University of Virginia, Department of Computer Science
cs851: Web Application Security Seminar — Spring 2007
cs851: WASS Fall 2007


DateLeaderAssistantTopicFocus Paper
Thursday, 30 August Adrienne FeltPieter HooimeijerMashups Helen Wang, Xiaofeng Fan, Jon Howell, Collin Jackson. Protection and Communication Abstractions for Web Browsers in MashupOS. SOSP 2007.
Tuesday, 4 September Yan Huang Sudeep Ghosh Isolation Shuo Chen, David Ross, and Yi-Min Wang. An Analysis of Browser Domain-Isolation Bugs and A Light-Weight Transparent Defense Mechanism. ACM CCS 2007.
Thursday, 6 September Pieter Hooimeijer Ray Buse, Sang-Min Park Vulnerability Analysis Gary Wassermann and Zhendong Su. Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. PLDI 2007
Tuesday, 11 September Krasimira Kapitanova Isabelle Stanton Phishing Ian Fette, Norman Sadeh, Anthony Tomasic. Learning to Detect Phishing Emails . WWW 2007.
Thursday, 13 September Ray Buse Duane Merrill Static Analysis Benjamin Livshits and Monica S. Lam. Finding Security Vulnerabilities in Java Applications with Static Analysis. USENIX Security 2005.
Tuesday, 18 September Blake Sutton Kevin Binswanger Detecting Malicious Content Alexander Moshchuk, Tanya Bragin, Damien Deville, Steven D. Gribble, and Henry M. Levy. SpyProxy: Execution-based Detection of Malicious Web Content. USENIX Security 2007.
Thursday, 20 September Isabelle Stanton Krasimira Kapitanova De-Anonymizing Lars Backstrom, Cynthia Dwork, Jon Kleinberg. Wherefore Art Thou R3579X? Anonymized Social Networks, Hidden Patterns, and Structural Steganography. WWW 2007.
Tuesday, 25 September Sang-Min Park Karsten Nohl Authorization Languages Moritz Becker, Cedric Fournet, Andrew Gordon. Design and Semantics of a Decentralized Authorization Language. Computer Security Foundations Symposium 2007. [SecPAL Page]
Thursday, 27 September Chris Sosa Blake Sutton Covert Data Arati Baliga, Joe Kilian and Liviu Iftode. A Web Based Covert File System. HotOS 2007.
Tuesday, 2 October Duane Merrill Hong Pham Search Privacy Yabo Xu, Benyu Zhang, Zheng Chen, Ke Wang. Privacy-Enhancing Personalized Web Search. WWW 2007.
Thursday, 4 October Project Idea Presentations
Tuesday, 9 October Reading Day (No Class)
Thursday, 11 October Hong Pham Adrienne Felt Information Leaks Andrew Bortz, Dan Boneh, Palash Nandy. Exposing Private Information by Timing Web Applications. WWW 2007.
Tuesday, 16 October Project Proposals Due (beginning of class)
Tuesday, 16 October Sudeep Ghosh Chris Sosa Tainting Wei Xu, Sandeep Bhatkar, and R. Sekar. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks. 15th USENIX Security Symposium, Vancouver, BC, Canada, August 2006.
Thursday, 18 October Kevin Binswanger Yan Huang Blog Spam Gilad Mishne, David Carmel, Ronny Lempel. Blocking Blog Spam with Language Model Disagreement. AIRWeb 2005.
Tuesday, 23 October Steve Baker   Steganalysis Y. Wang and P. Moulin. Optimized Feature Extraction for Learning-Based Image Steganalysis. IEEE Trans. Information Forensics and Security, Vol. 2, No. 1, March 2007.
Thursday, 25 October Working meeting for debate group preparation
Tuesday, 30 October No Meeting (ACM CCS)
Thursday, 1 November No Meeting (ACM CCS)
Tuesday, 6 November Googlization Debate
Thursday, 8 November Network Neutrality Debate
Tuesday, 13 November Guest: Douglas Szajda, University of Richmond   Securing Distributed Computations  
Thursday, 15 November Guest: Lorenzo Cavallaro, Universita degli Studi di Milano   Diversity Defenses Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi. Diversified Process Replicae for Defeating Memory Error Exploits. WIA 2007.
Tuesday, 20 November Guest: Jon McCune, CMU   Minimal TCB Code Execution Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri. Minimal TCB Code Execution (Extended Abstract). IEEE Symposium on Security and Privacy, May 2007.
Thursday, 22 November Thanksgiving Holiday (No Class)
Thursday, 29 November Project Presentations (Pieter Hooimeijer, Isabelle Stanton, Duane Merrill)
Tuesday, 4 December Project Presentations (Hong Pham, Blake Sutton/Chris Sosa, Kevin Binswanger, Sudeep Ghosh, Adrienne Felt)
Thursday, 6 December Project Presentations (Steven Baker, Krasimira Kapitanova, Yan Huang, Ray Buse, Sang-Min Park)
Monday, 10 December Project Reports Due (11:59pm)