Security Reading Group

From Flyer
Revision as of 11:52, 28 August 2012 by Jin.han.2007 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This SRG is held by Assistant Professor Debin GAO

School of Information Systems, Singapore Management University.

If you are new to SRG, please read the SRG instructions on how to join SRG and how to modify this SRG wiki site.



Message Board

The following presentation will be given by ZHOU Husheng.

Time: 2pm~3pm on May 17th, 2012 (Thursday).

Location: Meeting Room 4-3 at School of Information Systems.

Paper:

Mingwei Zhang, Aravind Prakash, Xiaolei Li, Zhenkai Liang and Heng Yin. Identifying and Analyzing Pointer Misuses for Sophisticated Memory-corruption Exploit Diagnosis. In Proceedings of the 19th Annual Network & Distributed System Security Symposium, (NDSS 2012), San Diego, California, USA, February 2012. PDF


New to SRG?

Please read SRG instructions to find out: (1) how to join SRG mailing list, (2) what you need to do if you are the presenter of the next SRG meeting.


Current Group Members

(by alphabetical order)



Past Presented Paper List

Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. Q: Exploit Hardening Made Easy. In Proceedings of the USENIX Security Symposium, 2011. PDF presented by XIONG Siyang.


Yinzhi Cao, Vinod Yegneswaran, Phillip Porras and Yan Chen, PathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks, In Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS 2012), San Diego, California, USA, February 2012. PDF presented by LU Kangjie


Qiang Yan, Jin Han, Yingjiu Li, and Robert H. Deng, On Limitations of Designing Leakage-Resilient Password Systems: Attacks, Principles and Usability, In Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS 2012), San Diego, California, USA, February 2012. PDF (Distinguished Paper Award) presented by HAN Jin.


Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. Automatic Reverse Engineering of Data Structures from Binary Execution. In Proceedings of the 2010 Network and Distributed System Security Symposium (NDSS 2010), 2010. PDF presented by ZHAO Lei.


Tyler Bletsch, Xuxian Jiang, and Vince Freeh. Mitigating code-reuse attacks with control-flow locking. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC '11), 2011. PDF presented by XIONG Siyang


Marco Balduzzi, Carmen Torrano Gimenez , Davide Balzarotti, and Engin Kirda. Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications. In Proceedings of the 2011 Network and Distributed System Security Symposium (NDSS), 2011. PDF Ppt small.gif Slides presented by ZHOU Husheng


D. Dewey and P. Traynor, No Loitering: Exploiting Lingering Vulnerabilities in Default COM Objects, In Proceedings of the ISOC Network & Distributed System Security Symposium (NDSS), 2011. PDF Original Slides presented by ZHOU Husheng


Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, and David Brumley. AEG: Automatic Exploit Generation. In Proceedings of the 2011 Network and Distributed System Security Symposium (NDSS), 2011. PDF presented by ZHAO Lei.


William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2010. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating Systems Design and Implementation (OSDI'10). PDF presented by HAN Jin.


Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner. Android Permissions Demystified. In Proceeding of 18th ACM Conference on Computer and Communication Security (CCS) 2011 PDF presented by XIONG Siyang.


Yuchen Zhou and David Evans, Protecting Private Web Content from Embedded Scripts, in Proceedings of European Symposium on Research in Computer Security (ESORICS 2011), Lueven, Belguim. PDF presented by LU Kangjie.


Zachary Weinberg, Eric Y. Chen, Pavithra Ramesh Jayaraman, Collin Jackson (Carnegie Mellon University).I Still Know What You Visited Last Summer: User interaction and side-channel attacks on browsing history,in Proceedings of 32nd IEEE Symposium on Security and Privacy, May 2011(S&P 2011).PDF presented by ZHANG Yan.


Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna, PiOS: Detecting Privacy Leaks in iOS Applications, In Proceedings of the 18th Annual Network and Distributed System Security Symposium, (NDSS 2011), Distinguished Paper Award. PDF Slides presented by HAN Jin.


