Past offerings: Spring 2015

• Schedule
• Overview
• Credit
• Potential Papers
• Reading and Presenting

Schedule

Overview

(Page formatting cheerfully borrowed from CS 7934.) The Fall 2015 offering of CS 7936 will focus on reading and discussing papers from recent security conferences on a variety of topics.

The goal is to increase participants' familiarity with recent and important results in the area of computer security & privacy research. Attendees will read and discuss papers from recent top-tier security conferences. Attendees will typically discuss one paper each week. Papers will be selected by presenters based on their interests.

Credit

Students may enroll for one (1) credit. Although the University lists the course as “variable credit,” the two- and three-credit options are not currently available.

Students enrolled in the seminar are expected to read the papers prior to the seminar. Additionally, students are expected to sign up to lead the discussion on one or more seminar meeting. Leading the disucssion means:

1. Choosing the paper and submitting it the week before the seminar meeting;
2. Preparing a 7-10 minute summary of the paper and its pertinent points;
3. Preparing potential discussion points if the discussion needs prompting.

Potential Papers

Upcoming and recent conference proceedings are good sources of papers for discussion. Below are links to some relevant conference series.

• Mainstream Security & Privacy Venues
  • USENIX Security (e.g., 2014 program)
  • IEEE Oakland (e.g., 2014 program)
  • CCS (e.g., 2013 program)
  • NDSS (e.g., 2015 program)
• Security & Privacy Papers can be found in these venues
  • SOUPS (e.g., 2014 program)
  • CHI (e.g., 2014 program)
  • Ubicomp (e.g., 2014 program)

And the following is a curated list of papers of possible interest:

• Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting
  Nikiforakis et al
  Oakland/S&P 2013
• Bootstrapping Trust in Commodity Computers
  Parno et al
  Oakland/S&P 2010
• GenoGuard: Protecting Genomic Data against Brute-Force Attacks
  Huang et al
  Oakland/S&P 2015
• Cracking-Resistant Password Vaults using Natural Language Encoders
  Chatterjee et al
  Oakland/S&P 2015
• Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
  Thomas et al
  Oakland/S&P 2015
• A Messy State of the Union: Taming the Composite State Machines of TLS
  Beurdouche et al
  Oakland/S&P 2015
• BIG DATA'S DISPARATE IMPACT
  Barocas and Selbst
  California Law Review, Vol. 104, 2016
• An Epidemiological Study of Malware Encounters in a Large Enterprise
  Yen et al
  USENIX 2014
• Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation
  Das et al
  USENIX 2014
• Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging
  Almuhimedi et al
  CHI 2015
• Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS)
  Egelman and Peer
  CHI 2015
• Somebody's Watching Me?: Assessing the Effectiveness of Webcam Indicator Lights
  Portnoff et al
  CHI 2015
• Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World
  Reaves et al
  USENIX 2015
• "My Data Just Goes Everywhere:" User Mental Models of the Internet and Implications for Privacy and Security
  Kang et al
  SOUPS 2015
• Usability of Augmented Reality for Revealing Secret Messages to Users but Not Their Devices
  Andrabi et al
  SOUPS 2015
• User Perceptions of Sharing, Advertising, and Tracking
  Chanchary and Chiasson
  SOUPS 2015
• Social Media As a Resource for Understanding Security Experiences: A Qualitative Analysis of #Password Tweets
  Dunphy et al
  SOUPS 2015
• Where Have You Been? Using Location-Based Security Questions for Fallback Authentication
  Hang et al
  SOUPS 2015
• Too Much Knowledge? Security Beliefs and Protective Behaviors Among United States Internet Users
  Wash and Rader
  SOUPS 2015
• "...No one Can Hack My Mind": Comparing Expert and Non-Expert Security Practices
  Ion et al
  SOUPS 2015
• Anatomization and Protection of Mobile Apps' Location Privacy Threats
  Fawaz et al
  USENIX Security 2015
• PyCRA: Physical Challenge-Response Authentication for Active Sensors Under Spoofing Attacks
  Shoukry et al
  CCS 2015
• TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens
  Sun et al
  CCS 2015
• Face/Off: Preventing Privacy Leakage From Photos in Social Networks
  Ilia et al
  CCS 2015
• Towards Automatic Generation of Security-Centric Descriptions for Android Apps
  Zhang et al
  CCS 2015
• Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings
  Neupane et al
  CCS 2015
• VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audit
  Perl et al
  CCS 2015
• Defeating IMSI Catchers
  van den Broek et al
  CCS 2015
• Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations (or maybe Insecurity of Voice Solution VoLTE in LTE Mobile Networks)
  Kim et al
  CCS 2015
• Surpass: System-initiated user-replaceable passwords
  Ho Huh et al
  CCS 2015

Reading and Presenting

It can be useful to look up the video of the presentation (if it was at USENIX, the video was recorded and is available online) and/or the slides (which may be available on the presenting author's page).

The following questions (some of which are pulled from Writing for Computer Science) can be useful to keep in mind when reading a paper (although not all questions will apply to all papers):

• What phenomena or properties are being investigated? Why are they of interest? 
• Has the aim of the research been articulated? What are the specific hypotheses and research questions? Are these elements convincingly connected to each other?
• To what extent is the work innovative? How does it differ from past work?
• What are the underlying assumptions? Are they sensible?
• What forms of evidence are used?
• How is the evidence measured? Are the chosen methods of measurement objective, appropriate, and reasonable?
• What compromises or simplifications are inherent in the choice of measure?
• To what extent do the results persuasively confirm the hypothesis? 
• What are the likely weaknesses of or limitations to the approach?
• Which results are the most surprising?
• What is the main contribution of the work?
• Are appropriate conclusions drawn from the results, or are there other possible interpretations?
• Could the results be verified?
• Do the results have applicability to other problems or domains?
• Do the title, abstract, and introduction appropriately set the context for the work?
• Is there anything unusual about the organization of the write-up, and, if so, is there a reason for this organization?
• Are the Tables and Figures clear and useful?
• Are the results of practical applicability, or are they more theoretical in nature?
• What are the main strengths of the paper? What are its weaknesses?
• If you were to cite this paper, what kinds of things might you be citing it for?
• Are there interesting future directions for work that the authors have not discussed?
• Are there particular steps in the methodology or presentation that you would have done differently?
• Are there any methodological decisions that seem to have been motivated by restrictions on time or resources, rather than absolute feasibility?
• Are there any ethical issues associated with the paper, and if so, how were they (or how weren't they) dealt with?