SOC-Security Reading Group (SOC-SRG)


The Security Reading Group is a weekly meeting for discussing research papers, emerging problems, interesting issues in system security. Any graduate-level students interested in system security are welcome to join this group. Each week participants read, present and discuss a technical paper.


The group is informal, consisting of people interested in system security coming together to further understand the field. The main point of SOC-SRG is to stay in touch with the latest developments in system security area.

Meeting Schedule

Everyone is encouraged to submit papers for the group. Send emails at: (soc DASH sec DASH reading DOT googlegroups DOT com) for your suggestions.

Security reading group meeting will be held weekly in COM2-02-26 on Wednesday at 4:30pm. The venue of the group meeting is quiet flexible. Room 02-26 in COM2 is reserved till 2011. The correct venue and time will be announced on soc mailing list on a day before the group meeting.

Proposed Reading Schedule

Nos.Name of PaperPresentation Date Presenter
  152.  TBA  03/12/2014  Shruti
  151.  TBA  26/11/2014  Shweta
  150.  TBA  19/11/2014  Hung
  149.  TBA  12/11/2014  Zheng Leong
  148.  TBA  05/11/2014  Xiaolu
  147.  TBA  29/10/2014  Dai Ting
  146.  TBA  22/10/2014  Behnaz
  145.  TBA  15/10/2014  Yaoqi
  144.  TBA  08/10/2014  Loi
  143.  SpanDex: Secure Password Tracking for Android  01/10/2014  Guangdong
  142.  Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks  24/09/2014  Xiaolei
  141.  Deanonymisation of clients in Bitcoin P2P network  17/09/2014  Inian
  140.  You Can't Be Me: Enabling Trusted Paths & User Sub-Origins in Web Browsers  10/09/2014  Enrico
  139.  Enhancing Symbolic Execution with Veritesting (Slides)  03/09/2014  Hu Hong
  138.  Language-based Defenses against Untrusted Browser Origins  26/03/2014  Enrico
  137.  A Model Counter For Constraints Over Unbounded Strings  19/03/2014  Loi
  136.  Cross-origin pixel stealing: timing attacks using CSS filters (Slides)  12/03/2014  Yaoqi
  135.  Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications  05/03/2014  Behnaz
  134.  Screenmilker: How to Milk Your Android Screen for Secrets (Slides)  19/02/2014  Guangdong
  133.  Threat Model of a Scenario Based on Trusted Platform Module 2.0 Specification  29/01/2014  Jun Yi (Royal Holloway)
  132.  ROPecker: A Generic and Practical Approach for Defending Against ROP Attacks (Slides)  22/01/2014  Hu Hong
  131.  An Ideal-Security Protocol for Order-Preserving Encoding  02/10/2013  Shruti
  130.  Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization (Slides 1  Slides 2)  14/08/2013  Dai Ting
  129.  kGuard: Lightweight Kernel Protection against Return-to-User Attacks (Slides)  31/07/2013  Behnaz
  128.  Silverline: toward data confidentiality in storage-intensive cloud applications (Slides)  24/07/2013  Chunwang
  127.  Aurasium: Practical Policy Enforcement for Android Applications (Slides)  17/07/2013  Yaoqi
  126.  Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization (Slides)  10/07/2013  Guangdong
  125.  CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities (Slides)  03/07/2013  Xiaolei
  124.  Virtualization-based Data Protection against Untrusted Operating Systems  26/06/2013  Yueqiang Cheng (SMU)
  123.  Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting  12/06/2013  Enrico
  122.  PRIVEXEC: Private Execution as an Operating System Service  05/06/2013  Hu Hong
  121.  Incremental Deterministic Public-Key Encryption  22/05/2013  Chengfang
  120.  Xinshu's PH.D DEFENCE  15/05/2013  Xinshu
  119.  Dawei's thesis defence  24/04/2013  Dawei Qi
  118.  Dai Ting's theis proposal defence  17/04/2013  Dai Ting
  117.  Innocent by Association: Early Recognition of Legitimate Users  03/04/2013  Hossein
  116.  Lucky Thirteen: Breaking the TLS and DTLS Record Protocols  27/03/2013  Shruti
  115.  Comparing Mobile Privacy Protection through Cross-Platform Applications  20/03/2013  Yaoqi
  114.  Security Enhanced (SE) Android: Bringing Flexible MAC to Android  13/03/2013  Behnaz
  113.  Fix Me Up: Repairing Access-Control Bugs in Web Applications  06/03/2013  Shweta
  112.  Detecting Passive Content Leaks and Pollution in Android Applications  27/02/2013  Xiaolei
  111.  Practical Control Flow Integrity and Randomization for Binary Executables  06/02/2013  Hong Hu
  110.  When Firmware Modifications Attack: A Case Study of Embedded Exploitation  23/01/2013  Bodhi
  109.  CleanOS: Limiting Mobile Data Exposure with Idle Eviction  16/01/2013  Guangdong
  108.  Airavat: Security and Privacy for MapReduce  09/01/2013  Chunwang
  107.  Leveraging "Choice" to Automate Authorization Hook Placement  02/01/2013  Xinshu
  106.  STING: Finding Name Resolution Vulnerabilities in Programs  26/12/2012  Dai Ting
  105.  Detecting Hoaxes, Frauds, and Deception in Writing Style Online  19/12/2012  Hossein
  104.  Abusing File Processing in Malware Detectors for Fun and Profit  12/12/2012  Mayank
  103.  Ongoing work on Android malware analysis  28/11/2012  Lorenzo "Gigi Sullivan" Cavallaro