Alexander De Luca, Marc Langheinrich, and Heinrich Hussmann. Towards understanding ATM security: a field study of real world ATM use. In Proceedings of the Sixth Symposium on Usable Privacy and Security (SOUPS '10), 2010. PDF. presented by YAN Qiang. Ppt small.gif Slides


Benjamin Johnson, Jens Grossklags, Nicolas Christin, and John Chuang. Are security experts useful? Bayesian Nash equilibria for network security games with limited information. In Proceedings of the 15th European conference on Research in computer security (ESORICS'10), 2010. PDF. presented by XIONG Siyang.


Eran Tromer, Dag Arne Osvik, and Adi Shamir. Efficient Cache Attacks on AES and Countermeasures. J. Cryptol., vol. 23, p. 37–71, Jan. 2010. PDF. presented by TEY Chee Meng.


Zhenyu Wu, Steven Gianvecchio, Mengjun Xie, and Haining Wang. 2010. Mimimorphism: a new approach to binary code obfuscation. In Proceedings of the 17th ACM conference on Computer and communications security (CCS '10). ACM, New York, NY, USA, 536-546. PDF. presented by LU Kangjie.


Sam Burnett, Nick Feamster, and Santosh Vempala. 2010. Chipping away at censorship firewalls with user-generated content. In Proceedings of the 19th USENIX conference on Security (USENIX Security'10). USENIX Association, Berkeley, CA, USA, 29-29. PDF presented by HAN Jin.


Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide Balzarotti, and Christopher Kruegel. Abusing social networks for automated user profiling. In Proceedings of the 13th international conference on Recent advances in intrusion detection (RAID'10). PDF presented by GUPTA Payas


Roxana Geambasu, Tadayoshi Kohno, Amit A. Levy, and Henry M. Levy. 2009. Vanish: increasing data privacy with self-destructing data. In Proceedings of the 18th conference on USENIX security symposium (SSYM'09). USENIX Association, Berkeley, CA, USA, 299-316. PDF presented by ZOU Dabi.


Xinran Wang, Yoon-Chan Jhi, Sencun Zhu, and Peng Liu. 2009. Behavior based software theft detection. In Proceedings of the 16th ACM conference on Computer and communications security (CCS '09). ACM, New York, NY, USA, 280-290. PDF presented by ZHANG Haibin.


Cristian Cadar, Periklis Akritidis, Manuel Costa, Jean-Philippe Martin, and Miguel Castro. Data Randomization. , MSR-TR-2008-120, September 2008 PDF presented by TEY Chee Meng.


Volker Roth, Kai Richter, and Rene Freidinger. 2004. A PIN-entry method resilient against shoulder surfing. In Proceedings of the 11th ACM conference on Computer and communications security (CCS '04). ACM, New York, NY, USA, 236-245. PDF presented by YAN Qiang


Xin Hu, Tzi-cker Chiueh, and Kang G. Shin. 2009. Large-scale malware indexing using function-call graphs. In Proceedings of the 16th ACM conference on Computer and communications security (CCS '09). ACM, New York, NY, USA, 611-620. PDF presented by MING Jiang


Martin Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. Control-flow integrity. In Proceedings of the 12th ACM conference on Computer and communications security (CCS '05), 2005. PDF presented by LU Kangjie


Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. Seeing-is-Believing: Using Camera Phones for Human-Verifiable Authentication. International Journal of Security and Networks (Special Issue on Secure Spontaneous Interaction) 4(1-2):43-56, 2009. PDF Ppt small.gif Slides presented by GUPTA Payas


Ana Nora Sovarel, David Evans, and Nathanael Paul. Where's the FEEB? the effectiveness of instruction set randomization. In Proceedings of the 14th conference on USENIX Security Symposium, 2005. PDF Original Slides presented by HAN Jin


Davide Balzarotti, Marco Cova, Christoph Karlberger, Christopher Kruegel, Engin Kirda, and Giovanni Vigna, Efficient Detection of Split Personalities in Malware, In 17th Annual Network and Distributed System Security Symposium (NDSS 2010), San Diego, February 2010. PDF presented by BI Lei


Paolo Milani Comparetti, Guido Salvaneschi, Clemens Kolbitsch, Christopher Kruegel, Engin Kirda, Stefano Zanero, Identifying Dormant Functionality in Malware Programs, in Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, May 2010. PDF Original Slides presented by ZOU Dabi


Bhatkar, S., Chaturvedi, A., and Sekar, R. 2006. Dataflow Anomaly Detection. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (May 21 - 24, 2006). Pdf logo.gif PDF Ppt small.gif Slides presented by ZHANG Haibin


