collaboration in Multi-Hop Cellular Networks. M. Jakobsson, J.-P. Hubaux, L. Buttyán. Financial Cryptography 2003.
Interested readers may also wish to examine: A Charging and Rewarding Scheme for Packet Forwarding in Multi-Hop Cellular Networks. N. B. Salem, L. Buttyán, J.-P. Hubaux, M. Jakobsson. 2003 ACM International Symposium on Mobile Ad Hoc Networking and Computing. |
Past Events
Fall 2009
| Oct. 14 | VPriv: Protecting Privacy in Location-Based Vehicular Services. R. A. Popa, H. Balakrishnan, A. J. Blumberg. USENIX Security 2009. |
| Oct. 7 | Privads: Privacy Preserving Targeted Advertising. V. Toubiana, A. Narayanan, D. Boneh, H. Nissenbaum, S. Barocas. 2009. |
| Sep. 30 | Privacy-Preserving Genomic Computation Through Program Specialization. R. Wang, X. Wang, Z. Li, H. Tang, M. Reiter, Z. Dong. ACM CCS 2009. |
| Sep. 23 | Vanish: Increasing Data Privacy with Self-Destructing Data. R. Geambasu, T. Kohno, A. A. Levy, H. M. Levy. USENIX Security 2009.
Interested participants may also wish to check out: |
Spring 2009
| May 6 | Your Botnet is My Botnet: Analysis of a Botnet Takeover. B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, G. Vigna. 2009.
Know Your Enemy: Containing Conficker (To Tame A Malware). F. Leder, T. Werner. 2009. |
| Apr. 29 | Secure Content Sniffing for Web Browsers or How to Stop Papers from Reviewing Themselves. A. Barth, J. Caballero, D. Song. Oakland 2009. |
| Apr. 22 | input type=”password” must die!. D. R. Sandler and D. S. Wallach. W2SP 2008. |
| Apr. 8 | On the Effectiveness of Address-Space Randomization. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, D. Boneh. ACM CCS 2004. |
| Apr. 1 | The Snooping Dragon: Social-Malware Surveillance of the Tibetan Movement. S. Nagaraja, R. Anderson. 2009. |
| Mar. 25 | Detecting In-Flight Page Changes with Web Tripwires. C. Reis, S. D. Gribble, T. Kohno, N. C. Weaver. NSDI 2009. |
| Mar. 11 | Optical DNA. D. Vijaywargiy, D. Lewisz, D. Kirovski. Financial Cryptography 2009. |
| Mar. 4 | Instead of our usual format, we will be attending the new crypto seminar this week. |
| Feb. 25 | BootJacker: Compromising Computers using Forced Restarts. E. M. Chan, J. C. Carlyle, F. M. David, R. Farivar, R. H. Campbell. ACM CCS 2008. |
| Feb. 18 | We will be reviewing a draft paper written by several members of the Princeton CS department. |
| Feb. 11 | MD5 considered harmful today: Creating a rogue CA certificate. Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger. 2008 |
Fall 2008
| Dec. 17 | Native Client: A Sandbox for Portable, Untrusted x86 Native Code. B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, N. Fullagar. 2008. |
| Dec. 10 | Information Leaks in Structured Peer-to-Peer Anonymous Communication Systems. P. Mittal, N. Borisov. ACM CCS 2008. |
| Dec. 3 | Towards Practical Biometric Key Generation with Randomized Biometric Templates. L. Ballard, S. Kamara, F. Monrose, M. K. Reiter. |
| Nov. 19 | Rootkit-Resistant Disks. K. Butler, S. McLaughlin, P. McDaniel. ACM CCS 2008. |
| Nov. 12 | Spamalytics: An Empirical Analysis of Spam Marketing Conversion. C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, S. Savage. ACM CCS 2008. |
| Oct. 22 | A. Barth, C. Jackson, C. Reis, Google Chrome Team. The Security Architecture of the Chromium Browser. 2008. |
| Oct. 15 | Sequences of Games: A Tool for Taming Complexity in Security Proofs. V. Shoup. January 2006. |
| Oct. 8 | Designing Games with a Purpose. L. von Ahn, L. Dabbish. Communications of the ACM, August 2008.
