CSE 5479: Topics in Computer Security



General Course Info

            Term: Autumn 2015

            Time: W & F, 11:30am - 12:25pm

            Location: DL 266

            Website: http://www.cse.ohio-state.edu/~yinqian/courses/cse5479/index.html


Instructor Info

            Instructor: Prof. Yinqian Zhang

            Office: DL699

            Email: yinqian@cse.ohio-state.edu

            Homepage: http://www.cse.ohio-state.edu/~yinqian

            Office Hours: by appointment



          Project reports due Dec. 2, 11:30am!

          Project presentation will be on Dec. 2nd, 4th, 9th. Each presentation is 20-minutes long, including 2 minutes for questions.


Course Description

This course will be an introduction course to research in computer security. It will cover a wide range of topics, such as operating system security, software security, malware detection, cloud and mobile security, web and browser security, distributed system security, trusted computing and such. Students will be expected to read, evaluate and discuss research papers selected from top-tier security conferences such as IEEE S&P, ACM CCS, USENIX Security, NDSS, and top system conferences such as OSDI, ASPLOS. There are no written exams for this course. However, there will be a final written project, in which each student will systematically survey one of the research topics covered in classes in depth and compose a short paper that systematize the knowledge.


Class meetings will be organized in the form of a 20-minute paper presentation followed by a simulated review panel discussion. Students are expected to read and review 2 papers per week on Carmen. “Reviewers” will be able to comment on each other’s review after submitting their own. During each class, one student will present the paper, while another student will lead the panel discussion.



The goal of this course is to expose graduate students or senior undergraduate students to both classic and state-of-the-art research topics in security. It is also intended to prepare students the skills of reviewing scientific papers, presenting research studies and participating in technical discussions.



There is no formal pre-requisite for this class. However, students without undergraduate-level knowledge of operating systems, computer networking and programming languages should discuss with the instructor.



There is no required textbook for this course. Papers and reading materials will be specified before classes, and will be available for downloading online.



Presentation and in-class discussion: 30%

·         Presentation (2~3 times): 10%

·         Leading discussion (2~3 times): 10%

·         Class participation and discussion: 10%

Paper reviews: 50%

·         ~22 paper reviews: (2% each)

·         Comments on at least 3 other reviews for each paper (0.5% each)

Final projects: 20%

·         Paper: 15%

·         Presentation: 5%


Online Discussion

Online discussion is organized using Carmen (https://carmen.osu.edu). Discussion on the day’s paper will be closed before class. Late review and comments will not be counted. More information about using Carmen can be found here: http://resourcecenter.odee.osu.edu/carmen/discussions-students













Aug. 26

Course preparation:

· Introduction

· How to read a security paper

Keshav, How to Read a Paper

Mitzenmacher, How to read a research paper


Eisner, How to Read a Technical Paper


Griswold, How to Read an Engineering Research Paper



Major security conferences:






Aug. 28

Course preparation:

· How to review a paper

· How to present and discuss a paper

Roscoe, Writing reviews for systems conferences


Smith, The Task of the Referee


Allman, Thoughts on Reviewing



Sep. 2

Intrusion detection

Garfinkel et al., A Virtual Machine Introspection Based Architecture for Intrusion Detection, (NDSS'03)

Presenter: Rong

Discussion leader: Yuan

Joshi et al., Detecting Past and Present Intrusions through

Vulnerability-Specific Predicates, (SOSP’05)

Jiang et al., Stealthy Malware Detection Through VMM-Based “Out-of-the-Box” Semantic View Reconstruction, (CCS’07)

Payne et al., Lares: An Architecture for Secure Active Monitoring Using Virtualization, (CCS’08)

Dolan-Gavitt et al., Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection, (S&P’11)


Sep. 4

Wagner and Dean, Intrusion Detection via Static Analysis, (S&P'01)

Presenter: Sanchuan

Discussion leader: Bradley

Hofmeyr et al., Intrusion detection using sequences of system calls, (Journal of computer security, 98)

Liao et al., Using Text Categorization Techniques for Intrusion Detection, (Sec’02)

Wagner et al., Mimicry attacks on host-based intrusion detection systems, (CCS’02)