  102.  Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider  21/11/2012  Shruti
  101.  Hourglass Schemes: How to Prove that Cloud Files Are Encrypted  31/10/2012  Shweta
  100.  JVM-Portable Sandboxing of Java's Native Libraries  17/10/2012  Behnaz
  99.  Memento: Learning Secrets from Process Footprints  10/10/2012  Chengfang
  98.  Lightweight Anonymous Authentication with TLS and DAA for Embedded Mobile Devices  03/10/2012  Xiaolei
  97.  Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web  19/09/2012  Hong Hu
  96.  Risk-Aware Workload Distribution in Hybrid Clouds  12/09/2012  Chunwang
  95.  Codejail: Application-transparent Isolation of Libraries with Tight Program Interactions  05/09/2012  Yongzheng
  94.  Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems  29/08/2012  Xinshu
  93.  Pushdown Model Checking for Malware Detection. Efficient Malware Detection Using Model-Checking  22/08/2012  Shi Jianqi
  92.  Safe Loading - A Foundation for Secure Execution of Untrusted Programs  01/08/2012  Dai Ting
  91.  Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks  25/07/2012  Dawei
  90.  Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services  18/07/2012  Guangdong
  89.  Experiments with Malware Visualization  11/07/2012  Yongzheng
  88.  Adaptive Differentially Private Histogram of Low-Dimensional Data  04/07/2012  Chengfang
  87.  Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization  27/06/2012  Mingwei
  86.  Rozzle: De-Cloaking Internet Malware  20/06/2012  Sai
  85.  DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation  13/06/2012  Hong Hu
  84.  Chrome Extensions: Threat Analysis and Countermeasures   30/05/2012  Xinshu
  83.  SPORC: Group Collaboration using Untrusted Cloud Resources (OSDI'10)   23/05/2012  Chunwang
  82.  Thesis Proposal Presentation: Ensuring Session Integrity in the Browser Environment   16/05/2012  Kailas
  81.  A Study of Android Application Security (Usenix Security'2011)   09/05/2012  Dawei
  80.  Systematic Detection of Capability Leaks in Stock Android Smartphones (NDSS'2012)   04/04/2012  Behnaz
  79.  Doctaral Seminar: On Information Theoretic Analysis for Privacy Protection of Sensitive Personal   28/03/2012  Fang Chengfang
  78.  PhD Defense Rehearsal:Operating System Auditing and Monitoring   14/03/2012  Yongzheng
  77.  Mitigating code-reuse attacks with control-flow locking (ACSAC'11)   07/03/2012  Dai Ting
  76.  Ongoing work on face image protection mechanism   29/02/2012  Chengfang
  75.  Semantically Rich Application-Centric Security in Android (ACSAC'2009)   22/02/2012  Xiaolei
  74.  Automatic Detection of Vulnerable Dynamic Component Loadings   15/02/2012  Sai
  73.  Extracting and Verifying Cryptographic Models from C Protocol Code by Symbolic Execution (CCS'11)  08/02/2012  Guangdong
  72.  Cloud Computing: Google File System, MapReduce  01/02/2012  Xuhui
  71.  Identifying and Analyzing Pointer Misuses for Sophisticated Memory-corruption Exploit Diagnosis   25/01/2012  Mingwei
  70.  Combining control-flow integrity and static analysis for efficient and validated data sandboxing (CCS 2011)   18/01/2012  Yongzheng
  69.  App Isolation:Get the Security of Multiple Browsers with Just One (CCS11)   11/01/2012  Kailas
  68.  Some related papers on Topic: Information Leakage in the Cloud & the Hybrid-Cloud Setting   04/01/2012  Chunwang
  67.  Software fault isolation with API integrity and multi-principal modules  28/12/2011  Dawei
  66.  AjaxScope: A Platform for Remotely Monitoring the Client-side Behavior of Web 2.0 Applications   21/12/2011  Xinshu
  65.  Automatic Reverse Engineering of Data Structures from Binary Execution (NDSS10)   14/12/2011  Mingwei
  64.  Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries (S & P 2010)   07/12/2011  Sai
  63.  Smooth Sensitivity and Sampling in Private Data Analysis (STOC 2007)   30/11/2011  Chengfang
  62.  BrowserGuard: A Behavior-Based Solution to Drive-by-Download Attacks (IEEE Journal on Selected Areas of Comm)  09/11/2011  Dai Ting
  61.  These Aren't the Droids You're Looking For: Retrofitting Android to Protect Data from Imperious Applications(CCS 2011)  02/11/2011  Xiaolei
  60.  Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code (WWW 2010)  19/10/2011  Xuhui
  59.  Grammar-guided Validation of SQL Injection Sanitizers  05/10/2011  Sai
  58.  Language-Independent Sandboxing of Just-In-Time Compilation and Self-Modifying Code  07/09/2011  Wu Yongzheng
  57.  Link Privacy in Social Networks  24/08/2011  Suhendry Effendy
  56.  TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection   17/08/2011  Tielei Wang (Peking Univ)
  55.  Secure Collaborative Editing   10/08/2011  Chunwang
  54.  WebShield: Enabling Various Web Defense Techniques without Client Side Modifications (NDSS'11)   03/08/2011  Xinshu
  53.  FIRM: Capability-based Inline Mediation of Flash Behaviors (ACSAC 2010)  27/07/2011  Kailas
  52.  Differential Slicing: Identifying Causal Execution Differences for Security Applications (IEEE S&P)   15/06/2011  Sai
  51.  Towards Fine-grained Access Control in JavaScript Context (ICDCS 2011) - Dry run   15/06/2011  Kailas
