abhi shelat

Extra Materials

There are many topics that we were not able to cover this year, but I wanted to provide some resources for the curious.

Crimeware, Botnets

In previous years, we covered crimeware and botnets. Here are some annotated slides (pdf) on this topic.

Ethics of cybersecurity

Kevin Mills has produced a set of slides (pdf) on Ethics and cybersecurity, specifically how Value Sensitive Design relates to this field.

Cyberlaw

Christo has produced some slides (pdf) on the topic of Cyberlaw and how it relates to cybersecurity research.

More interesting topics in cybersecurity

  • Post-quantum cryptography: The encryption schemes we discussed in class (RSA, Elliptic Curves)—which are secure assuming our classical notion of computation—can yet be broken if sufficiently powerful quantum computers can be engineered. So far, we have not been able to build the model of quantum computer necessary for this attack, but there is no reason why an engineering breakthrough could overcome current bottlenecks tomorrow. As a result of this possible weakeness, people have designed crypto schemes that are post-quantum, or in other words, secure (as far as we know) even if quantum computers can be built.

  • Cryptocurrencies and smart contracts: The main insight here is that a currency only requires a ledger, or a list of transactions, that everyone can agree on. The fundamental problem of agreement, especially among mutually distrusting parties in the presense of an adversary, is a fundamental and difficult computer science problem. There has been a lot of progress on this problem in the last 15 years, Bitcoin, or Nakamoto consensus, offered an interesting trade-off on this problem (lots of wasted work). Once we have a digital ledger, however, we can also use programming langauges that run “on top” of the ledger to implement novel instruments such as smart contracts.

  • Protocol Security (TLS, wireless, SDN): We briefly discussed TLS, but there are lots of security issues in that topic.

  • Side channel attacks: Abstractions leak information, and these side channels can undermine security. E.g., Spectre and Meltdown most recently.

  • Secure Hardware Technologies (TPM, TXT): How can we build secure hardware that offers properties beyond privelege and isolation.

  • Distributed System Security and Resilience

  • Privacy and regulations

  • Fuzzing and software testing: How can we test software to find vulnerabilities automatically?

  • Formal verification: Can we build software that is provably constructed to avoid many cybersecurity errors?

  • Mobile and IoT security

  • Machine Learning for Security

  • Adversarial Machine Learning