Chiasson, S., van Oorschot, P. C., and Biddle, R. 2006. A usability study and critique of two password managers. In Proceedings of the 15th Conference on USENIX Security Symposium, August 04, 2006. PDF Original Slides presented by YAN Qiang


P.R. Wilson, M.S. Johnstone, M. Neely, and D. Boles, Dynamic Storage Allocation: A Survey and Critical Review. Springer-Verlag, 1995, pp. 1–116. PDF presented by TEY Chee Meng slides


Edward J. Schwartz, Thanassis Avgerinos, David Brumley. All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask), In Proceedings of the 2010 IEEE Symposium on Security and Privacy. PDF presented by MING Jiang


Ralf Hund, Thorsten Holz and Felix C. Freiling. Return-Oriented Rootkits: Bypasssing Kernel Code Integrity Protection Mechanisms. In Proceedings of the 18th USENIX Security Symposium, August 2009. PDF Original Slides presented by HAN Jin


Schechter, S. and Reeder, R. W. 2009. 1 + 1 = you: measuring the comprehensibility of metaphors for configuring backup authentication. In Proceedings of the 5th Symposium on Usable Privacy and Security (Mountain View, California, July 15 - 17, 2009). SOUPS '09. PDF Ppt small.gif Slides by GUPTA Payas


Younan, Y., Philippaerts, P., Cavallaro, L., Sekar, R., Piessens, F., and Joosen, W. 2010. PAriCheck: an efficient pointer arithmetic checker for C programs. In Proceedings of the 5th ACM Symposium on information, Computer and Communications Security (Beijing, China, April 13 - 16, 2010). ASIACCS '10. PDF presented by CHENG Renquan


Yee, B., Sehr, D., Dardyk, G., Chen, J. B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., and Fullagar, N. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy (May 17 - 20, 2009). SP. IEEE Computer Society, Washington, DC, 79-93. PDF Ppt small.gif Slides by YAN Qiang


H.Shacham, The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security, (CCS '07). ACM, New York, NY, 552-561. PDF Ppt small.gif Slides by WANG Zhi


Periklis Akritidis, Manuel Costa, Miguel Castro, Steven Hand. Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors. In Proceedings of 18th USENIX Security Symposium, 2009. PDF Ppt small.gif Slides by TEY Chee Meng


David Molnar, Xue Cong Li, David A. Wagner. Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs. In Proceedings of 18th USENIX Security Symposium on USENIX Security Symposium, 2009. PDF Ppt small.gif Slides by PAN Meng


Popov, I. V., Debray, S. K., and Andrews, G. R. 2007. Binary obfuscation using signals. In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, 2007. PDF Ppt small.gif Slides by MING Jiang


Chiasson, S., Forget, A., Stobert, E., van Oorschot, P. C., and Biddle, R. 2009. Multiple password interference in text passwords and click-based graphical passwords. In Proceedings of the 16th ACM Conference on Computer and Communications Security (Chicago, Illinois, USA, November 09 - 13, 2009). CCS '09. ACM, New York, NY, 500-511. Pdf logo.gif PDF

Ppt small.gif Slides by GUPTA Payas


K. Borders, E. V. Weele, B. Lau, and A. Prakash. Protecting Confidential Data on Personal Computers with Storage Capsules. In 18th USENIX Security Symposium, August 2009. PDF Original Slides, presented by HAN Jin


Nathan S. Evans, Roger Dingledine, Christian Grothoff, 2009. A Practical Congestion Attack on Tor Using Long Paths. In Proceedings of the 18th USENIX Security Symposium (USENIX Security '09), Montreal, Canada (August 10 - 14, 2009), PDF Original Slides, presented by CHENG Renquan


Ristenpart, T., Tromer, E., Shacham, H., and Savage, S. 2009. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security. CCS '09. ACM, New York, NY, 199-212. Pdf logo.gif PDF

Ppt small.gif Slides by YAN Qiang


Sharif, M., Lanzi, A., Giffin, J., and Lee, W. 2009. Automatic Reverse Engineering of Malware Emulators. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy - Volume 00 (May 17 - 20, 2009). SP. IEEE Computer Society, Washington, DC. Pdf logo.gif PDF

