Security Reading Group

Instructors: Juan Caballero and Boris Köpf
Meets: Tuesdays at 11:00 - 12:45 (The first class will be on September 13th)
Location:Room 3307,the IMDEA Software Conference Room
Mailing list: We will soon reveal how to sign up for the SRG mailing list

Course Description

The Security Reading Group is part of the UPM / IMDEA Track in Software Development through Rigorous Methods, a specialization of the Master on Software and Systems at UPM.
The aim of the security reading group is to provide an academic environment for lively and interactive discussion on security research papers.
The security reading group introduces students to key security topics in an environment where students can develop their critical reading, discussion, and presentation skills.
The Security Reading Group is open to all participants, regardless if they are registered in the course.

Course Structure

Before each session, students will have to read the assigned papers (at least one, possibly two) and submit a one-page reading critique for each paper.
The reading critique has a maximum length of 1 page and needs to include a couple of paragraphs summarizing the paper, 3 positive aspects of the paper, and 3 constructive criticisms of the paper.
The reading critiques are expected to show that the student understands the contributions, as well as the limitations of the solutions proposed in the paper.
Each paper will be presented by a student or an invited speaker. The presentations will typically last 25-30 minutes and will be followed by questions and a discussion about the paper.

In addition, we will feature one conference rump session, where each person attending the session (regardless if a student)
will select a paper from a previously selected and recent security conference and present it in 7 minutes, followed by a 5 minute discussion about the paper.
We may also feature an improv presentation session, which Boris promises will be fun! (more details later in the semester)


Students will be graded on the basis of the quality of their presentations, the degree and quality of their participation in the discussions, and their reading critiques.
Students are expected to be active participants in the discussions.


The academic calendar for the MUSS Master is available here
Sep. 13thIntroductionBoris, JuanSmall Guide to Giving Presentations;Reading a Computer Science Research Paper
Sep. 27thApplied CryptographyFederico, Juan ManuelOverview of Cryptography; Remote timing attacks are practical
Oct. 11thSoftware SecurityAli, ShivaSmashing the Stack for Fun and Profit; Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense; (Optional) Reflections on Trusting Trust
Oct. 25thRump Session (CCS 2011)EveryoneSelect one from the CCS 2011 technical program
Nov. 15thLanguage-Based SecurityFederico, ShivaProof Carrying Code;Quantitative Information Flow as Network Flow Capacity
Nov. 29thNetwork SecurityAli, Claudio SorienteRobust Defenses for Cross-Site Request Forgery; (Optional) PEPSI---privacy-enhanced participatory sensing infrastructure
Dec. 20thSystems/OS SecurityJuan Manuel, invited speakerMaking Information Flow Explicit in HiStar