CMSC 818O: Computer and Network Security

Tuesday May 9

Session 1: Web security

Mitigating Browsing Issues for Anonymous Users
Mahmoud Sayed, Anton Mitrokhin, Xinyu Zhou
Who Touches Your Web Pages
Xuyi Ruan, Zheng Yan

Session 2: Malicious online activity

A.I.ron Sights
Mukul Kulkarni, Alexis McKay, Elissa Redmiles, Faizan Wajid
Mining Illegitimate DNS Traffic for Malicious Activity
Stephen Herwig, Katura Harvey

Thursday May 11

Session 3: TLS measurement

Measurement and Analysis of HSTS and HPKP
Denis Peskov, Ivan Petrov, Gregory Coard

Session 4: Inference attacks

A Side-Channel Attack using Bus Detection for Localization
Kevin Bock, Ryan Eckenrod, Ashton Webster
SGX, Possible Vulnerabilities and Mitigation Techniques
Amir Majlesi Kupaei, Aria Shahverdi

Session 5: Dynamic software analysis

Symbolic Execution of Ethereum Virtual Machines
Ian Sweet
Detecting Complexity Attacks Using Dynamic Analysis
Kesha Hietala, Willem Wyndham

The bulk of your work in this class will center around a final project. The goal of this course project is for you to get experience doing security research by working on an open problem. It should also be a problem that's interesting to you: you will pick it, but I am happy to discuss project ideas with you.

Ideally, several (possibly workshop) publications will come out of this class. To this end, there will be several milestones throughout the semester to help make sure that you are making progress.

Any point throughout the semester, you are welcome to come meet with me to discuss ideas, or if you need advice.

Feb 21: Email Dave with the members of your group

No more than 4 people per group.
The more people, the more I will expect.

Mar 14: Project pre-proposal presentations

Make a short presentation about your intended project to solicit feedback from your classmates.

Keep your presentation to 5 minutes, plus Q&A.
Describe the problem you want to solve.
Provide some context to the problem in terms of background and related work.
Describe how you plan to:
- Solve the problem
- Evaluate your solution
- Address potential ethical concerns
Give feedback to your classmates about their projects.

Mar 31: Project proposal writeup

Email Dave a 2-3 page PDF document describing your proposed project. Be sure to include:

The members of your group
A description of the problem you seek to solve.
A background and survey of related work.
The approach you intend to take to solve the problem, and how this differs from prior approaches.
An evaluation plan (will you use simulation, implementation, a user study, an existing dataset, etc.)
Plans for what you intend to accomplish by the checkpoint and by the end of the semester.

Apr 21: Project checkpoint

Email Dave a 1-2 page PDF document describing your progress thus far. Include:

The members of your group.
The progress you have made thus far.
The conclusions you can draw thus far from your preliminary results.
Whether you are on track to complete what you proposed.
What obstacles or unexpected problems you faced.
How you plan to address the remaining problems.

May 9 & 11: Project presentations

The final two days of class will be the 1st Annual UMD GradSec Symposium. Each group will deliver a 10 minute presentation on their work, followed by Q&A. The program will be announced closer to that day.

May 14: Project writeups

Your final writeup should largely reflect the style and substance of a workshop or conference submission. It should not exceed 8 pages (not including references and appendices). It should include:

An abstract summarizing the work.
An introduction that motivates the problem and your approach.
A related work section that puts the work into context and differentiates your work from others'.
One or more sections describing your solution, study, design, etc.
One or more sections describing your results, evaluation, findings, etc.
A brief conclusion and future work section describing what remains to be done.
References and citations.

1st Annual GradSec Symposium

Tuesday May 9

Thursday May 11

Final Projects