Feng et al., Anomaly detection using call stack information, (S&P’03)



Sep. 9

Software security

Snow et al., Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization (S&P'13)

Presenter: Bradley

Discussion leader: Hansey

Aleph One, Smashing the Stack for Fun and Profit, 1996

Cowan et al, StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks (Sec'98)

Shacham et al., On the Effectiveness of Address-Space Randomization, (CCS’04)

Shacham, The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86), (CCS'07)

Szekeres et al., SoK: Eternal War in Memory, (S&P’13)


Sep. 11

Carlini et al., Control-Flow Bending: On the Effectiveness of Control-Flow Integrity, (Sec'15)

Presenter: Michael

Discussion leader: Sanchuan

Abadi et al. Control-Flow Integrity, CCS'05

Zhang et al., Control Flow Integrity for COTS Binaries, (Sec’13)

Goktas et al, Out Of Control: Overcoming Control-Flow Integrity, (S&P’14)



Sep. 16

Distributed system security

Geambasu et al. Vanish: Increasing Data Privacy with Self-Destructing Data, (Sec'09)

Presenter: Guoxing

Discussion leader: Xiaokuan

Stoica et al. Chord: A Scalable Peer-to-peer Lookup Service for Internet

Applications, (Sigcomm’01)

Wolchok and Halderman, Crawling BitTorrent DHTs for Fun and Profit, (Woot’10)

Wolchok et al. Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs, (NDSS’10)

Tang et al. CleanOS: Limiting Mobile Data Exposure with Idle Eviction, (OSDI’12)


Sep. 18

Browser & web security

Barth et al., Robust Defenses for Cross-Site Request Forgery, (CCS'08)

Presenter: Hansey

Discussion leader: Guoxing

OWASP, Cross-Site Request Forgery (CSRF)

OWASP, CSRF Prevention Cheat Sheet

Zeller and Felten, Cross-Site Request Forgeries: Exploitation and Prevention



Sep. 23

Chen et al., Side-channel leaks in web applications: a reality today, a challenge tomorrow (S&P'10)

Presenter: Yuan

Discussion leader: Xiaokuan

Liberatore et al., Inferring the source of encrypted HTTP connections, CCS’06

Luo et al., HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of

Encrypted Flows, NDSS’11

Cai et al., Touching from a Distance: Website Fingerprinting Attacks and Defenses, CCS’12

Dyer et al., Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail, S&P’12


Sep. 25

Yee et al. Native Client: A Sandbox for Portable, Untrusted x86 Native Code (S&P’09)

Presenter: Xiaokuan

Discussion leader: Guoxing

Barth et al. The Security Architecture of the Chromium Browser


Sehr et al., Adapting Software Fault Isolation to Contemporary CPU Architectures, Sec’10



Sep. 30

Barth et al. Protecting Browsers from Extension Vulnerabilities, (NDSS'10)

Presenter: Rong

Discussion leader: Hansey

Topics for final project due


Guha et al., Verified Security for Browser Extensions, S&P’11


Carlini et al., An evaluation of the Google Chrome extension security architecture, Sec’12


Oct. 2

Huang et al., Clickjacking: Attacks and Defenses (Sec'12)

Presenter: Hansey

Discussion leader: Bradley

Roesner et al., Securing Embedded User Interfaces: Android and Beyond, Sec’13


Silver et al., Password Managers: Attacks and Defenses, Sec’14



Oct. 7

Malware detection

Yin et al., Panorama: capturing system-wide information flow for malware detection and analysis (CCS'07)

Presenter: Guoxing

Discussion leader: Michael

Song et al., BitBlaze: A New Approach to Computer Security via Binary Analysis, ICISS’08


Kang et al., DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation, NDSS’11


Cavallaro et al., On the Limits of Information Flow Techniques for Malware Analysis and Containment, DIMVA '08


Kolbitsch et al., Effective and Efficient Malware Detection at the End Host, Sec’09


Oct. 9

Moser et al., Exploring multiple execution paths for malware analysis (S&P'07)

