Schedule & Readings
You are usually only required to read one paper for each class. Any additional papers listed are optional.
Check back regularly for updates to the schedule.
unit | date | topic | instr. | reading | notes | Unit 1: Introduction |
1/16/17 | Introduction I | ||||
1/18/17 | Introduction II | Unit 2: Browser Components | |||
1/23/17 | Policies | [1] [2] [3] | |||
1/25/17 | Frames | [4] [5] [6] | |||
1/30/17 | Cookies | [7] | Unit 3: Better browser architecture | ||
2/1/17 | Browser vulnerability mitigation I | [8] [9] | HW1 out | ||
2/6/17 | Browser vulnerability mitigation II | [10] [11] | |||
2/8/17 | Isolation and sandboxing | [12] [13] | Spectre and Meltdown | Unit 4: Project | |
2/13/17 | Project proposal | ||||
2/15/17 | Project proposal | HW1 due | Unit 5: Extensions | ||
2/20/17 | Browser extension architecture | [14] [15] | Security indicators in browsers (teach in SV) | ||
2/22/17 | Test 1 | HW2 out | |||
2/27/17 | Extension Vulnerabilities | [16] [17] [18] | Security issues of HTML5 local storage | Unit 6: Privacy | |
3/1/17 | Tracking | [19] [20] [21] | Private browsing mode (SV) | ||
3/6/17 | Browser fingerprinting | [22] [23] | Do Not Track (SV) | Unit 7: Other vulnerabilities | |
3/8/17 | Heap spray attacks | [24] [25] | HW2 due , HW3 out | ||
3/13/17 | No class, spring break | ||||
3/15/17 | No class, spring break | ||||
3/20/17 | Midterm project presentation | ||||
3/22/17 | Midterm project presentation | ||||
3/27/17 | Protocol attack 1 | [26] [27] | Attacks through Scalable Vector Graphics (SVG) and Explaining DNS rebinding attacks (SV) | ||
3/29/17 | Protocol attack 2 | [28] | HTTPS traffic interception (SV) | Unit 8: Information flow browsers | |
4/3/17 | Flowfox | [29] | Malvertising | ||
4/5/17 | Taint tracking | [30] [31] | Address bar spoofing on mobile browsers on Android | ||
4/10/17 | Information flow browsers | [32] [33] | BeEF the Browser Exploitation Framework | Unit 9: Advanced topics | |
4/12/17 | Formal models and verification | [34] | Angler exploit kit | ||
4/17/17 | Test 2 | ||||
4/19/17 | no class, carnival | ||||
4/24/17 | Presentations | Web cloaking, High-profile spear-phishing attacks,NSAs FOXACID project,Browser Wars,Domain Fronting | |||
4/26/17 | Leveraging Browser Infrastructure to Improve Security | [35] [36] | Guest Lecture | Unit 10: Wrapping up | |
5/1/17 | Project presentation | ||||
5/3/17 | Project presentation |