CSC 680: Advanced Topics in Computer Security
Presentation/Topic Schedule

Topic 1: Cross-site scripting and web application security

Date Presenter Paper/Topic
Wed Sep 23 Steve
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
by Davide Balzarotti, Marco Cova, Vika Felmetsger, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna
IEEE Symposium on Security and Privacy 2008
Mon Sep 28 Alex
Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense
by Yacin Nadji, Prateek Saxena, and Dawn Song
NDSS 2009
Wed Sep 30 Jonathan
Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thward Cross-Site Scipritng Attacks
by Matthew Van Gundy and Hao Chen
NDSS 2009
Mon Oct 5 Brian
Static Enforcement of Web Application Integrity Through Strong Typing
by William Robertson and Giovanni Vigna
USENIX Security Symposium 2009
Wed Oct 7 Yuesong
Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers
by Mike Ter Louw and V.N. Venkatakrishnan
IEEE Symposium on Security and Privacy 2009

Topic 2: Anonymity and Privacy

Date Presenter Paper/Topic
Wed Oct 14
Mon Oct 19
Overview of anonymous communication, including:
Onion Routing for Anonymous and Private Internet Connections
by David Goldschlag, Michael Reed, and Paul Syverson
Communications of the ACM, Feb 1999, pp. 39-41.

Anonymous Connections and Onion Routing
by Michael G. Reed, Paul F. Syverson, and David M. Goldschlag
IEEE Journal on Selected Areas of Communications, Vol 16, No. 4, May 1998, pp. 482-494.

Tor: The Second Generation Onion Router
by Roger Dingledine, Nick Mathewson, and Paul Syverson
USENIX Security Symposium, 2004.
Wed Oct 21 Steve
Data Privacy Through Optimal k-Anonymization
by Roberto J. Bayardo and Rakesh Agrawal
Proceedings of the 21st International Conference on Data Engineering, pp. 217-228.
Mon Oct 26 Brian
De-anonymizing Social Networks
by Arvind Narayanan and Vitaly Shmatikov
IEEE Symposium on Security and Privacy, 2009
Wed Oct 28 Yuesong
Building Castles out of Mud: Practical Access Pattern Privacy and Correctness on Untrusted Storage
by Peter Williams, Radu Sion, and Bogdan Carbunar
ACM CCS, 2008.
Mon Nov 2 Alex
Privacy-Preserving Data Mining
by Rakesh Agrawal and Ramakrishnan Srikant
ACM SIGMOD Record, Vol 29, No 2, June 2000, pp. 439-450
Wed Nov 4 Jonathan
Data Collection with Self-Enforcing Privacy
by Philippe Golle, Frank McSherry, and Ilya Miraonov
ACM Transactions on Information and System Security (TISSEC), Dec 2008.

Topic 3: Trusted Computing

Date Presenter Paper/Topic
Mon Nov 16
Wed Nov 18
Overview of trusted computing, including:
Magic Boxes and Boots: Security in Hardware
by Sean Smith
IEEE Computer, October 2004, pp. 106-109.

A Trusted Open Platform
by Paul England, Butler Lampson, John Manferdelli, Marcus Peinado, Bryan Willman
IEEE Computer, July 2003

Design and Implementation of a TCG-based Integrity Measurement Architecture
by Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn
USENIX Security Symposium, 2004.
Mon Nov 23 Jonathan
Flicker: An Execution Infrastructure for TCP Minimization
by Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki
EuroSys, 2008
Mon Nov 30 Yuesong
Semantic Remote Attestation - A Virtual Machine directed approach to Trusted Computing
by Vivek Haldar, Deepak Chandra, and Michael Franz
2004 USENIX Virtual Machine Research and Technology Symposium, 2004, pp. 29-41.
Wed Dec 2 Brian
OSLO: Improving the security of Trusted Computing
by Bernhard Kauer
USENIX Security Symposium, 2007
Mon Dec 7 Alex
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
by Sebastian Gajek, Hans Lohr, Ahmad-Reza Sadeghi, and Marcel Winandy
Workshop on Scalable Trusted Computing, 2009, pp. 19-28.