Computer Security Research Seminar

Instructors: Wu-chang Feng, Charles V. Wright
Office hours: here
Coordinates:
  • Virtual class Zoom T-Th 2pm-3:15pm
  • FAB 47: T-Th 2pm-3:15pm
Contact and discussion: Resources
Course Description
This course covers a range of advanced topics in security in a seminar-style format.

Schedule

Week Topic Discussion
1 (3/31)
 Research paper list
  • Select paper from this list and send to Slack channel
Podcast Qs Google Doc
Mitre Attack
 Course introduction, Zoom testing
Overview slides
Cyber Kill Chain, Mitre Attack Framework, Threat modeling slides
2 (4/7)
 Perimeterless security
 Mitre discussions
Mitre presentations
  • Initial Access (Ted), Execution (AlexD)
3 (4/14)
 Cloud, Serverless, DevOps
  • Persistence (AlexR, Charley)
  • Privilege Escalation (Ethan), Defense Evasion A-H (Allison)
4 (4/21)
 Case Studies
  • Defense Evasion I-X (JeffDLM), Credential Access (Meghan)
  • Discovery (Bar), Lateral movement (Joseph)
5 (4/28)
 Social Engineering, Canaries
Readings
  • How to read a research paper pdf
  • Collection (Son), Command and Control (Carter)
  • Exfiltration (Milan), Impact (Cosimo)
6 (5/5)
 Mitre recap, Petabyte-scale security analytics Podcasts and Reading discussion
Guest presentation (5/7): Cody Wood: What's Old is New (Reviving an Old AppSec Technique)
7 (5/12)
 Machine learning for detecting bad

Low-level hacking

CPU fuzzing (Charley) Breaking the x86 ISA link
Rowhammer (AlexD) slides | blog post

Symbolic execution

Binary analysis (Allison) Unleashing MAYHEM on Binary Code link
Web analysis (Wu) Symbolic execution for generating web-based exploits  NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications link
8 (5/19)
 Machine learning for modeling good, Application whitelisting

Web protocol hacking

Web caches (Jeff)  Cached and Confused: Web Cache Deception in the Wild link
Upload vulnerabilities (Ted)  FUSE: Finding File Upload Bugs via Penetration Testing link

Web cross-domain requests

CORS (Carter)  We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS link
Cookies (Meghan)  Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies link
9 (5/26)
 Lawful interception

Web implementation

Web browsers (Ethan) XHOUND: Quantifying the Fingerprintability of Browser Extensions link
Web apps (Joseph)  A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning link

Encryption

Dark Internet Mail Environment (DIME) (Bar)  First 3 parts: link
Encryption at rest (Son) link
10 (6/2)
 Voting Cyberwarfare

Social engineering

Spearphishing detection via ML (Cosimo)  Detecting Credential Spearphishing Attacks in Enterprise Settings link
E-mail spoofing (Milan) End-to-End Measurements of Email Spoofing Attacks link

Lawful Interception (Charles)
Finals week Final class (Charles) (Mon. June 8, 10:15am-12:05pm)
 Final screencast Media Space URL in D2L
(Thurs. June 11, 11:59pm)

Assignments

Weekly podcast summary
Each week, you will be given a podcast to listen to in a shared Google Doc with the instructors. For each podcast, within the Google Doc, you will answer the questions included in the Google Doc for the podcast. You will then participate in the discussion of each podcast. Podcasts will be assigned on Tuesday for discussion the following Tuesday. Answers to questions within the Google Doc are due the Sunday prior to the discussion.
Mitre Attack presentations
Beginning in the second week, we will be rotating through tactics and techniques in the Mitre Attack matrix. On the first day of class, you will be assigned a subset of techniques to cover. You will become the class expert on the techniques and present them to the class over Zoom using a shared Google Slide presentation that the instructors will share with you.   The presentation should run about 20 minutes and will be graded based upon how well you have described the following aspects of your topic:
  • Technical details of each technique's use, the vulnerability it leverages, the difficulty in using it, and case studies of how it has been used
  • Description of CIS control and specific counter-measures that can mitigate each technique, their ease of deployment, and their effectiveness in prevention.
Research paper presentations
For your second presentation, you will select and research a paper of your choice from this list of papers.   You will become the class expert on the paper and present the paper as if it was your own to the class over Zoom using a shared Google Slide presentation as before.   The presentation should run about 20 minutes and will be graded based upon how well it follows the criteria below
  • Background and Motivation (1-2 slides): What problem is the paper addressing? Why should we care? What has been done before, and why is something more still needed?
  • Proposed Approach (4-10 slides): What do the authors propose to do? How does their idea work? What assumptions does this rely on?
  • Evaluation (2-5 slides): How did the authors evaluate their idea? What are the results?  Does it work? What evidence do they provide to show that it works?
  • Analysis (2-6 slides): Do you buy what they’re selling? Why or why not? Did they solve the right problem? Does their evaluation measure the right things? What does this mean for the world going forward? Does this change the game?  How? What does the paper do well?  (Strengths) What about this paper could be improved?   (Critique) Where do we go from here?  (Synthesis)

Final (open note) exam
Throughout the class, students should take notes not only on the presentation, but also the instructors' subsequent discussion of the presentation.   Your notes will be used for the final, open note exam at the end of the course.

Final presentation
For your final presentation, you will select and research another paper of your choice from the prior list of papers that has not already been covered by a student.  You will then create a narrated screencast of no more than 20 minutes covering the same aspects as the prior research paper presentation.  Screencast submission is to be done via PSU's Media Space. When uploading the screencast, ensure to change the media settings to Unlisted. Screencasts can be recorded via the software on Media Space (e.g. Kaltura Capture) or from tools such as QuickTime, Zoom, or Open Broadcaster. After uploading your screencast to Media Space, submit the url for your screencast on Media Space to D2L.

Course objectives

  • Understand emerging security threats and mitigations.
  • Understand advanced research being done to address security issues.
  • Read advanced research papers critically.
  • Present topics in security.

Policies

Grading
Participation and attendance 10%
Podcast Qs 20%
Mitre presentation #1 20%
Research paper presentation #2 20%
Open note final exam
 10%
Final screencast 20%
Participation and attendance
Participation and attendance are both graded. This includes the virtual classes and any in-person ones.  As part of the participation grade, while another student is presenting, the rest of the class will use the chat feature of Zoom to ask questions and participate in discussion.
Academic misconduct
  • Includes allowing another student to copy your work unless specifically allowed by the instructor.
  • Includes copying blocks of code from external sources without proper attribution
  • Results in a grade of 0 for the assignment or exam.
  • Results in the initiation of disciplinary action at the university level.