CpSc 433, Data Security and Encryption Techniques

Section 3, Tuesday and Thursday, 4:00-5:15pm


Every two weeks, you will read a research paper on a current security topic. For each paper, submit a two-page typewritten summary of:
The Problem(s)
List the problems that the authors are trying to solve. Be as specific as you can: the authors are not trying to solve the problems of "security" or "vulnerable hosts." They had a specific question or questions in mind when they began.
The Solution(s)
What are the proposed solutions? Note that each question raised in the first section should be answered here. Do not, however, give the details of each solution; save those for the next section.
The Main Points
Outline the main points of the paper. Make sure to cover each of the major points. If you reach the two-page limit and you have not summarized every point, you need to go back and edit.
The Paper's Relevance
Why does the paper matter? Note that the question is not "Why does security matter?" or "Why does the topic of the paper (e.g., worms, denial of service attacks, honeypots, intrusion detection) matter?" Why does this specific paper matter? What does it contribute to the discussion? If you were putting together a list of papers on this topic, why would you include this specific paper?
Flaws in the Paper
What are the weaknesses of the proposed solutions? The authors will often discuss these directly in the paper; make sure to include them, but don't stop there. Go beyond the paper.
Also note: the usual rules about plagiarism still apply. You do not need to include a bibliography (we all know which paper you are reading), but if you quote directly from the paper, you must include quotation marks.

Paper Summary Assignments

Summary 1, due February 10
Staniford, S., Paxson, V., and Weaver, N., "How to 0wn the Internet in Your Spare Time," Proceedings of the 11th USENIX Security Symposium, August 2002.
Summary 2, due February 24
Moore, D., Voelker, G. M., and Savage, S., "Inferring Internet Denial-of-Service Activity," Proceedings of the 10th USENIX Security Symposium, August 2001.
Summary 3, due March 10
Beattie, S., Arnold, S., Cowan, C., Wagle, P., Wright, C., and Shostack, A., "Timing the Application of Security Patches for Optimal Uptime," Proceedings of LISA 2002: 16th Systems Administration Conference, November 2002, Pages 233-242.
Summary 4, due April 5 (was March 24)
Paxson, V., "Bro: A System for Detecting Network Intruders in Real-Time,", Proceedings of the 7th USENIX Security Symposium, January 1998.
Summary 5, due April 7
Brumley, D., and Boneh, D., "Remote Timing Attacks are Practical," Proceedings of the 12th USENIX Security Symposium, August 2003, Pages 1-14.
Summary 6, due April 21
Kohno, T., Stubblefield, A., Rubin, A. D., and Wallach, D. S., "Analysis of an Electronic Voting System," IEEE Symposium on Security and Privacy 2004, IEEE Computer Society Press, May 2004.
Summary 7, due May 5
Byers, S., Rubin, A. D., and Kormann, D., "Defending Against an Internet-based Attack on the Physical World," ACM Transactions on Internet Technology, Vol. 4, No. 3, August 2004, Pages 239-254.
Summary 8, due May 19
Provos, N., "A Virtual Honeypot Framework," Proceedings of the 13th USENIX Security Symposium, August 2004, Pages 1-14.
Extra Credit Summary, due May 24
Geer, D., Bace, R., Gutmann, P., Metzger, P., Pfleeger, C. P., Quarterman, J. S., Schneier, B., "CyberInsecurity: The Cost of Monopoly," Computer & Communications Industry Association, 2003.