Most papers should be publicly accessible.
If any links are broken, please search for them.
If any of them require paid subscription,
you can access them for free when connecting on campus.
For off-campus access, try UCR VPN.
Monday | Tuesday |
Wednesday | Thursday |
Friday |
Jan 3
LEC 1: Introduction.
Preparation: The Security Mindset. Bruce Schneier. 2008.
First day of class |
Jan 4 |
Jan 5
LEC 2: Malware
Preparation: Watch Fighting viruses, defending the net, Read Slammer Worm and Botnet. |
Jan 6 |
Jan 7 |
Jan 10
LEC 3: Malware Mitigation
Preparation: Watch Bullet proof hosting, Read Effective and Efficient Malware Detection at the End Host and Ether: Malware Analysis via Hardware Virtualization Extensions. |
Jan 11 |
Jan 12
LEC 4: Stack Buffer Overflow
Preparation: Read Notes, Smashing the Stack for Fun and Profit, and StackGuard. |
Jan 13 |
Jan 14 |
Jan 17
Martin Luther King Jr. Day |
Jan 18 |
Jan 19
LEC 5: Control-flow
Preparation: Read Return-oriented Programming and Control-flow Integrity. |
Jan 20 |
Jan 21 |
Jan 24
LEC 6: Memory Safety
Preparation: Read SoK: Eternal War in Memory and AddressSanitizer: A Fast Address Sanity Checker. |
Jan 25 |
Jan 26
LEC 7: Dynamic Testing
Preparation: Read An empirical study of the reliability of UNIX utilities and EXE: Automatically Generating Inputs of Death. |
Jan 27 |
Jan 28 |
Jan 31
LEC 8: Static Analysis
Preparation: Read Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code and Detecting Format String Vulnerabilities with Type Qualifiers. |
Feb 1 |
Feb 2
LEC 9: Access Control
Preparation: Read Access control: principle and practice, User-Driven Access Control, and Android Permissions Remystified: A Field Study on Contextual Integrity. |
Feb 3 |
Feb 4 |
Feb 7
LEC 10: Trusted Execution, background
Preparation: Watch Bootstrapping identity in the cloud, Read Shielding Applications from an Untrusted Cloud with Haven and Sanctum: Minimal Hardware Extensions for Strong Software Isolation Ref: Notes on signatures. |
Feb 8 |
Feb 9
LEC 11: Network Security
Preparation: Read A Look Back at Security Problems in the TCP/IP Protocol Suite and Identifying the Scan and Attack Infrastructure Behind Amplification DDoS Attacks. |
Feb 10 |
Feb 11 |
Feb 14
LEC 12: Injection Attacks
Preparation: Read A Classification of SQL-Injection Attacks and Countermeasures, The Essence of Command Injection Attacks in Web Applications, and OWASP on Injection. |
Feb 15 |
Feb 16
LEC 13: Cross-site and UI Attacks
Preparation: Read Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis and Robust Defenses for Cross-site Request Forgery. |
Feb 17 |
Feb 18 |
Feb 21
Presidents' Day |
Feb 22 |
Feb 23
LEC 14: Cloud Security
Preparation: Read Introduction to AWS Security. |
Feb 24 |
Feb 25 |
Feb 28
LEC 15: Hardware Security
Preparation: Read Practical Timing Side Channel Attacks Against Kernel Space ASLR and A Systematic Evaluation of Transient Execution Attacks and Defenses. |
Mar 1 |
Mar 2
LEC 16: Machine Learning Security: Attack
Preparation: Read Making Machine Learning Robust Against Adversarial Inputs and DeepXplore: Automated Whitebox Testing of Deep Learning Systems. Check Security and Privacy of Machine Learning. |
Mar 3 |
Mar 4 |
Mar 7
LEC 17: Machine Learning Security: Defense
Preparation: Read Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks and Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. Check Tutorial. |
Mar 8 |
Mar 9
Final Exam |
Mar 10 |
Mar 11
Last day of classes |