CSE 291

Spring 2008: CSE 291 Javascript and Web-Application Security

Time: M,W 3:00-4:20p, Place: CSE 2109, Section: #620778

Instructor: Ranjit Jhala (jhala@cs.ucsd.edu), Office Hours: M 4:30 - 5:30p, CSE 3110

Description

Do you shudder every time you have to enter your SSN into a browser pane ? Computation and interaction is increasingly mediated by web-browsers running applications written in poorly understood languages, talking servers scattered across the globe. The goal of this seminar class is to understand some of the key issues in designing, implementing and analyzing modern web applications to ensure some level of security and confidentiality. To this end, we will read recent papers on the following topics related to the security of web-applications.

PL Design and Semantics
Run-time Monitoring
System Architecture
Information Flow
Static Analysis
Browser Security

Reading List

Date	Presenter	Paper	Notes	Slides
Mon 4/7	Organizational Meeting
Wed 4/9	Ranjit Jhala	Thiemann ESOP 05	txt	pdf txt
Mon 4/14	Ming Kawaguchi	Yu, Chander, Islam, Serikov POPL 07	txt	pdf
Wed 4/16	Pat Rondon	Chong et al. Usenix Security 07, Chong et al. SOSP 07	txt	pdf
Mon 4/21	Zach Tatlock	Zeldovich et al. OSDI 06 Zeldovich et al. NSDI 08	txt	pdf
Wed 4/23	Ming Kawaguchi	McCamant, Ernst PLDI 08
Mon 4/28	Ravi Chugh	Xie, Aiken USENIX Security 06	txt	pdf
Wed 4/30	Jan Voung	Wasserman, Su PLDI 07	txt	pdf
Mon 5/5	Scott Yilek	Cova et al. Oakland 08	txt	pdf
Wed 5/7	Zach Tatlock	Chen et al Oakland 07	txt	pdf
Mon 5/12	Ravi Chugh	Wang et al. SOSP 07	txt	pdf
Wed 5/14	A.P.	Reis et al. OSDI 06	txt	pdf
Mon 5/19	Jan Voung	Grier et al. Oakland 08	txt	pdf
Wed 5/21	Scott Yilek	Jim et al. WWW 07	txt	pdf
Wed 5/28	Nathan Goulding	Wang et al. NDSS 06	txt	pdf
Mon 6/2	Diwaker Gupta	Kiciman, Livshits SOSP 07
Wed 6/4	Avinash Vyas	Jackson et al. WWW 06, Bortz, Boneh, Nandy WWW 07 .

Requirements and Grading

Present upto two papers and lead subsequent discussion. (70%)
Class participation (15%)
Paper notes (15%)

Seminar Organization

Each class meeting of 80 minutes will be divided into two parts. First, a student will give a talk lasting about 60 minutes presenting a recent technical paper in detail. In questions during the talk, and in the final 20 minutes, all seminar participants will discuss the paper and the issues raised by it. In the first week, we will make a schedule of papers and presentations for the whole quarter. With around 10 participants, each student will make two separate presentations. The procedure for each presentation is as follows.

Presenter: Each presentation should be prepared using LaTeX or Powerpoint. You should copy equations, figures, charts, and tables as necessary from the paper for the presentation. Presentations will be evaluated, in a friendly way but with high standards. You will primarily be evaluated on how well you can communicate the important ideas in the paper to the class -- and are encouraged to at least present a few crisp examples that illustrates the ideas in the paper. However, you will have 60 minutes and so the key technical ideas must come across.
- Ten days in advance : Finish a draft of 25 to 30 slides that present clearly the work in the paper. Make an appointment with the instructor to discuss the draft slides. Email the slides to jhala@cs
- Five days in advance : Meet for 30 to 60 minutes to discuss improving the slides, and how to give a good presentation.
- Day of presentation : Give a good presentation with confidence, enthusiasm, and clarity. After the presentation, email the slides (PPT or PDF) to the instructor.
Others: Everyone is required to read the paper before class. For each paper, you have to email the instructor your notes, which will be put on a UCSD-only web page. The notes should include:
- One limitation of the paper
- One concrete suggestion for future work
Neither of the above should be explicitly mentioned in the paper.