| Date | Syllabus | Reading | Note
|
|---|
| Aug 30 | Overview, Privacy Landscape |
Optional: What is privacy worth?
Alessandro Acquisti, Leslie John, and George Loewenstein
Optional: Learning Your Identity and Disease from Research Papers: Information Leaks in Genome Wide Association Study
R. Wang, Y. Li, X. Wang, H. Tang and X. Zhou
|
| Sep 04 & Sep 06 | Goals
Homework 1 |
"These Aren't the Droids You're Looking For" Retrofitting Android to Protect Data from Imperious Applications.
Peter Hornyack et. al.
Separating Web Applications from User Data Storage with BStore
Ramesh Chandra, Priya Gupta, and Nickolai Zeldovich
Optional: REPRIV: Re-Envisioning In-Browser Privacy
Matthew Fredrikson and Ben Livshits
Optional: Jana: Platform protection for user privacy
| Project groups formed
|
| Sep 11 & Sep 13 | Attacks
Homework 2 |
How to Break Anonymity of the Netflix Prize Dataset.
Arvind Narayanan and Vitaly Shmatikov
Memento: Learning Secrets from Process Footprints
Suman Jana and Vitaly Shmatikov
Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow
S. Chen, R. Wang, X. Wang and K. Zhang
Optional:"You Might Also Like:" Privacy Risks of Collaborative Filtering
Joseph A. Calandrino et. al.
Optional: De-anonymizing Social Networks
Arvind Narayanan and Vitaly Shmatikov
Optional: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds
Tom Ristenpart et. al.
Optional: Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud
Zhenyu Wu et. al.
|
| Sep 18 & Sep 20 | Trusted Computing/Trusted Hardware
Homework 3 |
Flicker: Minimal TCB Code Execution
McCune et. al.
TrustVisor: Efficient TCB Reduction and Attestation.
Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig
Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services
Nuno Santos et. al.
Optional:Memoir: Practical State Continuity for Protected Modules
Parno et. al.
Optional: BIND: A Fine-grained Attestation Service for Secure Distributed Systems.
Elaine Shi, Adrian Perrig, Leendert Van Doorn.
Optional: vTPM: Virtualizing the Trusted Platform Module.
Stefan Berger, Ramon Caceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doorn
Optional: Seeding Clouds with Trust Anchors
Schiffman et. al.
| Project proposal due
|
| Sep 25 & Sep 27 | Virtualization, Isolation, Minimal TCB
Homework 4 |
NoHype: Virtualized cloud infrastructure without the virtualization
Eric Keller, Jakub Szefer, Jennifer Rexford, and Ruby B. Lee
SnowFlock: Rapid Virtual Machine Cloning for Cloud Computing
Lagar-Cavilla et. al.
Content-Based Isolation: Rethinking Isolation Policy in Modern Client Systems
Alexander Moshchuk, Helen J. Wang, Yunxin Liu
Optional: Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems
Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R.K. Ports
Optional: NOVA: A Microhypervisor-Based Secure Virtualization Architecture
Udo Steinberg and Bernhard Kauer
|
| Oct 02 & Oct 04 | Network-level Anonymity
Guest lecturer: Dave Levin
Homework 5 |
Tor: The Second-Generation Onion Router
Roger Dingledine, Nick Mathewson, and Paul Syverson
The Dining Cryptographers Problem
David Chaum
Optional: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms
David L. Chaum
Optional: The Social Cost of Cheap Pseudonyms
Eric J. Friedman and Paul Resnick
Optional: P5: A Protocol for Scalable Anonymous Communications
Rob Sherwood, Bobby Bhattacharjee, Aravind Srinivasan
Optional: Virtual Trip Lines for Distributed Privacy-Preserving Traffic Monitoring
Baik Hoh et al.
|
| Oct 09 & Oct 11 | Differential Privacy
Homework 6 |
Cynthia Dwork's video tutoial on DP
Differential Privacy (Invited talk at ICALP 2006)
Cynthia Dwork
Privacy Integrated Queries
Frank McSherry
Optional: GUPT: Privacy Preserving Data Analysis Made Easy
Mohan et. al.
