Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).
| Date | Topic | Assignments Due |
Readings for Discussion (do readings before class) |
|
| 01/14/25 |
|
|||
| 01/16/25 |
|
|
||
| 01/21/25 |
Security Testing and Fuzzing
|
Fuzzing: Challenges and
Reflections. link
The Art, Science, and Engineering of Fuzzing:
A Survey. link
|
||
| 01/23/25 |
Security Testing and Fuzzing
|
NEUZZ: Efficient Fuzzing with Neural Program Smoothing. link
|
||
| 01/28/25 |
Program Analysis
|
A Few Billion Lines of Code Later Using Static Analysis to Find Bugs in the Real World. link
Athena: Analyzing and Quantifying Side Channels of Transport Layer Protocols. link
|
||
| 01/30/25 |
|
Neutaint: Efficient Dynamic Taint Analysis with Neural Networks.
link
|
||
| 02/04/25 |
|
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. link
CUTE: A Concolic Unit Testing Engine for C. link
|
||
| 02/06/25 |
|
|||
| 02/11/25 |
Formal Analysis (Mujtahid) and Fuzzing (Ronit) |
Paper Review 1: Due 2/10/2025. |
Formal Analysis of Access Control Mechanism of 5G Core Network. link
Towards Generic Database Management System Fuzzing. link
|
|
| 02/13/25 |
GPU Exploit (Deeksha) DNS-Cache Tracking (Kanika) |
Project - Part 1 - report and code submission |
GPU memory exploitation for fun and profit. link
DNS Cache-Based User Tracking. link
|
|
| 02/18/25 | Project Part 1 demo and presentation + Part 2 plan presentation (15 minutes per team) - Teams 6-10 | |||
| 02/20/25 | Project Part 1 demo and presentation + Part 2 plan presentation (15 minutes per team) - Teams 1-5 | |||
| 02/25/25 |
Phishing (Chaithanya) Suppy-chain (Himashveta) IMU Attack (Raghav) |
Paper Review 2: Due 2/24/2025. |
PhishDecloaker: Detecting CAPTCHA-cloaked Phishing Websites via Hybrid Vision-based Interactive Models.
link
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages.
link
StealthyIMU: Stealing Permission-protected Private Information From Smartphone Voice ssistant Using Zero-Permission sensors.
link
|
|
| 02/27/25 |
Spec-Inconsistency (Rao) Payment (Vedant) LLM-Fuzzing (Ananna) |
CellularLint: A Systematic Approach to Identify Inconsistent Behavior in Cellular Network Specifications.
link
Security Analysis of Unified Payments Interface and Payment Apps in India.
link
CellularLint: A Systematic Approach to Identify Inconsistent Behavior in Cellular Network Specifications .
link
|
||
| 03/04/25 |
|
Learning Regular Sets from Queries and Counterexamples*.
link
Logic Gone Astray: A Security Analysis Framework for the Control Plane Protocols of 5G Basebands.
link
|
||
| 03/06/25 |
Fuzzing (Kapil) SYN-flood defense (Khusagra) Vuln. DL FW (Toufik) |
Paper Review 3: Due 03/03/2025 |
NEUZZ: Efficient Fuzzing with Neural Program Smoothing
link
ISmartCookie: Blocking Large-Scale SYN Floods with a Split-Proxy Defense on Programmable Data Planes
link
IvySyn: Automated Vulnerability Discovery in Deep Learning Frameworks
link
|
|
| 03/13/25 | Spring break! Let me take a break too :) | |||
| 03/15/25 | Spring break! Let me take a break too :) | |||
| 03/18/25 | Project Part 2 progress demo and presentation 1 (15 minutes per team) - Teams 10-6 | |||
| 03/20/25 | Project Part 2 progress demo and presentation 1 (15 minutes per team) - Teams 5-1 | |||
| 03/25/25 |
|
Paper Review 4: Due 03/24/2025 |
Dynamically discovering likely program invariants to support program evolution.
link
ORANalyst: Systematic Testing Framework for Open RAN Implementations.
link
|
|
| 03/27/25 |
Smart Contract Verification (Aakash) LLM Safety (Zhuoyi) IoT Threats (Jiahe) |
Abusing the Ethereum Smart Contract Verification Services for Fun and Profit.
link
Safety Layers in Aligned Large Language Models: The Key to LLM Security.
link
Detecting and Handling IoT Interaction Threats in Multi-Platform Multi-Control-Channel Smart Homes.
link
|
||
| 04/01/25 |
Access Control (Mujtahid) Fuzzing Kernel (Ronit) |
Is Modeling Access Control Worth It?
link
SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in the Linux Kernel.
link
|
||
| 04/03/25 | Project Part 2 progress demo and presentation 2 (7 minutes per team) - Teams 10-1 | |||
| 04/08/25 |
GPU Side-Channel (Deeksha) Fuzzing Javascript (Kanika) |
Paper Review 5: Due 04/07/2025 |
TunneLs for Bootlegging: Fully Reverse-Engineering GPU TLBs for Challenging Isolation Guarantees of NVIDIA MIG.
link
FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities.
link
|
|
| 04/10/25 |
Certificate Validation (Chaithanya) Supply-Chain Sec. (Himashveta) TBD (Raghav) |
V’CER: Efficient Certificate Validation in Constrained Networks.
link
Exorcist: Automated Differential Analysis to Detect Compromises in Closed-Source Software Supply Chains.
link
|
||
| 04/15/25 |
Paper presentation 10 LLM-Fuzzing (Rao) GPT-based Evasion (Himashveta) |
Paper Review 6: Due 04/14/2025 |
Large Language Model guided Protocol Fuzzing.
link
EaTVul: ChatGPT-based Evasion Attack Against Software Vulnerability Detection.
link
|
|
| 04/17/25 |
Web Privacy (Kapil) Microarch. Bugs (Khusagra) Javascript Fuzz (Toufik) |
Leaky Images: targetted Privacy Attacks in the Web.
link
LPensieve: Microarchitectural Modeling for Security Evaluation.
link
LOptFuzz: Optimization Path Guided Fuzzing for JavaScript JIT Compilers.
link
|
||
| 04/22/25 |
Smart-Contract Analysis (Akash) Phishing (Zhuoyi) IoT Threats (Jiahe) |
Panda: Security Analysis of Algorand Smart Contracts.
link
KnowPhish: Large Language Models Meet Multimodal Knowledge Graphs for Enhancing Reference-Based Phishing Detection.
link
ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks.
link
|
||
| 04/24/25 |
(Part 2) |
5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol. | ||
| 04/29/25 | Final project presentation (15 minutes per team) - Teams 1-5 | |||
| 05/01/25 | Final project presentation (15 minutes per team) - Teams 1-5 | |||
.