  50.  Automatic Generation of Remediation Procedures for Malware Infections (Usenix Sec 2010)  13/04/2011  Sufatrio
  49.  Convicting exploitable software vulnerabilities: An efficient input provenance based approach (DSN 2008)   06/04/2011  Dawei
  48.  Differential Privacy: A Survey of Results  30/03/2011  Chengfang
  47.  Scene tagging: image-based CAPTCHA using image composition and object relationships (ASIACCS 2010)   23/03/2011   Chunwang Zhang
  46.  Adnostic: Privacy Preserving Targeted Advertising (NDSS2010)   16/03/2011  Xuhui
  45.  Trust and Protection in the Illinois Browser Operating System (OSDI 2010)   02/03/2011  Xinshu
  44.  G-Free: Defeating Return-Oriented Programming through Gadget-less Binaries (ACSAC 2010)   23/02/2011  YongZheng
  43.  Identifying Dormant functionality in Malware Programs (IEEE S&P 2010)   16/02/2011  Sai
  42.  ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser(IEEE S&P 2010)  09/02/2011  Dai Ting
  41.  An Android Application Sandbox System for Suspicious Software Detection (MALWARE October 2010)   26/01/2011  Xiaolei
  40.  Deafeating Cross site Request Forgery with Browser Enforced Authenticity Protection   13/10/2010   Kailas
  39.  Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications(IEEE S&P 2008)   06/10/2010   Dawei Qi
  38.  Protecting Confidential Data on Personal Computers with Storage Capsules (USENIX Security 2009)   22/09/2010   Narcisa Milea
  37.  Signature generation and detection of malware families(ACISP-2008)   15/09/2010   Sai
  36.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code (IEEE S&P 2009)   8/09/2010   Dai Ting
  35.  Enhancing Host Security using External Environment Sensors(Dry-Run Presentation)   1/09/2010   luliming
  34.  A Chameleon Encryption Scheme Resistant to Known-Plaintext Attack (Dry-Run Presentation)   18/08/2010   Xu Jia
  33.  Secure Program Execution via Dynamic Information Flow Tracking (ASPLOS'04)   11/08/2010    Xiaolei
  32.  WebBlaze: New Techniques and Tools for Web Security   21/07/2010    Dr. Dawn Song (Berkely)
  31.  Exploiting Scheduled Email Service for Timed-Release of Confidential Information   14/07/2010    Chunwang Zhang
  30.  Website Fingerprinting and Identification using Ordered Feature Sequences   07/07/2010    Lu Liming
  29.  Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries (IEEE S&P 2010)   30/06/2010    Narcisa
  28.  Survey on Flash vulnerability and countermeasures   23/06/2010    Xuhui
  27.  ClickGuard: Preventing Click Event Hijacking by User Intention Inference   16/06/2010    Kailas
  26.  Secure Sketch for Multiple Secrets   09/06/2010    Chengfang
  25.  ClickGuard: Preventing Click Event Hijacking by User Intention Inference   02/06/2010    Kailas
  24.  Coordinated Scan Detection   26/05/2010    Chunwang Zhang
  23.  Automatic Patch-Based Exploit Generation is Possible:Techniques and Implications   31/03/2010    Dai Ting
  22.  Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense   24/03/2010    Xiaolei
  21.  Server-side verification of client behavior in online games   17/03/2010    Dawei
  20.  Effective and Efficient Malware Detection at the End Host (UseNIX sec 2009)   10/03/2010    YongZheng
  19.  Normal Behavior Monitor   03/03/2010    Narcisa
  18.  Protecting browsers from extension vulnerabilities (NDSS10)   17/02/2010    Xinshu
  17.  A Solution for the Automated Detection of Clickjacking Attacks   10/02/2010    Kailas
  16.  Renovo: A Hidden Code Extractor for Packed Executables (ACM WORM 2007)   27/01/2010    Kailas
  15.  An Efficient Black-box Technique for Defeating Web Application Attacks (NDSS Feb 2009)   20/01/2010   Dai Ting
  14.  Countering Kernel Rootkits with Lightweight Hook Protection (ACM CCS2009)   13/01/2010  Xiaolei
  13.  Improving Application Security with Data Flow Assertions (SOSP 2009)   11/11/2009  Dawei
  12.  Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems (USENIX Security 09)   04/11/2009  YongZheng
  11.  Using Static Analysis for Ajax Intrusion Detection (WWW 2009)  28/10/2009  Xinshu
  10.  OmniUnpack:Fast, Generic, and Safe Unpacking of Malware  21/10/2009  Kailas
  9.  Evaluating Network Security With Attack Graphs(ACSAC 2009), and
  Identifying Critical Attack Assets in Dependency Attack Graphs (Esorics 2008)
  14/10/2009  Liu Xuejiao
  8.  Vanish: Increasing Data Privacy with Self-Destructing Data  02/09/2009  Chengfang
  7.  Sybil-Resilient Online Content Voting (NSDI 09: 6th USENIX Symposium on Networked Systems Design and Implementation)  26/08/2009  Felix Halim
  6.  Characterizing Insecure JavaScript Practices on the Web (WWW 2009)  19/08/2009  Rajiv
  5.  Malware Behavioral Detection by Attribute-Automata using Abstraction from Platform and Language (RAID 2009)  12/08/2009  Sufatrio
  4.  Wiki Credibility Enhancement  05/08/2009  Yongzheng
  3.  Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves (IEEE S & P 2009)  29/07/2009  Dawei
  2.  Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers (IEEE S & P 2009)  22/07/2009  Kailas
  1.  Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments (IEEE S & P 2009)  08/07/2009  Xinshu

