Computer Laboratory

Course pages 2014–15

Computer Security: Current Applications and Research

Location and time

R210 takes place on Tuesdays in Lent Term, 15:00-17:00 in FS09.

Reading materials

The following papers are assigned reading for R210; material for remaining weeks will come online shortly.

  1. Covert and anonymous communications (Steven Murdoch - 20 January 2015)
    1. Mixminion: Design of a Type III Anonymous Remailer Protocol, George Danezis, Roger Dingledine, and Nick Mathewson. In Proceedings of the 2003 IEEE Symposium on Security and Privacy.
    2. Tor: The Second-Generation Onion Router (2014 DRAFT v1), Roger Dingledine, Nick Mathews on, Steven Murdoch and Paul Syverson. Technical Report, Tor Project, January 201 4.
    3. Hot or Not: Revealing Hidden Services by their Clock Skew, Steven J. Murdoch. In Proceedings of the 2006 ACM Conference on Computer and Communications Security (CCS)
  2. Bootstrapping security relationships (Frank Stajano - 27 January 2015)
    1. The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks, Frank Stajano and Ross Anderson, 7th International Workshop on Security Protocols, Cambridge, UK, 1999-04-19. Springer LNCS 1796, published 2000.
    2. A key-management scheme for distributed sensor networks, Laurent Eschenauer and Virgil D. Gligor, ACM CCS '02 – Proceedings of the 9th ACM conference on Computer and communications security pp 41-47.
    3. Multichannel Security Protocols, Ford-Long Wong and Frank Stajano, IEEE Pervasive Computing, Special Issue on Security and Privacy, 6(4):31-39, Oct-Dec 2007.
  3. Mobile-system security (Alastair Beresford - 3 February 2015)
    1. Jekyll on iOS: When Benign Apps Become Evil, Tielei Wang, Kangj ie Lu, Long Lu, Simon Chung, and Wenke Lee. In Proceedings of the 22nd USENIX Security Symposium (USENIX Security), 2013.
    2. PlaceRaider: Virtual Theft in Physical Spaces with Smartphones, Robert Templeman, Zahid Rahm an, David Crandall, and Apu Kapadia. arXiv:1209.5982 [cs.CR].
    3. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, William Enck, Peter Gilbert, Byung-gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2010.
  4. Censorship Resistance (Sheharbano Khattak - 10 February 2015)
    1. Tools and Technology of Internet Filtering, Steven J. Murdoch and Ross Anderson. In Access Denied: The Practice and Policy of Global Internet Filtering, MIT Press, January 2008.
    2. Protecting Free Expression Online with Freenet, Ian Clarke, Theodore W. Hong, Scott G. Miller, Oskar Sandberg, and Brandon Wiley, IEEE Internet Computing v 6 no 1, 40-49 (2002).
    3. Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability, Amir Houmansadr, Giang T. K. Nguyen, Matthew Caesar, Nikita Borisov. In Proceedings of the 2011 ACM Conference on Computer and Communications Security (CCS).
    Optional reading:
    1. Sheharbano Khattak, Mobin Javed, Syed Ali Khayam, Zartash Afzal Uzmi, and Vern Paxson. 2014. A Look at the Consequences of Internet Censorship Through an ISP Lens. In Proceedings of the 2014 Conference on Internet Measurement Conference (IMC '14). ACM, New York, NY, USA, 271-284.
    2. Alberto Dainotti, Claudio Squarcella, Emile Aben, Kimberly C. Claffy, Marco Chiesa, Michele Russo, and Antonio Pescapé. 2011. Analysis of country-wide internet outages caused by censorship. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference (IMC '11). ACM, New York, NY, USA, 1-18.
  5. Psychology and security (Ross Anderson - 17 February 2015)
    1. Daniel Kahneman's Nobel Prize lecture
    2. The evolution and psychology of self-deception by Bill Von Hippell and Bob Trivers [focus on the main paper on pages 1-15 and take a look at the open peer commentary for a broader view]
    3. Scam Compliance and the Psychology of Persuasion, Modic, David and Lea, Stephen E. G., June 21, 2013, Available at SSRN.
    Optional additional reading:
  6. Banking Security (Ross Anderson - 24 February 2015)
    1. Chip and PIN is Broken, Steven J. Murdoch, Saar Drimer, Ross Anderson, and Mike Bond. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (May 2010), pp. 433-446, doi:10.1109/sp.2010.33.
    2. Majority is not Enough: Bitcoin Mining is Vulnerable, Ittay Eyal, Emin G. Sirer, 4 November 2013, arXiv.org
    3. Cloning Credit Cards: A combined pre-play and downgrade attack on EMV Contactless, Michael Roland and Josef Langer, in WOOT 2013, Proceedings of the 7th USENIX conference on Offensive Technologies Pages 6-6.
    Optional additional reading:
  7. Vulnerability Management (Eireann Leverett - 3 March 2015)
    1. Optimal Policy for Software Vulnerability Disclosure, Ashish Arora, Rahul Telang, and Hao Xu, Management Science 200854:4, 642-656.
    2. Empirical Estimates and Observations of 0Day Vulnerabilities, Miles McQueen, Trevor McQueen, Wayne Boyer, and May Chaffin, Proceedings of the 42nd Hawaii International Conference on System Sciences, 2009, IEEE.
    3. Milk or Wine: Does Software Security Improve with Age?, Andy Ozment and Stuart Schecter, Proceedings of the 15th USENIX Security Symposium, USENIX, 2007.
  8. Hardware security and tamper resistance (Sergei Skorobogatov - 10 March 2015))
    1. Introduction to differential power analysis, Paul C. Kocher, Joshua Jaffe, Benjamin Jun, Pankaj Rohatgi, Journal of Cryptographic Engineering v. 1 no. 1, 2011.
    2. Fault Injection Attacks on Cryptographic Devices: Theory, Practice and Countermeasures, Alessandro Barenghi, Luca Breveglieri, Israel Koren, and David Naccache, Proceedings of the IEEE v. 100 no. 11, 2012.
    3. The State-of-the-Art in IC Reverse Engineering, Randy Torrance, Dick James, CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems, 2009.
    Optional additional reading: