16:198:500:01: Light Seminar

Reading List for the Course

This webpage lists the papers that we will discuss over the course of the semester. We will proceed in roughly the order that papers appear on this list, and read one or two papers a week. For a detailed class schedule, please consult the course webpage.

In most cases, the links below point to the official versions (e.g., the ACM, IEEE or USENIX version) of the paper. You can use a Rutgers University machine to access these papers.

• Secure Web Browsing with the OP Web Browser
  Grier, Tang and King
  Oakland 2008

• Google Chrome
  Google chrome cartoon book.

• A Safety Oriented Platform for Web Applications
  Cox, Hansen, Gribble and Levy
  Oakland 2006

• Protecting Browsers from DNS Rebinding Attacks
  Jackson, Barth, Bortz, Shao and Boneh
  CCS 2007

• Defeating Script Injection Attacks with Browser-Enforced Embedded Policies
  Jim, Swamy and Hicks
  WWW 2006

• Dynamic Pharming Attacks and the Locked Same-origin Policies for Web Browsers
  Karlof, Tyger, Wagner and Shankar
  CCS 2007

• ForceHTTPS Cookies: A Defense Against Pharming and Eavesdropping
  Jackson and Barth
  WWW 2008

• All your iFrames Point to Us
  Provos, Mavrommatis, Rajab and Monrose
  USENIX Security 2008

• Automated Web Patrol with Strider HoneyMonkeys
  Wang, Beck, Jiang, Roussev, Verbowski, Chen and King
  NDSS 2006

• Securing Frame Communication in Browsers
  Barth, Jackson and Mitchell
  USENIX Security 2008

• Robust Defenses for Cross-Site Request Forgery
  Barth, Jackson and Mitchell
  CCS 2008

• Caja: Safe Active Content in Sanitized Javascript
  Miller, Samuel, Laurie, Awad and Stay
  Google Caja Specification Document

• Javascript Instrumentation for Browser Security
  Yu, Chander, Islam, Serikov
  POPL 2007

• BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML
  Reis, Dunagan, Wang, Dubrovsky and Esmeir
  OSDI 2006

• Protection and Communication Abstractions for Web Browsers in MashupOS
  Wang, Fan, Howell and Jackson
  SOSP 2007

• SMASH: Secure Component Model for Cross-Domain Mashups on Unmodified Browsers
  Keukelaere, Bhola, Steiner, Chari, Yoshihama
  WWW 2008

• Subspace: Secure Cross-Domain Communication for Web Browsers
  Jackson and Wang
  WWW 2007

• Stronger Password Authentication using Browser Extensions
  Ross, Jackson, Miyake, Boneh and Mitchell
  USENIX Security 2005

• The Battle Against Phishing: Dynamic Security Skins
  Dhamija and Tygar
  SOUPS 2005

• Doppelganger: Better Browser Privacy without the Bother
  Shankar, Karlof and Wagner
  CCS 2006

• Protecting Browser State from Web Privacy Attacks
  Jackson, Bortz, Boneh and Mitchell
  WWW 2006

• Fable: A Language for Enforcing User-defined Security Policies
  Swamy, Corcoran and Hicks
  Oakland 2008

• SIF: Enforcing Confidentiality and Integrity in Web Applications
  Chong, Vikram and Myers
  USENIX Security 2007

• Secure Web Applications via Automatic Partitioning
  Chong, Liu, Myers, Qi, Vikram, Zheng and Zheng
  SOSP 2007