Instructions for presentations:

  • I would like you to work in groups of two; half the work, twice the fun! Use the Piazza to find a partner, or ask me and I will find someone.

  • Shoot for 15-20 minutes long with no interruptions. That’s 10 slides in most cases.

  • Your “audience” will have reviewed the paper. You don’t need to go into exhaustive detail. Hit the high points, and the most important insights.

  • Expect to be interrupted if the class wants to make a point or ask a question. That’s what we’re after.

  • Finish with analysis / your original opinion. Good paper? Important contribution? What are some open questions?

  • Then lead a discussion. Prepare several questions to pose to the class. Examples might include:
    • We didn’t understand this part - can anybody explain?
    • Can you think of serious drawbacks or limitations of this work?
    • If this is an attack, what are some defenses, and if it is a defense, what are some attacks? etc.
    • What is some additional data that should have been presented?
  • On your title slide identify the paper title, authors, and source, as well as your own names and the date.

  • I don’t mind if you incorporate figures from the paper (it’s time-consuming to draw figures), or even from someone else’s presentation, but cite the source on that slide. You should not just give someone else’s presentation - use your own ideas and words to present.

Presentation Grading Rubric

Rubric Form

Instructions for participation:

  • Read the papers being presented, before class. To understand the work, you may in some cases need to look at some of the references cited.
  • Take a few notes of your impressions while you are reading, as if you were reviewing the paper. Is the paper written well and logically? Are the findings original and important? How does it compare with other work? Are the conclusions solid and well justified? What open problems are left / open questions left unanswered?
  • Come to class ready to discuss the paper and to answer questions that are posed. Please have your Mini-review complete.

Presentation Topics and Assignments

  • 1/22: Measurement 1
    • [Varun,Charlie] SIGCOMM ‘15: Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests
    • [Shailaja,Tae Hyun] CCS ‘17: Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse
  • 1/24: Attacks
    • [Athishay,Srikanth] S&P ‘17: IoT Goes Nuclear: Creating a Zigbee Chain Reaction
    • [Nida,Anmol] S&P ‘17: The Password Reset MitM Attack
  • 1/29: Blockchains
    • [Michael,Niklesh] S&P ‘17: Hijacking Bitcoin: Routing Attacks on Cryptocurrencies
    • [Varun,Charlie] IMC ‘13: A Fistful of Bitcoins: Characterizing Payments Among Men with No Names
  • 1/31: Internet Scale Measurement
    • [Omkar,Bhargav] Usenix ‘13: ZMap: Fast Internet-wide Scanning and Its Security Applications
    • [Shivam,Sanket] CCS ‘17: Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting
  • 2/5 : Wireless Security
    • [Leiyang,Philip] S&P ‘13: Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time
    • [Tam,Jordan] CCS ‘17: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 (KRACK)
  • 2/7: Cybercrime
    • [Shivam,Sanket] CCS ‘16: Identifying the Scanners and Attack Infrastructure behind Amplification DDoS attacks
    • [Omkar,Bhargav] CCS ‘17: Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime market
  • 2/12: Tor
    • [Snehal,Chinmay] USENIX Security’04: Tor: The Second-Generation Onion Router
  • 2/14: Web Security
    • [Tam,Jordan] CCS ‘17: Deterministic Browser
    • [Samiha] CCS ‘15: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
  • 2/26: Telephone Security
    • [Athishay,Srikanth] S&P ‘16: SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam
    • [Snehal,Chinmay] NDSS ‘16: Attacking the Network Time Protocol
  • 3/12: DNS
    • [Leiyang,Philip] CCS 17: The Wolf of Name Street: Hijacking Domains Through Their Nameservers
    • [Nida,Anmol] All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records
  • 3/14: Authentication
    • [Michael,Niklesh] IMC ‘17: Measuring and Mitigating OAuth Access Token Abuse by Collusion Networks
    • [Shailaja,Tae Hyun] Data breaches, phishing, or malware? Understanding the risks of stolen credentials