Ppt small.gif Slides by WANG Zhi


Shapiro, J. S. and Weber, S. 2000. Verifying the EROS Confinement Mechanism. In Proceedings of the 2000 IEEE Symposium on Security and Privacy (May 14 - 17, 2000). IEEE Computer Society, Washington, DC, 166. Pdf logo.gif PDF

Ppt small.gif Slides by TEY Chee Meng


David Brumley, Juan Caballero, Zhenkai Liang, James Newsome, and Dawn Song. Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation. In Proceedings of 16th USENIX Security Symposium, Aug. 2007. Pdf logo.gif PDF Ppt small.gif Original Slides

Presented by PAN Meng


Patrice Godefroid, Michael Y. Levin, David A Molnar. Automated Whitebox Fuzz Testing. Network Distributed Security Symposium (NDSS), Internet Society, 2008. Pdf logo.gif PDF Ppt small.gif Original Slides

Presented by MING Jiang


Schechter, S., Brush, A. J., and Egelman, S. 2009. It's No Secret. Measuring the Security and Reliability of Authentication via 'Secret' Questions. In Proceedings of the 30th IEEE Symposium on Security and Privacy, 2009. Pdf logo.gif PDF

Ppt small.gif Slides by HAN Jin


J. Alex Halderman, et. al.. Lest We Remember: Cold Boot Attacks on Encryption Keys. In Proceedings of the 2008 USENIX Security Symposium. Awarded Best Student Paper. Pdf logo.gif PDF

Ppt small.gif Slides by GUPTA Payas


K. Zhang and X. Wang, Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-user Systems. In Proceedings of the USENIX Security Symposium 2009. Pdf logo.gif PDF Ppt small.gif Original Slides

Presented by Debin GAO


P Biondi, F Desclaux, Silver needle in the Skype. Presentation at BlackHat Europe, 2006. Pdf logo.gif PDF

Presented by ZHOU Wenhua


Ferdinand Schober, Gaming - The Next Overlooked Security Hole, from DEFCON Hacking Conference 2008. Pdf logo.gif PDF

Presented by YAN Qiang


Sharif, M., Yegneswaran, V., Saidi, H., Porras, P., and Lee, W. 2008. Eureka: A Framework for Enabling Static Malware Analysis. In Proceedings of the 13th European Symposium on Research in Computer Security, 2008. Pdf logo.gif PDF

Ppt small.gif Slides by WANG Zhi


Klein, Gerwin, and Harvey Tuch. Towards Verified Virtual Memory in L4. In TPHOLs Emerging Trends '04, Park City, Utah, USA, 2004. Pdf logo.gif PDF

Ppt small.gif Slides by TEY Chee Meng


G. Sahoo, R. K. Tiwari, Designing an Embedded Algorithm for Data Hiding using Steganographic Technique by File Hybridization, International Journal of Computer Science and Network Security, Vol. 8, No. 1, pp. 228-233, January 2008. Pdf logo.gif PDF

Ppt small.gif Slides by PAN Meng


Guo, F., Ferrie, P., and Chiueh, T. 2008. A Study of the Packer Problem and Its Solutions. In Proceedings of the 11th international Symposium on Recent Advances in intrusion Detection , 2008. Pdf logo.gif PDF

Ppt small.gif Slides by MING Jiang


Monirul Sharif, Andrea Lanzi, Jonathon Giffin, and Wenke Lee. Impeding malware analysis using conditional code obfuscation. In 15th Network and Distributed System Security Symposium (NDSS '08). February 2008. Pdf logo.gif PDF

Ppt small.gif Slides by LIU Limin


Hayashi, E., Dhamija, R., Christin, N., and Perrig, A. Use Your Illusion: secure authentication usable anywhere. In Proceedings of the 4th Symposium on Usable Privacy and Security, 2008. Pdf logo.gif PDF

Ppt small.gif Slides by LIN Jie


Butler, K. R., McLaughlin, S., and McDaniel, P. D. Rootkit-resistant disks. In Proceedings of the 15th ACM Conference on Computer and Communications Security, 2008. CCS '08. ACM, New York, NY, 403-416. Pdf logo.gif PDF