Suggested Sources of Paper

  SOSP     OSDI    IEEE S & P     ACM CCS    NDSS  
  WWW     RAID     USENIX Security    ACSAC     INFOCOM  

Conference Paper Submisison Deadlines

Conference Submisison Date Time Conference Date Venue
ACNS 2015 23 January 2015 17:00 EST June 2-5, 2015 New York, US
USENIX 2015 23 February 2015 9:00 p.m. EST August 12-14, 2015 Washington, D.C., US
ESORICS 2015 13 April 2015 11:59 PM American Samoa time September 21-25, 2015 Vienna, Astria
ACM CCS 2015 16 May 2015 23:59 American Samoa Time October 12-16 2015 Denver, Colorado, US
RAID 2015 5 June 2015 11:59pm CEST Novermber 2-4, 2015 Kyoto, Japan
ACSAC 2015 8 June 2015 11:59pm ET December 7-11, 2015 Los Angeles, California, US
SECURECOMM 2015 20 June, 2015 11:59pm EDT October 26-29, 2015 Dallas, US
NDSS 2016 18 August 2015 06:00 am CET February 21-24, 2016 San Diego, California, US
WWW 2016 17 October, 2015 23:59 Hawaii Standard Time April 11-15, 2016 Montreal, Canada
IEEE S&P 2016 13 November, 2016 23:59:59 EST May 23-25, 2016 The Fairmont, San Jose, CA, USA
ASIACCS 2016 November 30, 2015 - May 31 - June 3, 2016 Xi'an, China


Pls send emails at: huhong AT comp DOT nus DOT edu DOT sg