89-450 Seminar in Security - Bar Ilan University - Winter term, 2014-15
89-450 Seminar in Security - Bar Ilan University - Winter term, 2014-15
This seminar will go over recent, important papers in cyber-security, in the form of `reading group`- each week, one student will present a paper to
the others, using handouts (paper summary, see below). Students may also prepare foils - most find it easier to present the material using foils - but it is
not mandatory. Some weeks we will have two presentations, and few weeks we will not have meetings.
Papers will be in variety of topic in cyber-security (see below - but the list may change, including by student requests). Students should make sure, that they
cover necessary background material as required for other students, and should usually focus on the important parts of the paper to make sure they can deliver
it, so that other students can follow. Few papers are marked as suitable for two students.
Student duties:
1. Register to the seminar's list and following instructions there, select date and paper. See available time slots and papers below; check previous postings
to identify already-allocated slots and papers, and post your own choices/preferences.
2. Prepare detailed summary of paper, and optional foils. This may require interaction with authors - see below.
3. Send summary (and foils) to lecturer a week before your presentation date. Apply fixes, send revised version, iterate if needed.
4. Print copies of final version (double-sided!) and distribute to students at seminar. Bring also one or two copies of the original paper.
5. Present paper during seminar, going over summary, optionally using foils. Manage discussion. Collect unresolved questions and comments.
6. Resolve any questions/issues raised during seminar, fix any other comments received, send to lecturer in a revised summary.
7. Grade is determined based on quality of all these steps, and on participation in lectures.
8. Mandatory to attend lectures. It is be Ok if you really have to be absent from two, or if really unavoidable even three, meetings.
Paper summary: this should be an easy-to-read document explaining the main points in the paper, giving extra examples, making criticism
and complementing with other relevant works, including necessary background. Begin preparing well in advance; often, you may come across
unclear issues that will require interaction with authors. Consult with lecturer as needed (e.g., if you think you may need to contact authors).
Length: about 8-10 pages, in font 12pt (make it readable during lecture). Please use LaTeX with the following template to make the summary.
In addition to the proposed papers below, students may propose other relevant papers, provided they are recent and of high quality (preferably,
presented in major conference or journal). Students may also offer to present their own work, in which case, it is Ok to submit work not yet
accepted by any venue or published (recently) in somewhat weaker venue. Lecturer must approve.
Note: after assignment of papers and dates, students are responsible for switching among them if necessary.
Available papers:
Topic
Web security
Cloud-crypto
ok for two students
ok for two students
ok for two students
ok for two students
PKI
Routing security
Routing + DoS
Denial-of-Service
Denial-of-Service
DoS and Anonymity
BitCoin, Anonymity
Web security
Paper
(assigned to Tal Givati) Take This Personally: Pollution Attacks on Personalized Services, Xing et al., Usenix security Aug. '13.
(assigned) Your Online Interests – Pwned! A Pollution Attack Against Targeted Advertising Meng, Xing , Sheth and Lee, CCS'14
(assigned to Shai Barad) On the Effective Prevention of TLS Man-In-The-Middle Attacks in Web Applications,
Nikolaos Karapanos and Srdjan Capkun, Usenix Security, Aug'14
Efficient Private File Retrieval by Combining ORAM and PIR, Mayberry et al, NDSS, Feb'14
Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation, Cash et al, NDSS, Feb'14
Practical Dynamic Searchable Encryption with Small Leakage, Stefanov et al, NDSS, Feb'14
Path ORAM: An Extremely Simple Oblivious RAM Protocol, Stefanov et al., CCS'13
Camenisch, Jan, et al. Memento: How to reconstruct your secrets from a single password in a hostile environment. Crypto'14
Enhanced Certificate Transparency and End-to-End Encrypted Email, Mark D. Ryan, NDSS, Feb'14.
ARPKI: Attack Resilient Public-key Infrastructure, Basin et al., CCS'14
(assigned) Routing Bottlenecks in the Internet – Causes, Exploits, and Countermeasures, Kang and Gligor, CCS'14
SCION: Scalability, control, and isolation on next-generation networks, Zhang et al., IEEE S&P'11
(taken) STRIDE: sanctuary trail - refuge from internet DDoS entrapment, Hsu-Chun et al., ACM ASIACCS 2013. Follows Scion (above).
The Crossfire Attack, by Kang, Lee and Gligor, in IEEE S&P, May'13.
Kührer, Hupperich, Rossow, Holz. "Exit from Hell? Reducing the Impact of Amplification DDoS Attacks", UsenixSec'14.
Combine with: Amplification Hell: Revisiting Network Protocols for DDoS Abuse, Rossow, NDSS'14
(assigned) The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network, Jansen et al. NDSS, Feb'14'
Biryukov et al., Deanonymization of Clients in Bitcoin P2P Network, CCS'14.
All Your Screens are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing API, Tian et al., S&P'14
Schedule (available time slots): [Double: meeting can accomodate two 1-hour presentations]
Date
28/10
4/11
11/11
18/11
25/11
2/12
9/12
16/12
23/12
30/12
6/1
13/1
20/1
27/1
Topic
welcome meeting
no meeting, sorry (at CCS'14)
DoS
DoS
DoS
TLS, Web security, crypto
no meeting, sorry (at ACSAC'14)
no meeting, Happy Hanuka
no meeting, Happy Hanuka
Web security
BitCoin, (de)anonymization
DoS and Tor (anonymity)
Web security
Mobile security
Attacks on routing
DoS+routing
Double?
n/a
OK
NO
NO
OK but used up
NO
Used up!
(2nd)
NO
NO
Paper
The Crossfire Attack, by Kang, Lee and Gligor, in IEEE S&P, May'13.
Routing Bottlenecks in the Internet – Causes, Exploits, and Countermeasures
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks
On the Effective Prevention of TLS Man-In-The-Middle Attacks
Take This Personally: Pollution Attacks on Personalized Services
Biryukov et al., Deanonymization of Clients in Bitcoin P2P Network, CCS'14
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network, Jansen et al. NDSS, Feb'14'
Your Online Interests – Pwned! A Pollution Attack Against Targeted Advertising
Student
חי רוזנצוויג
אור אנידג'ר
Roee Shlomo
Shai Barad
Tal Givati
חמי ליבוביץ
עידן זולנץ
בל אביטל
Rone Mateless
Sahar Dascalu
Michael Sudkovitch
STRIDE: sanctuary trail - refuge from internet DDoS entrapment (and a bit about cloud-based DoS defenses)