Presentation/Topic Schedule
Topic 1: Cross-site scripting and web application security
| Date | Presenter | Paper/Topic |
| Wed Sep 23 | Steve |
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
by Davide Balzarotti, Marco Cova, Vika Felmetsger, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna IEEE Symposium on Security and Privacy 2008 |
| Mon Sep 28 | Alex |
Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense
by Yacin Nadji, Prateek Saxena, and Dawn Song NDSS 2009 |
| Wed Sep 30 | Jonathan |
Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thward Cross-Site Scipritng Attacks
by Matthew Van Gundy and Hao Chen NDSS 2009 |
| Mon Oct 5 | Brian |
Static Enforcement of Web Application Integrity Through Strong Typing
by William Robertson and Giovanni Vigna USENIX Security Symposium 2009 |
| Wed Oct 7 | Yuesong |
Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers
by Mike Ter Louw and V.N. Venkatakrishnan IEEE Symposium on Security and Privacy 2009 |
Topic 2: Anonymity and Privacy
| Date | Presenter | Paper/Topic |
| Wed Oct 14 Mon Oct 19 |
Steve |
Overview of anonymous communication, including:
Onion Routing for Anonymous and Private Internet Connections by David Goldschlag, Michael Reed, and Paul Syverson Communications of the ACM, Feb 1999, pp. 39-41. Anonymous Connections and Onion Routing by Michael G. Reed, Paul F. Syverson, and David M. Goldschlag IEEE Journal on Selected Areas of Communications, Vol 16, No. 4, May 1998, pp. 482-494. Tor: The Second Generation Onion Router by Roger Dingledine, Nick Mathewson, and Paul Syverson USENIX Security Symposium, 2004. |
| Wed Oct 21 | Steve |
Data Privacy Through Optimal k-Anonymization
by Roberto J. Bayardo and Rakesh Agrawal Proceedings of the 21st International Conference on Data Engineering, pp. 217-228. |
| Mon Oct 26 | Brian |
De-anonymizing Social Networks
by Arvind Narayanan and Vitaly Shmatikov IEEE Symposium on Security and Privacy, 2009 |
| Wed Oct 28 | Yuesong |
Building Castles out of Mud: Practical Access Pattern Privacy and Correctness on Untrusted Storage
by Peter Williams, Radu Sion, and Bogdan Carbunar ACM CCS, 2008. |
| Mon Nov 2 | Alex |
Privacy-Preserving Data Mining
by Rakesh Agrawal and Ramakrishnan Srikant ACM SIGMOD Record, Vol 29, No 2, June 2000, pp. 439-450 |
| Wed Nov 4 | Jonathan |
Data Collection with Self-Enforcing Privacy
by Philippe Golle, Frank McSherry, and Ilya Miraonov ACM Transactions on Information and System Security (TISSEC), Dec 2008. |
Topic 3: Trusted Computing
| Date | Presenter | Paper/Topic |
| Mon Nov 16 Wed Nov 18 |
Steve |
Overview of trusted computing, including:
Magic Boxes and Boots: Security in Hardware by Sean Smith IEEE Computer, October 2004, pp. 106-109. A Trusted Open Platform by Paul England, Butler Lampson, John Manferdelli, Marcus Peinado, Bryan Willman IEEE Computer, July 2003 Design and Implementation of a TCG-based Integrity Measurement Architecture by Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn USENIX Security Symposium, 2004. |
| Mon Nov 23 | Jonathan |
Flicker: An Execution Infrastructure for TCP Minimization
by Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki EuroSys, 2008 |
| Mon Nov 30 | Yuesong |
Semantic Remote Attestation - A Virtual Machine directed approach to Trusted Computing
by Vivek Haldar, Deepak Chandra, and Michael Franz 2004 USENIX Virtual Machine Research and Technology Symposium, 2004, pp. 29-41. |
| Wed Dec 2 | Brian |
OSLO: Improving the security of Trusted Computing
by Bernhard Kauer USENIX Security Symposium, 2007 |
| Mon Dec 7 | Alex |
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
by Sebastian Gajek, Hans Lohr, Ahmad-Reza Sadeghi, and Marcel Winandy Workshop on Scalable Trusted Computing, 2009, pp. 19-28. |