Presenter: Sanchuan

Discussion leader: Rong

Christodorescu et al., Semantics-Aware Malware Detection, S&P’05


Kirda et al., Behavior-based Spyware Detection, Sec’06


Bayer et al, Scalable, Behavior-Based Malware Clustering, NDSS’09


Schwartz et al., All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask), S&P’10



Oct. 14

CCS travel – no class


Oct. 16

Autumn Break – no class



Oct. 21

Isolated execution

Chen et al., Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems (ASPLOS'08)

Presenter: Bradley

Discussion leader: Yuan

Yang and Shin, Using Hypervisor to Provide Data Secrecy for User Applications on a Per-Page Basis, VEE’08


Hofmann et al. Inktag: Secure applications on an untrusted operating system, ASPLOS’13


Li et al. MiniBox: A Two-Way Sandbox for x86 Native Code, ATC’14


Oct. 23

Checkoway and Shacham, Iago attacks: why the system call API is a bad untrusted RPC interface (ASPLOS’13)

Presenter: Yuan

Discussion leader: Sanchuan



Oct. 28

Xu et al., Controlled-channel attacks: Deterministic side channels for untrusted operating systems (S&P'15)

Presenter: Xiaokuan

Discussion leader: Guoxing

McKeen et al., Innovative Instructions and Software Model for Isolated Execution


Hoekstra et al., Using Innovative Instructions to Create Trustworthy Software Solutions


Baumann et al. Shielding Applications from an Untrusted Cloud with Haven, OSDI’14


Zhang et al. Cross-Tenant Side-Channel Attacks in PaaS Clouds, CCS’14


Oct. 30

Azab et al., Hypervision across worlds: real-time kernel protection from the ARM trustzone secure world (CCS'14)

Presenter: Guoxing

Discussion leader: Michael

ARM Security Technology: Building a Secure System using TrustZone Technology


Santos et al., Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications, ASPLOS’14


Sun et al., TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens, CCS’15



Nov. 4

Cloud computing

Ristenpart et al., Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds (CCS'09)

Presenter: Yuan

Discussion leader: Rong

Roy et al., Airavat: Security and Privacy for

MapReduce, (NSDI’10)


Ristenpart and Yilek, When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography, (NDSS’10)


Zhang et al., Cross-VM side channels and their use to extract private keys, (CCS’12)


Varadarajan et al., A Placement Vulnerability Study in Multi-Tenant Public Clouds, (Sec’15)


Nov. 6

Bugiel et al., AmazonIA: When elasticity snaps back (CCS'11)

Presenter: Rong

Discussion leader: Yuan

Somorovsky et al., All Your Clouds are Belong to us – Security Analysis of Cloud Management Interfaces, (CCSW’11)


Zhang et al., After we knew it: empirical study and modeling of cost-effectiveness of exploiting prevalent known vulnerabilities across IaaS cloud, (AsiaCCS’14)



Nov. 11

Veteran's Day -  no class


Nov. 13

Mobile security

Ench et al., TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones (OSDI'10)

Presenter: Sanchuan

Discussion leader: Michael

Cox et al., SpanDex: Secure Password Tracking for Android, Sec’14


Gordon et al., Information-Flow Analysis of

Android Applications in DroidSafe, NDSS’15



Nov. 18

Chin et al., Analyzing Inter-Application Communication in Android (MobiSys'11)

Presenter: Michael

Discussion leader: Xiaokuan

Felt et al., Permission Re-Delegation: Attacks and Defenses, NDSS’11


Dietz et al., Quire: Lightweight Provenance for Smart Phone Operating Systems, SEC’11


Nov. 20

Felt et al., Android Permissions Demystified, (CCS'11)

Presenter: Xiaokuan

Discussion leader: Sanchuan

Wei et al, Permission evolution in the Android ecosystem, ACSAC’12


Au et al, PScout: Analyzing the Android Permission Specification, CCS’12


Wijesekera et al., Android Permissions Remystified: A Field Study on Contextual Integrity, SEC’15



Nov. 25

Thanksgiving – no class


Nov. 27

Columbus Day – no Class



Dec. 2

Final Presentation





Dec. 4






Dec. 9




Last day of classes



Dec. 11






Dec. 16






Dec. 18