Seminar System Security

The central topic of this seminar are security papers presented at top conferences.

The seminar is expected to take place as a block seminar at the end of the lecture period.

Topics

  1. Iframes/Popups Are Dangerous in Mobile WebView: Studying and Mitigating Differential Context Vulnerabilities.https://www.usenix.org/conference/usenixsecurity19/presentation/yang-guangliang
  2. Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms. https://www.usenix.org/conference/usenixsecurity19/presentation/zhou
  3. Looking from the Mirror: Evaluating IoT Device Security through Mobile Companion Apps. https://www.usenix.org/conference/usenixsecurity19/presentation/wang-xueqiang
  4. Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation. https://www.ndss-symposium.org/ndss-paper/master-of-web-puppets-abusing-web-browsers-for-persistent-and-stealthy-computation/
  5. Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers. https://www.ndss-symposium.org/ndss-paper/time-does-not-heal-all-wounds-a-longitudinal-analysis-of-security-mechanism-support-in-mobile-browsers/
  6. Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks. https://www.ndss-symposium.org/ndss-paper/latex-gloves-protecting-browser-extensions-from-probing-and-revelation-attacks/
  7. maTLS: How to Make TLS middlebox-aware? https://www.ndss-symposium.org/ndss-paper/matls-how-to-make-tls-middlebox-aware/
  8. Mind Your Own Business: A Longitudinal Study of Threats and Vulnerabilities in Enterprises. https://www.ndss-symposium.org/ndss-paper/mind-your-own-business-a-longitudinal-study-of-threats-and-vulnerabilities-in-enterprises/
  9. Digital Healthcare-Associated Infection: A Case Study on the Security of a Major Multi-Campus Hospital System. https://www.ndss-symposium.org/ndss-paper/digital-healthcare-associated-infection-a-case-study-on-the-security-of-a-major-multi-campus-hospital-system/
  10. DNS Cache-Based User Tracking. https://www.ndss-symposium.org/ndss-paper/dns-cache-based-user-tracking/
  11. Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives. https://ieeexplore.ieee.org/abstract/document/8835339
  12. Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate. https://ieeexplore.ieee.org/document/8835212
  13. Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. https://ieeexplore.ieee.org/document/8835223
  14. The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations. https://ieeexplore.ieee.org/document/8835216
  15. Blind Certificate Authorities. https://ieeexplore.ieee.org/document/8835242
  16. 1 Trillion Dollar Refund: How To Spoof PDF Signatures. https://dl.acm.org/doi/10.1145/3319535.3339812
  17. Practical Decryption exFiltration: Breaking PDF Encryption. https://dl.acm.org/doi/10.1145/3319535.3354214
  18. Traceback for End-to-End Encrypted Messaging. https://dl.acm.org/doi/10.1145/3319535.3354243
  19. Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack. https://dl.acm.org/doi/10.1145/3319535.3354215
  20. Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web. https://dl.acm.org/doi/10.1145/3319535.3363192
  21. Fuzzification: Anti-Fuzzing Techniques. https://www.usenix.org/conference/usenixsecurity19/presentation/jung
  22. Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai. https://www.ndss-symposium.org/ndss-paper/cleaning-up-the-internet-of-evil-things-real-world-evidence-on-isp-and-consumer-efforts-to-remove-mirai/
  23. True2F: Backdoor-Resistant Authentication Tokens. https://ieeexplore.ieee.org/document/8835225
  24. Seems Legit: Automated Analysis of Subtle Attacks on Protocols that Use Signatures. https://dl.acm.org/doi/10.1145/3319535.3339813
  25. Remote Side-Channel Attacks on Anonymous Transactions. https://eprint.iacr.org/2020/220.pdf
  26. Privacy Aspects and Subliminal Channels in Zcash. - 2019 CCS. https://dl.acm.org/doi/abs/10.1145/3319535.3345663

Dates & Deadlines

  • First week: distribution of topics.
  • November 19th: Preliminary seminar thesis version (at least 5 pages of text; excluding title page, table of contents, references, figures, ...) describing the main paper problem AND briefly describe 2 related papers citing your paper.
  • January 7th: Submission deadline for the prefinal seminar thesis.
  • January 21th: Submission deadline for the reviews.
  • January 27th & 28th: Block Seminar, Presentation of your work
  • February 6th: Submission deadline for the final version of the seminar thesis.

Depending on the situation in February, the presentations will possibly be held remotely.

The seminar will be organized over Panda.

Meetings

We will have five meetings over BBB, with different topics which will (hopefully) be helpful for you to pass the seminar:

  • 15.10. 9:15. Introduction
  • 22.10. 9:15. Research Skills
  • 29.10. 9:15. Writing Skills
  • 14.1. 9:15. Review Skills
  • 21.1. 9:15. Presentation Skills

Recordings of all the lectures will be provided over Panda.

Registration of Topics

Over Jupyter

Grading and Demands

The final grade cosists of your presentation (30%), your paper (60%), and your reviews (10%).

Presentation

20 minutes presentation. 5 minutes discussion and questions.

The best presentation will be awarded! More information will be given in the first meeting.

Seminar thesis

Essay of length 12 to 20 pages written according to the standards of a scientific paper.

Reviews

We will follow a peer review procedure similar to scientific publications:

  • You submit your thesis (paper) at Panda
  • Some (2) peers (other students) review your submission:
    • Read and understand the submitted paper
    • Criticize your paper
    • Make recommendations on how to improve
    • Be honest, polite, and helpful when writing your reviews
  • The reviews you write will influence your final grade
  • The reviews you receive will not influence (but your final version)
  • Each student has to write 2 reviews (each 1-2 pages)