SOC-Security Reading Group (SOC-SRG)


The Security Reading Group is a weekly meeting for discussing research papers, emerging problems, interesting issues in system security. Any graduate-level students interested in system security are welcome to join this group. Each week participants read, present and discuss a technical paper.


The group is informal, consisting of people interested in system security coming together to further understand the field. The main point of SOC-SRG is to stay in touch with the latest developments in system security area.

Meeting Schedule

Everyone is encouraged to submit papers for the group. Send emails at: (soc DASH sec DASH reading DOT googlegroups DOT com) for your suggestions.

Security reading group meeting will be held weekly in COM2-02-26 on Wednesday at 4:30pm. The venue of the group meeting is quiet flexible. Room 02-26 in COM2 is reserved till 2011. The correct venue and time will be announced on soc mailing list on a day before the group meeting.

Proposed Reading Schedule

Nos.Name of PaperPresentation Date Presenter
  139.TBD  25/09/2013  Bodhi
  138.TBD  18/09/2013  Enrico
  137.TBD  11/09/2013  Chengfang
  136.TBD  04/09/2013  Hong Hu
  135.TBD  28/08/2013  Xinshu
  134.TBD  21/08/2013  Dai Ting
  133.TBD  14/08/2013  Shruti
  132.TBD  07/08/2013  Shweta
  131.TBD  31/07/2013  Behnaz
  130.TBD  24/07/2013  Chunwang
  129.TBD  17/07/2013  Yaoqi
  128.TBD  10/07/2013  Guangdong
  127.TBD  03/07/2013  Xiaolei
  126.Virtualization-based Data Protection against Untrusted Operating Systems  26/06/2013  Yueqiang Cheng (SMU)
  124.Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting  12/06/2013  Enrico
  123.PRIVEXEC: Private Execution as an Operating System Service  05/06/2013  Hu Hong
  121.Incremental Deterministic Public-Key Encryption  22/05/2013  Chengfang
  120.Xinshu's PH.D DEFENCE  15/05/2013  Xinshu
  119.Dawei's thesis defence  24/04/2013  Dawei Qi
  118.Dai Ting's theis proposal defence  17/04/2013  Dai Ting
  117.Innocent by Association: Early Recognition of Legitimate Users  03/04/2013  Hossein
  116.Lucky Thirteen: Breaking the TLS and DTLS Record Protocols  27/03/2013  Shruti
  115.Comparing Mobile Privacy Protection through Cross-Platform Applications  20/03/2013  Yaoqi
  114.Security Enhanced (SE) Android: Bringing Flexible MAC to Android  13/03/2013  Behnaz
  113.Fix Me Up: Repairing Access-Control Bugs in Web Applications  06/03/2013  Shweta
  112.Detecting Passive Content Leaks and Pollution in Android Applications  27/02/2013  Xiaolei
  111.Practical Control Flow Integrity and Randomization for Binary Executables  06/02/2013  Hong Hu
  110.When Firmware Modifications Attack: A Case Study of Embedded Exploitation  23/01/2013  Bodhi
  109.CleanOS: Limiting Mobile Data Exposure with Idle Eviction  16/01/2013  Guangdong
  108.Airavat: Security and Privacy for MapReduce  09/01/2013  Chunwang
  107.Leveraging "Choice" to Automate Authorization Hook Placement  02/01/2013  Xinshu
  106.STING: Finding Name Resolution Vulnerabilities in Programs  26/12/2012  Dai Ting
  105.Detecting Hoaxes, Frauds, and Deception in Writing Style Online  19/12/2012  Hossein
  104.Abusing File Processing in Malware Detectors for Fun and Profit  12/12/2012  Mayank
  103.Ongoing work on Android malware analysis  28/11/2012  Lorenzo "Gigi Sullivan" Cavallaro
  102.Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider  21/11/2012  Shruti
  101.Hourglass Schemes: How to Prove that Cloud Files Are Encrypted  31/10/2012  Shweta
