Schedule & Readings
You are usually only required to read one paper for each class. Any additional papers listed are optional.
Check back regularly for updates to the schedule.
unit | date | topic | instr. | reading | notes | Unit 1: Introduction |
1/15/19 | Introduction I | ||||
1/17/19 | Introduction II | Unit 2: Browser Components | |||
1/22/19 | Policies | [1] [2] [3] | |||
1/24/19 | Frames | [4] [5] [6] | Presentation sign up due 1/25 | ||
1/29/19 | Cookies | [7] | Unit 3: Better browser architecture | ||
1/31/19 | Browser vulnerability mitigation I | [8] [9] | HW1 out. Project sign up due. | ||
2/5/19 | Browser vulnerability mitigation II | [10] [11] | Web cloaking | ||
2/7/19 | Isolation and sandboxing | [12] [13] | Ransomware | Unit 4: Project | |
2/12/19 | Project proposal | ||||
2/14/19 | Project proposal | HW1 due | Unit 5: Extensions | ||
2/19/19 | Browser extension architecture | [14] [15] | Attacks through Scalable Vector Graphics (SVG) | ||
2/21/19 | Test 1 | HW2 out | |||
2/26/19 | Extension Vulnerabilities | [16] [17] [18] | Exploiting extension resources control | Unit 6: Privacy | |
2/28/19 | Tracking | [19] [20] [21] | Private browsing mode | ||
3/5/19 | Browser fingerprinting | [22] [23] [24] | Reflected File Download attack | Unit 7: Web protocol vulnerabilities | |
3/7/19 | Protocol attack 1 | [25] [26] | Domain fronting, HW2 due , HW3 out | ||
3/12/19 | No class, spring break | ||||
3/14/19 | No class, spring break | ||||
3/19/19 | Midterm project presentation | ||||
3/21/19 | Midterm project presentation | ||||
3/26/19 | Protocol attack 2 | [27] | How browsers implement certificate revocation | ||
3/28/19 | Protocol attack 3 | [28] | HTTPS traffic interception | Unit 8: Browser as security infrastructure | |
4/2/19 | Taint tracking | [29] [30] | Style Sheet Injection | ||
4/4/19 | Flowfox | [31] | How Spectre and Meltdown affect browsers | ||
4/9/19 | Test 2 | ||||
4/11/19 | no class, carnival | [32] | |||
4/16/19 | Heap spray attacks and defenses | [33] [34] | Unit 9: Advanced topics | ||
4/18/19 | Formal models and verification | [32] | Security issues of HTML5 local storage | ||
4/23/19 | Presentations | Malvertising, High-profile spear-phishing attacks, Address bar spoofing on mobile browsers on Android, Domain name hijacking, ReDoS Vulnerabilities in JavaScript-based Web Servers, | |||
4/25/19 | Presentations and wrap up | Domain parking | Unit 10: Wrapping up | ||
4/30/19 | Project presentation | ||||
5/2/19 | Project presentation |