reCAPTCHA: Human-Based Character Recognition via Web Security Measures. L. von Ahn, B. Maurer, C. McMillen, D. Abraham, M. Blum. Science, September 12, 2008. |
| Oct. 1 | Secure Web Browsing with the OP Web Browser. C. Grier, S. Tang, S. T. King. IEEE Symposium on Security and Privacy, 2008. |
| Sep. 24 | Arvind Narayanan (visiting from the University of Texas, Austin) will present his recent work on privacy in social networks. |
Spring 2008
| May 7 | The Practical Subtleties of Biometric Key Generation. L. Ballard, S. Kamara, M. K. Reiter. USENIX Security 2008 (Note: we are reading a preliminary version, not the conference-ready version, which is not yet available). |
| Apr. 30 | All Your iFRAMEs Point to Us. N. Provos, P. Mavrommatis, M. A. Rajab, F. Monrose. USENIX Security 2008 (Note: we are reading a preliminary version, not the conference-ready version, which is not yet available). |
| Apr. 23 | Application-Specific Attacks: Leveraging the ActionScript Virtual Machine. M. Dowd. April 2008. |
| Apr. 16 | A World Wide Web Without Walls. M. Krohn, A. Yip, M. Brodsky, R. Morris, M. Walfish. 6th ACM Workshop on Hot Topics in Networking (Hotnets). 2007. |
| Apr. 9 | Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses. D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, W. H. Maisel. IEEE Symposium on Security and Privacy, 2008. |
| Apr. 2 | SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks. H. Yu, P. B. Gibbons, M. Kaminsky, F. Xiao. IEEE Symposium on Security and Privacy, 2008. |
| Mar. 26 | The State of Elliptic Curve Cryptography. N. Koblitz, A. Menezes, S. Vanstone. Designs, Codes and Cryptography. 2000. |
| Mar. 5 | Thinking inside the Box: System-Level Failures of Tamper Proofing. S. Drimer, S. J. Murdoch, R. Anderson. IEEE Symposium on Security and Privacy, 2008. |
| Feb. 27 | Secure Conjunctive Keyword Search over Encrypted Data. P. Golle, J. Staddon, B. Waters. Second International Conference on Applied Cryptography and Network Security (ACNS-2004). |
| Feb. 22 | Wherefore Art Thou R3579X? Anonymized Social Networks, Hidden Patterns, and Structural Steganography. L. Backstrom, C. Dwork, J. Kleinberg. WWW 2007. |
| Feb. 13 | Silicon Physical Random Functions. B. Gassend, D. Clarke, M. van Dijky, S. Devadas. ACM CCS 2002. |
Fall 2007
| Dec. 19 | Harvesting Verifiable Challenges from Oblivious Online Sources.. J. Alex Halderman, B. Waters. ACM CCS 2007. |
| Dec. 12 | Practical Techniques for Searches on Encrypted Data.. D. X. Song, D. Wagner, A. Perrig. 2000 IEEE Symposium on Security and Privacy.
Optional: |
| Dec. 5 | An Independent Audit Framework for Software Dependent Voting Systems. S. Garera, A. D. Rubin. ACM CCS 2007. |
| Nov. 21 | Protecting Browsers from DNS Rebinding Attacks. C. Jackson, A. Barth, A. Bortz, W. Shao, D. Boneh. ACM CCS 2007.
Optional: |
| Nov. 14 | Dynamic Pharming Attacks and the Locked Same-Origin Policies for Web Browsers. C. Karlof, U. Shankar, J.D. Tygar, D. Wagner. ACM CCS 2007.
