University of Virginia, Department of Computer Science
cs851: Web Application Security Seminar — Spring 2007

cs851: WASS Fall 2007

Schedule

Date	Leader	Assistant	Topic	Focus Paper
Thursday, 30 August	Adrienne Felt	Pieter Hooimeijer	Mashups	Helen Wang, Xiaofeng Fan, Jon Howell, Collin Jackson. Protection and Communication Abstractions for Web Browsers in MashupOS. SOSP 2007.
Tuesday, 4 September	Yan Huang	Sudeep Ghosh	Isolation	Shuo Chen, David Ross, and Yi-Min Wang. An Analysis of Browser Domain-Isolation Bugs and A Light-Weight Transparent Defense Mechanism. ACM CCS 2007.
Thursday, 6 September	Pieter Hooimeijer	Ray Buse, Sang-Min Park	Vulnerability Analysis	Gary Wassermann and Zhendong Su. Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. PLDI 2007
Tuesday, 11 September	Krasimira Kapitanova	Isabelle Stanton	Phishing	Ian Fette, Norman Sadeh, Anthony Tomasic. Learning to Detect Phishing Emails . WWW 2007.
Thursday, 13 September	Ray Buse	Duane Merrill	Static Analysis	Benjamin Livshits and Monica S. Lam. Finding Security Vulnerabilities in Java Applications with Static Analysis. USENIX Security 2005.
Tuesday, 18 September	Blake Sutton	Kevin Binswanger	Detecting Malicious Content	Alexander Moshchuk, Tanya Bragin, Damien Deville, Steven D. Gribble, and Henry M. Levy. SpyProxy: Execution-based Detection of Malicious Web Content. USENIX Security 2007.
Thursday, 20 September	Isabelle Stanton	Krasimira Kapitanova	De-Anonymizing	Lars Backstrom, Cynthia Dwork, Jon Kleinberg. Wherefore Art Thou R3579X? Anonymized Social Networks, Hidden Patterns, and Structural Steganography. WWW 2007.
Tuesday, 25 September	Sang-Min Park	Karsten Nohl	Authorization Languages	Moritz Becker, Cedric Fournet, Andrew Gordon. Design and Semantics of a Decentralized Authorization Language. Computer Security Foundations Symposium 2007. [SecPAL Page]
Thursday, 27 September	Chris Sosa	Blake Sutton	Covert Data	Arati Baliga, Joe Kilian and Liviu Iftode. A Web Based Covert File System. HotOS 2007.
Tuesday, 2 October	Duane Merrill	Hong Pham	Search Privacy	Yabo Xu, Benyu Zhang, Zheng Chen, Ke Wang. Privacy-Enhancing Personalized Web Search. WWW 2007.
Thursday, 4 October	Project Idea Presentations
Tuesday, 9 October	Reading Day (No Class)
Thursday, 11 October	Hong Pham	Adrienne Felt	Information Leaks	Andrew Bortz, Dan Boneh, Palash Nandy. Exposing Private Information by Timing Web Applications. WWW 2007.
Tuesday, 16 October	Project Proposals Due (beginning of class)
Tuesday, 16 October	Sudeep Ghosh	Chris Sosa	Tainting	Wei Xu, Sandeep Bhatkar, and R. Sekar. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks. 15th USENIX Security Symposium, Vancouver, BC, Canada, August 2006.
Thursday, 18 October	Kevin Binswanger	Yan Huang	Blog Spam	Gilad Mishne, David Carmel, Ronny Lempel. Blocking Blog Spam with Language Model Disagreement. AIRWeb 2005.
Tuesday, 23 October	Steve Baker		Steganalysis	Y. Wang and P. Moulin. Optimized Feature Extraction for Learning-Based Image Steganalysis. IEEE Trans. Information Forensics and Security, Vol. 2, No. 1, March 2007.
Thursday, 25 October	Working meeting for debate group preparation
Tuesday, 30 October	No Meeting (ACM CCS)
Thursday, 1 November	No Meeting (ACM CCS)
Tuesday, 6 November	Googlization Debate
Thursday, 8 November	Network Neutrality Debate
Tuesday, 13 November	Guest: Douglas Szajda, University of Richmond		Securing Distributed Computations
Thursday, 15 November	Guest: Lorenzo Cavallaro, Universita degli Studi di Milano		Diversity Defenses	Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi. Diversified Process Replicae for Defeating Memory Error Exploits. WIA 2007.
Tuesday, 20 November	Guest: Jon McCune, CMU		Minimal TCB Code Execution	Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri. Minimal TCB Code Execution (Extended Abstract). IEEE Symposium on Security and Privacy, May 2007.
Thursday, 22 November	Thanksgiving Holiday (No Class)
Thursday, 29 November	Project Presentations (Pieter Hooimeijer, Isabelle Stanton, Duane Merrill)
Tuesday, 4 December	Project Presentations (Hong Pham, Blake Sutton/Chris Sosa, Kevin Binswanger, Sudeep Ghosh, Adrienne Felt)
Thursday, 6 December	Project Presentations (Steven Baker, Krasimira Kapitanova, Yan Huang, Ray Buse, Sang-Min Park)
Monday, 10 December	Project Reports Due (11:59pm)