Ppt small.gif Slides by HAN Jin


William Clarkson , Tim Weyrich , Adam Finkelstein , Nadia Heninger , J. Alex Halderman and Edward W. Felten. Fingerprinting Blank Paper Using Commodity Scanners. In Proceedings of IEEE Symposium on Security and Privacy, May 2009. Pdf logo.gif PDF

Ppt small.gif Slides by GUPTA Payas


Ballani, H. and Francis, P. 2008. Mitigating DNS DoS attacks. In Proceedings of the 15th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 27 - 31, 2008). CCS '08. ACM, New York, NY, 189-198. Pdf logo.gif PDF Ppt small.gif Original Slides

Presented by YAN Qiang


Moxie Marlinspike. 2009. New Tricks For Defeating SSL In Practice. In Black Hat DC 2009 (February 16-19, Hyatt Regency Crystal City Arlington, VA). The author did not write any research paper on this, so that the presentation was based on the author's Pdf logo.gif Original Slides used at the Blackhat conference.

Presented by TEY Chee Meng


Hicks, B., Rueda, S., Jaeger, T., and McDaniel, P. From trusted to secure: building and executing applications that enforce system security. In Proceedings of the USENIX Annual Technical Conference (Santa Clara, CA, June 17 - 22, 2007). Pdf logo.gif PDF

Ppt small.gif Slides by PAN Meng


L. Martignoni, M. Christodorescu and S. Jha, OmniUnpack: Fast, Generic, and Safe Unpacking of Malware, In Proceedings of the Annual Computer Security Applications Conference 2007, (ACSAC 2007). Pdf logo.gif PDF

Ppt small.gif Slides by LIU Limin


Zhichun Li, Lanjia Wang, Yan Chen and Zhi (Judy) Fu, Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms, In Proceedings of IEEE International Conference on Network Protocols 2007. Pdf logo.gif PDF

Ppt small.gif Slides by LIN Jie


Barth, A., Jackson, C., and Mitchell, J. C. 2008. Robust defenses for cross-site request forgery. In Proceedings of the 15th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 27 - 31, 2008). CCS '08. ACM, New York, NY, 75-88. Pdf logo.gif PDF

Ppt small.gif Slides by HAN Jin


Kruegel, C. and Vigna, G. 2003. Anomaly detection of web-based attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (Washington D.C., USA, October 27 - 30, 2003). Pdf logo.gif PDF

Ppt small.gif Slides by GUPTA Payas


Yan, J. and El Ahmad, A. S. 2008. A low-cost attack on a Microsoft captcha. In Proceedings of the 15th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 27 - 31, 2008). CCS '08. Pdf logo.gif PDF

Ppt small.gif Slides by YAN Qiang


Brumley, D., Poosankam, P., Song, D., and Zheng, J. Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications. In Proceedings of the 2008 IEEE Symposium on Security and Privacy. Pdf logo.gif PDF

Ppt small.gif Slides by TEY Chee Meng


Anderson, R. J., Needham, R. M., and Shamir, A. The Steganographic File System. In Proceedings of the Second international Workshop on information Hiding (April 14 - 17, 1998). Pdf logo.gif PDF

Ppt small.gif Slides by PAN Meng


Lam, V. T., Antonatos, S., Akritidis, P., and Anagnostakis, K. G. Puppetnets: misusing web browsers as a distributed attack infrastructure. In Proceedings of the 13th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 30 - November 03, 2006). CCS '06. ACM, New York, NY, 221-234. Pdf logo.gif PDF

Ppt small.gif Slides by LIU Limin


Suo, X, Zhu, Y., and Owen, G.S. Graphical Passwords: A Survey. In Proceedings of the 2005 Annual Computer Security Applications Conference (ACSAC '05). Pdf logo.gif PDF

Ppt small.gif Slides by LIN Jie


Sheyner, O., Haines, J., Jha, S., Lippmann, R., and Wing, J. M. Automated Generation and Analysis of Attack Graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society, Washington, DC, 273. Pdf logo.gif PDF

Ppt small.gif Slides by HAN Jin


Jain, A.K.; Ross, A.; Pankanti, S., Biometrics: a tool for information security, IEEE Transactions on Information Forensics and Security, vol.1, no.2, pp. 125-143, June 2006. Pdf logo.gif PDF

Ppt small.gif Slides by GUPTA Payas