Optional: The Differential Privacy Frontier
Cynthia Dwork
|
| Oct 16 & Oct 18 | Cryptography
Guest Lecturer: Dov Gordon
Homework 7 |
Optional Reading:
Optional: Multiparty Computation from Threshold Homomorphic Encryption
Ronald Cramer, Ivan Damgar, and Jesper Buus Nielsen
Optional: Fully Homomorphic Encryption over the Integers
Marten van Dijk, Craig Gentry, Shai Halevi, and Vinod Vaikuntanathan
Optional: Practical Techniques for Searching on Encrypted Data
Dawn Song, David Wagner, and Adrian Perrig
Optional: Conjunctive, Subset, and Range Queries on Encrypted Data
Dan Boneh and Brent Waters
Optional: Multi-Dimensional Range Query over Encrypted Data.
Elaine Shi, John Bethencourt, T-H. Hubert Chan, Dawn Song, and Adrian Perrig
Optional: Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products
Jonathan Katz, Amit Sahai, and Brent Waters
Optional: An efficient system for non-transferable anonymous credentials with optional anonymity revocation
Jan Camenisch, Anna Lysyanskaya
|
| Oct 23 & Oct 25 | More on crypto and DP
Homework 8 |
Sample and Aggregate
Anonymous Authentication
|
| Oct 30 & Nov 01 | Side-Channel Defenses
Homework 9 |
STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud
Taesoo Kim et. al.
Predictive Mitigation of Timing Channels in Interactive Systems
Danfeng Zhang et. al.
Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors
Coppens et. al.
Oblivious RAM with O(log N ^ 3) Worst-Case Cost.
Elaine Shi, T-H. Hubert Chan, Emil Stefanov, Mingfei Li.
| Project milestone
|
| Nov 06 & Nov 08 | Applications
Homework 10 |
Privacy-Aware Personalization for Mobile Advertising
Michaela Gotz and Suman Nath
Persona: An Online Social Network with User-Defined Privacy
Randy Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee, Daniel Starin
Adnostic: Privacy Preserving Targeted Advertising
Vincent Toubiana, Arvind Narayanan, Dan Boneh, Helen Nissenbaum, Solon Barocas
Optional Reading:
CryptDB: A Practical Encrypted Relational DBMS
Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan
Differentially-Private Network Trace Analysis
Frank McSherry and Ratul Mahajan
BotGrep: Finding P2P Bots with Structured Graph Analysis
Shishir Nagaraja, Prateek Mittal, Chi-Yao Hong, Matthew Caesar, and Nikita Borisov
|
| Nov 13 & Nov 15 | Application Framework
Guest Lecturer (for the Koi paper): Matthew Lentz
Homework 11 |
Koi: A Location-Privacy Platform for Smartphone Apps
Saikat Guha, Mudit Jain, and Venkata N. Padmanabhan
A Software-Hardware Architecture for Self-Protecting Data
Yu-Yuan Chen et. al.
Optional: Airavat: Security and Privacy for MapReduce
Indrajit Roy, Srinath T.V. Setty, Ann Kilzer, Vitaly Shmatikov, and Emmett Witchel
Optional: SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics
Martin Burkhart, Mario Strasser, Dilip Many, and Xenofontas
Dimitropoulos, ETH Zurich, Switzerland
|
| Nov 20 (Nov 22 is Thanksgiving holiday) | Programming Languages and Information Flow Tracking
Guest Lecturer: Michael Hicks
Homework 12 |
Language-Based Information-Flow Security
Andrei Sabelfeld and Andrew C. Myers
Quantifying Information Flow with Beliefs
Michael R. Clarkson, Andrew C. Myers, and Fred B. Schneider
Dynamic Enforcement of Knowledge-based Security Policies
Optional Reading:
Measuring Channel Capacity to Distinguish Undue Influence
James Newsome, Stephen McCamant, and Dawn Song
Improving Application Security with Data Flow Assertions
Pointless Tainting? Evaluating the Practicality of Pointer Tainting
Information Flow Control for Standard OS Abstractions
Quantitative information flow as network flow capacity
Making information flow explicit in HiStar
|
| Nov 27 & Nov 29 | Policy, Economics, Usability |
The Psychology of Security for the Home Computer User
Adele E. Howe et. al.
User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems
Franziska Roesner et. al.
|
| Dec 04 & Dec 06 | Misc.
Guest Lecturer: Yan Huang
Homework 13 |
Faster Secure Two-Party Computation Using Garbled Circuits
Yan Huang, David Evans, Jonathan Katz, Lior Malka
|
| Dec 11 | Project Presentations |
TBD
|