Computer Security
CS 4173 / CS 5173
Song Fang
Secure computer systems require the secure design, implementation, and integration of systems and algorithms across many areas of computer science. This course is a comprehensive study of the theory and practice of computer security. Students will learn fundamental security concepts and principles, as well as practical skills necessary to analyze and solve regular security issues. Topics include private and public key cryptography, digital signatures, cryptographic hash functions, authentication pitfalls, network security protocols, software security, and web security.
This is a slash-listed course offered to both graduate and senior-level undergraduate students. Students are assumed to have successfully finished at least one introductory computer programming course. Prior knowledge of networking fundamentals is recommended.
Guest speakers will give lectures about their recent research and share their research experience. This series of lectures provide students with opportunities to know the latest research topics in cybersecurity, as well as help students to better understand how to apply the security techniques learned from this course in practical research projects.
Public Lecture Series
Information for this Lecture Series will be posted here as it comes in.
I Spy with My Little Eye: Building Trust via Common Dynamic Context
Tuesday, October 19, 2021
3:00 pm
Dale Hall 0206
Dr. Loukas Lazos
Professor of Electrical and Computer Engineering
University of Arizona
The convergence of the physical and cyber worlds in the form of networked systems capable of collaboratively sensing and interacting with the surrounding environment has enabled a plethora of groundbreaking new applications including fully autonomous driving and vehicular networks (vehicle-to-everything), unmanned aerial vehicle (UAV) networks, VR/AR sensing, body area networks for health applications, tactile/haptic Internet, and others. Critical to the safety, security, and privacy of these applications are the authenticity, veracity, and integrity of the information that is used to coordinate and command common actions. However, the complex integration of multi-modal physical sensing, computation, and communication creates a particularly challenging environment to safeguard. As prior research has revealed, traditional information security methods fail to extend desired security properties to the physical world. In this talk, we discuss a contextual trust paradigm where randomness drawn from the surrounding environment is used as a common context to bind the digital identities of the interacting entities with the measured physical properties. We use vehicular networks as a running example and show how random context can be exploited to verify vehicle platooning and prove location claims, in general.
Dr. Loukas Lazos is a Professor of Electrical and Computer Engineering at the University of Arizona. He received his Ph.D. in Electrical Engineering from the University of Washington in 2006. In 2007, he was the co-director of the Network Security Lab at the University of Washington. Dr. Lazos joined the University of Arizona in August 2007 where he leads the Network and Information Security Lab. His broad research interests are in the areas of wireless network security, user privacy, and communications, with emphasis on secure protocol design, resilience, and fair resource allocation. Recently, he has focused in projects related to the security of vehicular networks, resilience of mmWave communications, trust establishment for IoT, dynamic and fair spectrum access, private information retrieval, and secure cloud storage. He is a recipient of the NSF CAREER Award (2009) for his work in security of multi-channel wireless networks. His research has been funded by the National Science Foundation and the U.S. Department of Defense, including the Army Research Office (ARO) and the Office of Naval Research (ONR). He is an associate editor for the IEEE Transactions on Information Forensics and Security (T-IFS) journal and the IEEE Transactions on Mobile Computing (TMC) journal.
Blockchain Security and Consensus Protocols
Thursday, October 21, 2021
3:00 pm
Dale Hall 0206
Dr. Wenjing Lou
W. C. English Endowed Professor of Computer Science
Virginia Tech
Fellow of the IEEE
Blockchain, the technology behind Bitcoin, has emerged as a decentralized and “secure by design” technology, enabling a wide range of applications across a broad range of industries without relying on a central authority or assuming trust in individual players. However, blockchain security largely depends on the underlying consensus protocol that ensures the consistency of the many blockchain replicas. This talk will focus on the proof-of-work (PoW) blockchain consensus protocols and examine several key blockchain configuration options and their security properties and performance limits. We will show how some factors, such as mining strategy and network connectivity, can impact blockchain’s fundamental 50% threshold security assumption. Finally, we will introduce two innovative blockchain applications in the domains of privacy protection and wireless spectrum management.
Dr. Wenjing Lou is the W. C. English Endowed Professor of Computer Science at Virginia Tech and a Fellow of the IEEE. She holds a Ph.D. in Electrical and Computer Engineering from the University of Florida. Her research interests cover many topics in the cybersecurity field, with her current research interest focusing on wireless networks, privacy protection in machine learning systems, and security and privacy problems in the Internet of Things (IoT) systems. Prof. Lou is a highly cited researcher by the Web of Science Group. She received the Virginia Tech Alumni Award for Research Excellence in 2018, the highest university-level faculty research award. She received the INFOCOM Test-of-Time paper award in 2020. She is the TPC chair for IEEE INFOCOM 2019 and ACM WiSec 2020. She was the Steering Committee Chair for IEEE CNS conference from 2013 to 2020. She is currently a steering committee member of IEEE INFOCOM and IEEE Transactions on Mobile Computing. She served as a program director at US National Science Foundation (NSF) from 2014 to 2017.