  100.JVM-Portable Sandboxing of Java's Native Libraries  17/10/2012  Behnaz
  99.Memento: Learning Secrets from Process Footprints  10/10/2012  Chengfang
  98.Lightweight Anonymous Authentication with TLS and DAA for Embedded Mobile Devices  03/10/2012  Xiaolei
  97.Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web  19/09/2012  Hong Hu
  96.Risk-Aware Workload Distribution in Hybrid Clouds  12/09/2012  Chunwang
  95.Codejail: Application-transparent Isolation of Libraries with Tight Program Interactions  05/09/2012  Yongzheng
  94.Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems  29/08/2012  Xinshu
  93.Pushdown Model Checking for Malware Detection. Efficient Malware Detection Using Model-Checking  22/08/2012  Shi Jianqi
  92.Safe Loading - A Foundation for Secure Execution of Untrusted Programs  01/08/2012  Dai Ting
  91.Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks  25/07/2012  Dawei
  90.Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services  18/07/2012  Guangdong
  89.Experiments with Malware Visualization  11/07/2012  Yongzheng
  88.Adaptive Differentially Private Histogram of Low-Dimensional Data  04/07/2012  Chengfang
  87.Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization  27/06/2012  Mingwei
  86.Rozzle: De-Cloaking Internet Malware  20/06/2012  Sai
  85.DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation  13/06/2012  Hong Hu
  84. Chrome Extensions: Threat Analysis and Countermeasures   30/05/2012  Xinshu
  83. SPORC: Group Collaboration using Untrusted Cloud Resources (OSDI'10)   23/05/2012  Chunwang
  82.Thesis Proposal Presentation: Ensuring Session Integrity in the Browser Environment   16/05/2012  Kailas
  81. A Study of Android Application Security (Usenix Security'2011)   09/05/2012  Dawei
  80. Systematic Detection of Capability Leaks in Stock Android Smartphones (NDSS'2012)   04/04/2012  Behnaz
  79.Doctaral Seminar: On Information Theoretic Analysis for Privacy Protection of Sensitive Personal   28/03/2012  Fang Chengfang
  78.PhD Defense Rehearsal:Operating System Auditing and Monitoring   14/03/2012  Yongzheng
  77.Mitigating code-reuse attacks with control-flow locking (ACSAC'11)   07/03/2012  Dai Ting
  76. Ongoing work on face image protection mechanism   29/02/2012  Chengfang
  75. Semantically Rich Application-Centric Security in Android (ACSAC'2009)   22/02/2012  Xiaolei
  74. Automatic Detection of Vulnerable Dynamic Component Loadings   15/02/2012  Sai
  73. Extracting and Verifying Cryptographic Models from C Protocol Code by Symbolic Execution (CCS'11)  08/02/2012  Guangdong
  72. Cloud Computing: Google File System, MapReduce  01/02/2012  Xuhui
  71.Identifying and Analyzing Pointer Misuses for Sophisticated Memory-corruption Exploit Diagnosis   25/01/2012  Mingwei
  70.Combining control-flow integrity and static analysis for efficient and validated data sandboxing (CCS 2011)   18/01/2012  Yongzheng
  69.App Isolation:Get the Security of Multiple Browsers with Just One (CCS11)   11/01/2012  Kailas
  68.Some related papers on Topic: Information Leakage in the Cloud & the Hybrid-Cloud Setting   04/01/2012  Chunwang
  67. Software fault isolation with API integrity and multi-principal modules  28/12/2011  Dawei
  66.AjaxScope: A Platform for Remotely Monitoring the Client-side Behavior of Web 2.0 Applications   21/12/2011  Xinshu
  65.Automatic Reverse Engineering of Data Structures from Binary Execution (NDSS10)   14/12/2011  Mingwei
