Schedule

Papers not marked as Optional are required and we will have quizs based on them. Most papers are classic and have won Test of Time Award (marked as ToT) from top security conferences. It is highly recommended to read ToT papers even if they are not required.

Most papers should be publicly accessible. If any links are broken, please search for them. If any of them require paid subscription, you can access them for free when connecting on campus. For off-campus access, try UCR VPN.

MondayTuesday WednesdayThursday Friday
Sep 23 Sep 24 Sep 25 Sep 26 Sep 27
LEC 1: Introduction.

Preparation: Read The Security Mindset and Reflections on Trusting Trust.
First day of class
Sep 30
LEC 2: Malware

Preparation: Watch Fighting viruses, defending the net. Read Slammer Worm.		 Oct 1 Oct 2
LEC 3: Malware Mitigation

Preparation: Read Effective and Efficient Malware Detection at the End Host. (Optional) Ether: Malware Analysis via Hardware Virtualization Extensions (ToT).		 Oct 3 Oct 4
LEC 4: Underground Economy

Preparation: Watch Bullet proof hosting. Read Click Trajectories: End-to-End Analysis of the Spam Value Chain (ToT).
Oct 7
LEC 5: Host Intrusion Detection

Preparation: Read An Intrusion-Detection Model (ToT).		 Oct 8 Oct 9
LEC 6: Building HIDS

Preparation: Read Virtual Machine Introspection (ToT). (Optional) Mimicry Attacks (ToT).		 Oct 10 Oct 11
LEC 7: Stack Buffer Overflow

Preparation: Read Smashing the Stack for Fun and Profit. Ref: Notes.
Oct 14
LEC 8: Guarding Stack

Preparation: Read StackGuard (ToT). (Optional) Countering Code-Injection Attacks with Instruction-set Randomization (ToT).		 Oct 15 Oct 16
LEC 9: Return-oriented Programming

Preparation: Read Return-oriented Programming (ToT).		 Oct 17 Oct 18
LEC 10: Control-flow Integrity

Preparation: Read Control-flow Integrity (ToT).
Oct 21
LEC 11: Memory Safety

Preparation: Read AddressSanitizer: A Fast Address Sanity Checker. (Optional) SoK: Eternal War in Memory.		 Oct 22 Oct 23
LEC 12: Fuzzing

Preparation: Read An empirical study of the reliability of UNIX utilities. (Optional) AFL++.		 Oct 24 Oct 25
LEC 13: Static Analysis

Preparation: Read A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities (ToT).
Oct 28
LEC 14: Bug Detection

Preparation: Read Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code.		 Oct 29 Oct 30
LEC 15: Access Control

Preparation: Read Android Permissions Remystified: A Field Study on Contextual Integrity and Access control: principle and practice. (Reference) The Orange Book		 Oct 31 Nov 1
LEC 16: Sandbox

Preparation: Read Preventing Privilege Escalation (ToT).
Nov 4
LEC 17: Sandbox

Preparation: Read Native Client (ToT).		 Nov 5 Nov 6
LEC 18: Kerberos, background

Preparation: Read Kerberos (ToT).		 Nov 7 Nov 8
LEC 19: TLS, background

Preparation: Read The Design and Implementation of Datagram TLS (ToT). (Optional) A Detailed Look at RFC 8446.
Nov 11
Veterans Day		 Nov 12 Nov 13
LEC 20: Trusted Execution

Preparation: Watch Bootstrapping identity in the cloud, Read VC3: Trustworthy Data Analytics in the Cloud using SGX.		 Nov 14 Nov 15
LEC 21: Network Security

Preparation: Read Analysis of a Denial of Service Attack on TCP (ToT). (Optional) Bro (ToT).
Nov 18
LEC 22: Injection Attacks

Preparation: Read A Classification of SQL-Injection Attacks and Countermeasures. (Optional) OWASP on Injection.		 Nov 19 Nov 20
LEC 23: Cross-site Attacks

Preparation: Read Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis and Robust Defenses for Cross-site Request Forgery.		 Nov 21 Nov 22
LEC 24: Hardeware Side-channels

Preparation: Read A Practical Approach to Identifying Storage and Timing Channels (ToT). Recommend: Side-Channel Security Episodes.
Nov 25
LEC 25: Transient Execution Attacks

Preparation: Read Spectre Attacks. (Optional) A Systematic Evaluation of Transient Execution Attacks and Defenses.		 Nov 26 Nov 27
LEC 26: Machine Learning in Security

Preparation: Read Outside the Closed World (ToT) and Practical Evasion of a Learning-Based Classifier.		 Nov 28
Thanksgiving		 Nov 29
Thanksgiving
Dec 2
LEC 27: Deep Learning Security 1

Preparation: Read Making Machine Learning Robust Against Adversarial Inputs. Check Security and Privacy of Machine Learning.		 Dec 3 Dec 4
LEC 28: Deep Learning Security 2

Preparation: Read Glaze: Protecting Artists from Style Mimicry by Text-to-Image Models.		 Dec 5 Dec 6
LEC 29: LLM Security

Preparation: Read Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection. (Optional) "Do Anything Now": Characterizing and Evaluating In-The-Wild Jailbreak Prompts on Large Language Models.
Last day of class