Proseminar System Security

The central topic of this seminar are security papers presented at top conferences around the topic of web security.

The seminar is expected to take place as a block seminar at the end of the lecture period.

The students work in pairs (groups of two people) on one topic. 

Topics

  1. Abusing Hidden Properties to Attack the Node.js Ecosystem
  2. Detecting stuffing of a user’s credentials at her own accounts
  3. LZR: Identifying Unexpected Internet Services
  4. Reining in the Web’s Inconsistencies with Site Policy
  5. XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
  6. Saphire: Sandboxing PHP Applications with Tailored System Call Allowlists
  7. SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web
  8. Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors
  9. Geneva: Evolving Censorship Evasion Strategies
  10. JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals

Dates & Deadlines

  • First week: distribution of topics (see above).
  • 19.5.: Submission deadline for preliminary seminar thesis version (at least 5 pages of text; excluding title page, table of contents, references, figures, ...) describing the main paper problem AND briefly describe 2 related papers citing your paper.
  • 26.6.: Submission deadline for the final seminar thesis.
  • 7.7.: Submission deadline for the reviews.
  • 11.7.: Submission deadline for your presentation slides (you can still change your slides a bit before the talk).
  • 12.7. 9:00-14:30: Block Seminar, Presentation of your work.
  • 23.7.: Submission deadline for the final graded version of the seminar thesis.

The seminar will be organized over Panda. Deadlines are till the end of the day (23:59 local time/as according to Panda).

Meetings

We will have five meetings in FU.511, with different topics which will (hopefully) be helpful for you to pass the seminar:

  • 14.4. 10:15 Introduction
  • 21.4. 9:15 Research Skills
  • 28.4. 9:15 Writing Skills
  • 23.6. 9:15 Review Skills
  • 30.6. 9:15 Presentation Skills

Grading and Demands

The final grade consists of your review (10%), your presentation (30%), and your paper (60%). Additionally, you must meet all deadlines. There are no individual grades, you are graded as a group. If you have issues with the work of your partner, please contact us as soon as possible.

Presentation

20 minutes presentation. 5 minutes discussion and questions.

The best presentation will be awarded! More information will be given in the first meeting.

Seminar Thesis

Essay written according to the standards of a scientific paper. It MUST be written using our LaTeX template (unchanged). We expect around 15 pages of content, the hard lower limit is 9 pages of pure text (excluding figures, tables, etc).

Reviews

We will follow a peer review procedure similar to scientific publications:

  • You submit your thesis (paper) at Panda
  • Some (2) peers (other students) review your submission:
    • Read and understand the submitted paper
    • Criticize your paper
    • Make recommendations on how to improve
    • Be honest, polite, and helpful when writing your reviews
  • The reviews you write will influence your final grade
  • The reviews you receive will not influence your final grade (but you should address/apply them in your final version)
  • Each student has to write 1 reviews (1-2 pages)