  64.Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries (S & P 2010)   07/12/2011  Sai
  63.Smooth Sensitivity and Sampling in Private Data Analysis (STOC 2007)   30/11/2011  Chengfang
  62.BrowserGuard: A Behavior-Based Solution to Drive-by-Download Attacks (IEEE Journal on Selected Areas of Comm)  09/11/2011  Dai Ting
  61.These Aren't the Droids You're Looking For: Retrofitting Android to Protect Data from Imperious Applications(CCS 2011)  02/11/2011  Xiaolei
  60.Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code (WWW 2010)  19/10/2011  Xuhui
  59.Grammar-guided Validation of SQL Injection Sanitizers  05/10/2011  Sai
  58.Language-Independent Sandboxing of Just-In-Time Compilation and Self-Modifying Code  07/09/2011  Wu Yongzheng
  57.Link Privacy in Social Networks  24/08/2011  Suhendry Effendy
  56.TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection   17/08/2011  Tielei Wang (Peking Univ)
  55.Secure Collaborative Editing   10/08/2011  Chunwang
  54.WebShield: Enabling Various Web Defense Techniques without Client Side Modifications (NDSS'11)   03/08/2011  Xinshu
  53.FIRM: Capability-based Inline Mediation of Flash Behaviors (ACSAC 2010)  27/07/2011  Kailas
  52.Differential Slicing: Identifying Causal Execution Differences for Security Applications (IEEE S&P)   15/06/2011  Sai
  51.Towards Fine-grained Access Control in JavaScript Context (ICDCS 2011) - Dry run   15/06/2011  Kailas
  50.Automatic Generation of Remediation Procedures for Malware Infections (Usenix Sec 2010)  13/04/2011  Sufatrio
  49. Convicting exploitable software vulnerabilities: An efficient input provenance based approach (DSN 2008)   06/04/2011  Dawei
  48.Differential Privacy: A Survey of Results  30/03/2011  Chengfang
  47.Scene tagging: image-based CAPTCHA using image composition and object relationships (ASIACCS 2010)   23/03/2011   Chunwang Zhang
  46.Adnostic: Privacy Preserving Targeted Advertising (NDSS2010)   16/03/2011  Xuhui
  45.Trust and Protection in the Illinois Browser Operating System (OSDI 2010)   02/03/2011  Xinshu
  44.G-Free: Defeating Return-Oriented Programming through Gadget-less Binaries (ACSAC 2010)   23/02/2011  YongZheng
  43.Identifying Dormant functionality in Malware Programs (IEEE S&P 2010)   16/02/2011  Sai
  42.ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser(IEEE S&P 2010)  09/02/2011  Dai Ting
  41.An Android Application Sandbox System for Suspicious Software Detection (MALWARE October 2010)   26/01/2011  Xiaolei
  40. Deafeating Cross site Request Forgery with Browser Enforced Authenticity Protection   13/10/2010   Kailas
  39.Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications(IEEE S&P 2008)   06/10/2010   Dawei Qi
  38.Protecting Confidential Data on Personal Computers with Storage Capsules (USENIX Security 2009)   22/09/2010   Narcisa Milea
  37.Signature generation and detection of malware families(ACISP-2008)   15/09/2010   Sai
  36.Native Client: A Sandbox for Portable, Untrusted x86 Native Code (IEEE S&P 2009)   8/09/2010   Dai Ting
  35.Enhancing Host Security using External Environment Sensors(Dry-Run Presentation)   1/09/2010   luliming
  34.A Chameleon Encryption Scheme Resistant to Known-Plaintext Attack (Dry-Run Presentation)   18/08/2010   Xu Jia
  33. Secure Program Execution via Dynamic Information Flow Tracking (ASPLOS'04)   11/08/2010    Xiaolei
  32. WebBlaze: New Techniques and Tools for Web Security   21/07/2010    Dr. Dawn Song (Berkely)
