External Javascripts are not allowed
Recent Advances in Computer Security
General
Semester | Summer 2014 |
Lecturer | Prof. Dr. Konrad Rieck |
Assistants | Fabian Yamaguchi, Daniel Arp, Hugo Gascon, Christian Wressnegger |
Course type | Seminar (UniVZ) |
Module | M.Inf.1228 (previously 1225) |
ECTS (SWS) | 5 (2) |
Date | Introduction: 24.04.2014, 17:00-18:00 Presentations: 31.07.2014, 10:00-18:00 |
Location | Introduction: Informatik 1.101 Presentations: Informatik 1.101 |
Audio recording | No. Physical attendance required. |
Audience | Applied Computer Science MSc Applied Computer Science BSc |
Description
This seminar focuses on current topics in security research. Computer security is characterized by a rapid development of attacks and defenses. The seminar covers recent work in this field and studies open problems and challenges as well as novel approaches and methods of computer security.
Presentations
Time | Paper |
10:30 - 11:00 | The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network |
Presenter: Eeran Maiti | |
11:00 - 11:30 | DOM-based Cross Site Scripting |
Presenter: Phuoc-Lai Bertolt Huynh | |
11:30 - 12:00 | Detecting Malware by Mining New C&C Domains in Network Traffic |
Presenter: Mohammad Abouzar | |
12:00 - 13:00 | — Lunch Break |
13:00 - 13:30 | Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations |
Presenter: Christian Bruhns | |
13:30 - 14:00 | Blind Hacking |
Presenter: Matthias Tkocz |
Seminar Steps
Date | Step |
24.04.2014, 17:00-18:00 | Introduction and registration |
30.06.2014 | Arrange appointment with assistant |
07.06.2014 | Discuss draft with assistant |
14.07.2014 | Register with examination office (FlexNow) |
30.07.2014 | Send slides (PDF) and paper to assistant |
31.07.2014, 10:00-18:00 | Final presentation |
Topics
- Hacking Blind
Bittau et al. IEEE S&P 2014 [Paper 1] - Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations
Haller et al. USENIX Security 2014 [Paper 2] - mXSS Attacks: Attacking well-secured Web-Applications by
using innerHTML Mutations
Heiderich et al. CCS 2013 [Paper 3] - The Sniper Attack: Anonymously Deanonymizing And Disabling the Tor Network
Jansen et al. NDSS 2014 [Paper 4] - Cross-Origin Pixel Stealing: Timing Attacks using CSS Filters
Kotcher et al. CCS 2013 [Paper 5] - 25 Million Flows Later - Large-scale Detection of
DOM-based XSS
Lekies et al. CCS 2013 [Paper 6] - ExecScent: Mining for New C&C Domains in Live Networks with Adaptive Control Protocol Templates
Nelms et al. USENIX 2013 [Paper 7] - Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications
Poeplau et al. NDSS 2014 [Paper 8] - Native x86 Decompilation Using Semantics Preserving
Structural Analysis and Iterative Control-Flow Structuring
Schwartz et al. USENIX Security 2014 [Paper 9] - Phonotactic Reconstruction of Encrypted VoIP Conversations
Wright et al. IEEE S&P 2011 [Paper 10] - Malware Detection with Quantitative Data Flow Graphs
Wuechner et al. ASIA CCS 2014 [Paper 11]
Results
MD5 of matriculation number | Grade |
d87dd58b29456d08d508b052fbdaf6d9 | 1.0 |
f9bc275721c1587d5f57173ab38fa81f | 2.0 |
8a6874df308b3db0194bcc924d25b33d | 1.3 |
af1abf5b954a7649b1acf4ceb248e0f2 | 1.7 |
2682dc0afd84531ecb66d4a44b7f8b14 | 1.3 |
Mailing List
There is a mailing list for the seminar. News and updates regarding the schedule are posted to this list. Furthermore, the list allows students to discuss topics of the seminar. You can register for the mailing list here.
IRC Channel
All students of the course are encouraged to join the IRC channel #goesec on EFnet. The channel is used as a platform for discussing and chatting about computer security in a casual atmosphere.