Optional: |
| Nov. 7 | Cryptanalysis of the Windows Random Number Generator. L. Dorrendorf, Z. Gutterman, B. Pinkas. CCS 2007. |
| Oct. 17 | Hardware-rooted Trust for Secure Key Management and Transient Trust. J. S. Dwoskin, R. B. Lee. CCS 2007. |
| Oct. 10 | Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? C. V. Wright, L. Ballard, F. Monrose, G. M. Masson. USENIX Security 2007. |
| Oct. 3 | SubVirt: Implementing Malware with Virtual Machines. S. T. King, P. M. Chen, Y.-M. Wang, C. Verbowski, H. J. Wang, J. R. Lorch. IEEE Security and Privacy 2006. Compatibility is Not Transparency: VMM Detection Myths and Realities. T. Garfinkel, K. Adams, A. Warfield, J. Franklin. HotOS 2007. |
| Sep. 26 | On Web Browsing Privacy in Anonymized NetFlows. S. E. Coull, M. P. Collins, C. V. Wright, F. Monrose, M. K. Reiter. USENIX Security 2007. |
| Sep. 19 | Cross-Site Request Forgeries: Exploitation and Prevention. W. Zeller and E. W. Felten. In preparation. |
Spring 2007
| May 2 | Secret Handshakes with Dynamic and Fuzzy Matching. G. Ateniese, J. Kirsch, M. Blanton. NDSS 07. |
| Apr. 25 | The Anatomy of Clickbot.A. N. Daswani, M. Stoppelman, Google Click Quality & Security Teams. HotBots 2007. |
| Apr. 18 | Control Flow Integrity: Principles, Implementations, and Applications. M. Abadi, M. Budiu, Ú. Erlingsson, J. Ligatti. CCS 2005. |
| Apr. 11 | Bill Zeller presents new work on CSRF vulnerabilities. |
| Apr. 4 | A Privacy-Protecting Voting Protocol with Double-Vote Identification. H. Yu and E. W. Felten. In preparation. |
| Mar. 28 | Low-Resource Routing Attacks Against Anonymous Systems. K. Bauer, D. McCoy, D. Grunwald, T. Kohno, D. Sicker. 2007. |
| Mar. 14 | Automatically Generating Malicious Disks using Symbolic Execution. J. Yang, C. Sar, P. Twohey, C. Cadar, D. Engler. IEEE Security and Privacy ‘06. |
| Mar. 7 | One Laptop per Child. Bitfrost Platform Specification. Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks. P. Traynor, W. Enck, P. McDaniel, T. La Porta. MobiCom ‘06. |
| Feb. 21 | A Platform for RFID Security and Privacy Administration. M. R. Rieback, G. N. Gaydadjiev, B. Crispo, R. F.H. Hofman, A. S Tanenbaum. LISA 06. |
| Feb. 7 | Botnets as a Vehicle for Online Crime. N. Ianelli, A. Hackworth. CERT, 2005. A Multifaceted Approach to Understanding the Botnet Phenomenon. M. A. Rajab, J. Zarfoss, F. Monrose, A. Terzis. IMC 2006. |
Fall 2006
| Dec. 13 | Secure Human Identification Protocols. N. J. Hopper, M. Blum. ASIACRYPT 2001. |
| Dec. 6 | Target Collisions for MD5 and Colliding X.509 Certificates for Different Identities. M. Stevens, A. Lenstra, and B. de Weger. Cryptology ePrint Archive, Report 2006/360. 2006. |
| Nov. 29 | Finding Collisions in the Full SHA-1. X. Wang, Y. L. Yin, H. Yu. Crypto ‘05. |
| Nov. 22 | Cross Site Reference Forgery. J. Burns. 2005. Preventing Cross-Site Scripting Vulnerability. D. Hu. 2004. |
| Nov. 15 | An Introduction to Punchscan. S. Popoveniuc, B. Hosp. VSRW 06, WOTE 2006. Punchscan: Introduction and System Definition of a High-Integrity Election System. K. Fisher, R. Carback, A. T. Sherman. WOTE 2006. |
| Nov. 8 | Keyboards and Covert Channels. G. Shah, A. Molina, M. Blaze. USENIX Security 2006. |