  31. Exploiting Scheduled Email Service for Timed-Release of Confidential Information   14/07/2010    Chunwang Zhang
  30. Website Fingerprinting and Identification using Ordered Feature Sequences   07/07/2010    Lu Liming
  29. Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries (IEEE S&P 2010)   30/06/2010    Narcisa
  28. Survey on Flash vulnerability and countermeasures   23/06/2010    Xuhui
  27. ClickGuard: Preventing Click Event Hijacking by User Intention Inference   16/06/2010    Kailas
  26. Secure Sketch for Multiple Secrets   09/06/2010    Chengfang
  25. ClickGuard: Preventing Click Event Hijacking by User Intention Inference   02/06/2010    Kailas
  24. Coordinated Scan Detection   26/05/2010    Chunwang Zhang
  23. Automatic Patch-Based Exploit Generation is Possible:Techniques and Implications   31/03/2010    Dai Ting
  22. Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense   24/03/2010    Xiaolei
  21. Server-side verification of client behavior in online games   17/03/2010    Dawei
  20. Effective and Efficient Malware Detection at the End Host (UseNIX sec 2009)   10/03/2010    YongZheng
  19. Normal Behavior Monitor   03/03/2010    Narcisa
  18. Protecting browsers from extension vulnerabilities (NDSS10)   17/02/2010    Xinshu
  17. A Solution for the Automated Detection of Clickjacking Attacks   10/02/2010    Kailas
  16.Renovo: A Hidden Code Extractor for Packed Executables (ACM WORM 2007)   27/01/2010    Kailas
  15.An Efficient Black-box Technique for Defeating Web Application Attacks (NDSS Feb 2009)   20/01/2010   Dai Ting
  14.Countering Kernel Rootkits with Lightweight Hook Protection (ACM CCS2009)   13/01/2010  Xiaolei
  13.Improving Application Security with Data Flow Assertions (SOSP 2009)   11/11/2009  Dawei
  12.Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems (USENIX Security 09)   04/11/2009  YongZheng
  11.Using Static Analysis for Ajax Intrusion Detection (WWW 2009)  28/10/2009  Xinshu
  10.OmniUnpack:Fast, Generic, and Safe Unpacking of Malware  21/10/2009  Kailas
  9.Evaluating Network Security With Attack Graphs(ACSAC 2009), and
Identifying Critical Attack Assets in Dependency Attack Graphs (Esorics 2008)
  14/10/2009  Liu Xuejiao
  8.Vanish: Increasing Data Privacy with Self-Destructing Data  02/09/2009  Chengfang
  7.Sybil-Resilient Online Content Voting (NSDI 09: 6th USENIX Symposium on Networked Systems Design and Implementation)  26/08/2009  Felix Halim
  6.Characterizing Insecure JavaScript Practices on the Web (WWW 2009)  19/08/2009  Rajiv
  5.Malware Behavioral Detection by Attribute-Automata using Abstraction from Platform and Language (RAID 2009)  12/08/2009  Sufatrio
  4.Wiki Credibility Enhancement  05/08/2009  Yongzheng
  3.Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves (IEEE S & P 2009)  29/07/2009  Dawei
  2.Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers (IEEE S & P 2009)  22/07/2009  Kailas
  1.Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments (IEEE S & P 2009)  08/07/2009  Xinshu


Student Name Number of Presentations
 Kailas   11 
 Xinshu   9 
 Yongzheng   9 
 Ting    8 
 Dawei   8 
 Chengfang   8 
 Chunwang   8 
 Xiaolei   8 
 Sai   7 
 Xuhui   4 
 Narcisa   3 
 Mingwei   3 
 Guangdong   3 
 Hong Hu   3 
 Shweta   2 
 Shruti   1 
 Jia Xu   2 
 Sufatrio   2 
 Behnaz   2 
 luliming  1 
 Rajiv  1 
 Felix   1 

Suggested Sources of Paper

  SOSP   OSDI    IEEE S & P     ACM CCS    NDSS  
  WWW    RAID    USENIX Security    ACSAC    INFOCOM  


Pls send emails at: xdong AT comp DOT nus DOT edu DOT sg