Friend or Foe? An Era of Fun, Games and Mischief with IoT Sensors
Thursday, November 4, 2021
3:00 pm
Dale Hall 0206
Dr. Murtuza Jadliwala
Associate Professor
Department of Computer Science
University of Texas at San Antonio (UTSA)
In the current era of Internet-of-Things (IoT), new devices are becoming “Internet-enabled” at an extraordinary pace, many of which have traditionally never had a cyber interface. A few examples of devices within this space include wearables such as smart watches, lighting systems such as smart bulbs, appliances such as smart TVs and monitoring systems such as smart doorbells and cameras. These devices are equipped with high-precision sensing and actuation capabilities that can capture fine-grained contextual information about users, and their environment, and can support a variety of novel context- and activity-based applications. However, the presence of such a diverse set of on-board sensors also exposes an additional attack surface and access to these sensors, if not appropriately controlled, can be potentially exploited by malicious applications to infer sensitive information about users (of these devices). In this lecture, I will highlight the threat to user-privacy from “smart” IoT devices by showing the feasibility of different types of private data inference attacks that employ sensor data from these devices as information side-channels. The presented attacks employ innovative inference frameworks to derive sensitive information such as keystrokes, lock combinations, physical key designs and media preferences from audio, video, motion, and other types of sensor data available through these devices. Time permitting, I will also briefly outline protection mechanisms against such threats and discuss future research challenges in this space.
Dr. Murtuza Jadliwala is an Associate Professor in the Department of Computer Science at the University of Texas at San Antonio (UTSA), where he directs the Security, Privacy, Trust and Ethics in Computing Research Lab (SPriTELab). He obtained his doctoral (PhD) degree in Computer Science from the University at Buffalo, State University of New York in 2008. Prior to joining UTSA, he was a Post-doctoral Fellow at the Swiss Federal Institute of Technology (EPFL) in Lausanne, Switzerland (2008 – 2011) and an Assistant Professor in the Electrical Engineering and Computer Science department at Wichita State University in Wichita, Kansas (2012 – 2017). He was selected as the Air Force Office of Scientific Research (AFOSR) Summer Faculty Fellow in 2015, received the Dwayne and Velma Wallace Excellence in Teaching Award in 2017, and received the National Science Foundation’s CAREER award in 2020.
Inflicting Denial-of-Service via Serverless Functions in the Cloud
Thursday, December 2, 2021
3:00 pm
Dale Hall 0206
Dr. Yao Liu
Associate Professor
Department of Computer Science and Engineering
University of South Florida
In this talk, I will introduce a novel attack vector that we recently discovered. The attack can cause denial-of-service between a serverless computing platform and an external content server or another cloud computing platform. The attack exploits the fact that a serverless computing platform shares the same set of egress IPs among all serverless functions, which belongs to different users, to access an external content server. As a result, a malicious user on this platform can purposefully misbehave and cause these egress IPs to be blocked by the content server, resulting in platform-wide denial of service. The discovery of this attack unveiled a potential security threat on the emerging serverless computing platform. I will also discuss potential mitigation approaches at the end of this talk.
Dr. Yao Liu is an Associate Professor in the Department of Computer Science and Engineering, University of South Florida. She received her Ph.D in Computer Science from North Carolina State University in 2012. Dr. Liu's research is related to computer and network security, with an emphasis on designing and implementing defense approaches that protect mobile, network and computer technologies from being undermined by adversaries. Her research interests also lie in the security applications for cyber-physical systems, Internet of Things, and machine learning. Dr. Liu has served in the organization and technical program committees in premier network and security conferences, including NDSS, CCS, INFOCOM, S&P, ACSAC, WiSec, and CNS. She has also been in the editorial boards of academic journals, including IEEE Transactions on Information Forensics and Security, IEEE/ACM Transactions on Networking, and ACM Transactions on Privacy and Security. Dr. Liu was an NSF CAREER Award recipient in 2016. She received USF Outstanding Research Achievement Award in 2017. She also received the ACM CCS Test-of-Time Award by ACM SIGSAC in 2019. Dr. Liu is a member of ACM and IEEE.
