Topic 1: Cross-site scripting and web application security
|Wed Sep 23||Steve||
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
by Davide Balzarotti, Marco Cova, Vika Felmetsger, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna
IEEE Symposium on Security and Privacy 2008
|Mon Sep 28||Alex||
Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense
by Yacin Nadji, Prateek Saxena, and Dawn Song
|Wed Sep 30||Jonathan||
Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thward Cross-Site Scipritng Attacks
by Matthew Van Gundy and Hao Chen
|Mon Oct 5||Brian||
Static Enforcement of Web Application Integrity Through Strong Typing
by William Robertson and Giovanni Vigna
USENIX Security Symposium 2009
|Wed Oct 7||Yuesong||
Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers
by Mike Ter Louw and V.N. Venkatakrishnan
IEEE Symposium on Security and Privacy 2009
Topic 2: Anonymity and Privacy
|Wed Oct 14
Mon Oct 19
Overview of anonymous communication, including:
Onion Routing for Anonymous and Private Internet Connections
by David Goldschlag, Michael Reed, and Paul Syverson
Communications of the ACM, Feb 1999, pp. 39-41.
Anonymous Connections and Onion Routing
by Michael G. Reed, Paul F. Syverson, and David M. Goldschlag
IEEE Journal on Selected Areas of Communications, Vol 16, No. 4, May 1998, pp. 482-494.
Tor: The Second Generation Onion Router
by Roger Dingledine, Nick Mathewson, and Paul Syverson
USENIX Security Symposium, 2004.
|Wed Oct 21||Steve||
Data Privacy Through Optimal k-Anonymization
by Roberto J. Bayardo and Rakesh Agrawal
Proceedings of the 21st International Conference on Data Engineering, pp. 217-228.
|Mon Oct 26||Brian||
De-anonymizing Social Networks
by Arvind Narayanan and Vitaly Shmatikov
IEEE Symposium on Security and Privacy, 2009
|Wed Oct 28||Yuesong||
Building Castles out of Mud: Practical Access Pattern Privacy and Correctness on Untrusted Storage
by Peter Williams, Radu Sion, and Bogdan Carbunar
ACM CCS, 2008.
|Mon Nov 2||Alex||
Privacy-Preserving Data Mining
by Rakesh Agrawal and Ramakrishnan Srikant
ACM SIGMOD Record, Vol 29, No 2, June 2000, pp. 439-450
|Wed Nov 4||Jonathan||
Data Collection with Self-Enforcing Privacy
by Philippe Golle, Frank McSherry, and Ilya Miraonov
ACM Transactions on Information and System Security (TISSEC), Dec 2008.
Topic 3: Trusted Computing
|Mon Nov 16
Wed Nov 18
Overview of trusted computing, including:
Magic Boxes and Boots: Security in Hardware
by Sean Smith
IEEE Computer, October 2004, pp. 106-109.
A Trusted Open Platform
by Paul England, Butler Lampson, John Manferdelli, Marcus Peinado, Bryan Willman
IEEE Computer, July 2003
Design and Implementation of a TCG-based Integrity Measurement Architecture
by Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn
USENIX Security Symposium, 2004.
|Mon Nov 23||Jonathan||
Flicker: An Execution Infrastructure for TCP Minimization
by Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki
|Mon Nov 30||Yuesong||
Semantic Remote Attestation - A Virtual Machine directed approach to Trusted Computing
by Vivek Haldar, Deepak Chandra, and Michael Franz
2004 USENIX Virtual Machine Research and Technology Symposium, 2004, pp. 29-41.
|Wed Dec 2||Brian||
OSLO: Improving the security of Trusted Computing
by Bernhard Kauer
USENIX Security Symposium, 2007
|Mon Dec 7||Alex||
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
by Sebastian Gajek, Hans Lohr, Ahmad-Reza Sadeghi, and Marcel Winandy
Workshop on Scalable Trusted Computing, 2009, pp. 19-28.