Für diese Seite
The seminar covers current topics and publications in the field of
information security. This seminar has a faster pace than most seminars
and its structure differs from the (German) norm.
Students are not given one topic on which they have to prepare and present
a report near the end of the semester. Instead, all seminar participants
must read the papers assigned for each meeting and be prepared to discuss
In a round-robin fashion, students must present one of the selected papers
plus related work. Related work must be identified by the student. The
presentations can be short, ranging from 5 minutes to 20 minutes, as long
as the subsequent discussion is well-prepared and fruitful. Two papers
will be presented per session provided there are enough participants.
Each presentation must address at least the following topics about the
- What is the research question addressed by the paper?
- Does the paper clearly review what is known about its topic area?
- Does the paper motivate a real problem worth solving?
- Does the paper include a rigorous and convincing validation?
- Does the validation show gains of practical significance?
- What is the significance of the paper's contribution?
- Is the evaluation valid?
- How original is the work?
- Is the paper written clearly and concisely?
There is literature that teaches strategies how to read papers. Here is a
The discussion will depend on the type of contribution. If the
contribution is, say, a security mechanism then we will ask questions such
- Can we attack the mechanism?
- Can we improve the mechanism?
- If attacks are presented, can we defend against them?
- Is the mechanism useful in other areas and applications?
Additionally, each student must develop and present a research idea at the
end of the semester. It is not necessary to perform the actual research,
but the presentation must clearly state:
- What the addressed research question is
- What the state of the art is
- How the research expects to improve the state of the art
- How the research work would be evaluated
Time and Location
- Thursdays, 16h - 18h, Fabeckstr. 15/AGSI Lab
Students will be graded on their preparedness for discussion, their
presentations and their research proposal.
Thu Oct 22, 2009
Please read the first paper and one of the remaining ones of your choice
thoroughly, and skim the remaining papers.
- T. Wadlow and V. Gorelik. Security in the browser. CACM 52, 5 (May 2009), 40-45.
- A. Yip, N. Narula, M. Krohn and R. Morris. Privacy-preserving browser-side scripting with BFlow. In Proc. 4th European Conference on Computer Systems, April 2009, 233-246.
- C. Reis and S. D. Gribble. Isolating web programs in modern browser architectures. In Proc. 4th European Conference on Computer Systems, April 2009.
- C. Reis, A. Barth, and C. Pizano. Browser Security: Lessons from Google Chrome. ACM Queue 7, 5 (Jun. 2009), 3-8.
- H. Wang, C. Grier, A. Moshchuk, S. King, P. Choudhury and H. Venter. The Multi-Principal OS Construction of the Gazelle Web Browser. Microsoft Research, TechReport MSR-TR-2009-16.
Thu Oct 29, 2009
Please read the documents that have been published last week.
- H. Wang, C. Grier, A. Moshchuk, S. King, P. Choudhury and H. Venter. The Multi-Principal OS Construction of the Gazelle Web Browser. Proceedings of the 18th USENIX Security Symposium, 2009.
- Barth, A. and Jackson, C. and Reis, C. and Team, The Google Chrome. The Security Architecture of the Chromium Browser. Standford, Technical Report, 2008.
Read the following additional documents. Prepare a talk (5-15 minuts) to one of these documents.
- Grier, Chris and Tang, Shuo and King, Samuel T. Secure Web Browsing with the OP Web Browser. In Proceedings of the 2008 IEEE Symposium on Security and Privacy, IEEE Computer Society, Washington, DC, 2008.
- Yip, Alexander and Narula, Neha and Krohn, Maxwell and Morris, Robert. Privacy-preserving browser-side scripting with BFlow. Proceedings of the 4th ACM European conference on Computer systems, ACM, New York, 2009.
Thu Nov 12, 2009
Read the following papers and prepare a talk to EROS and a talk to DStar. Read also referenced literature.
- Shapiro, Jonathan S. and Smith, Jonathan M. and Farber, David J. EROS: a fast capability system. In Proceedings of the seventeenth ACM symposium on Operating systems principles, ACM, New York, 1999.
- Shapiro, Jonathan S. and Vanderburgh, John and Northup, Eric and Chizmadia, David. Design of the EROS trusted window system. In Proceedings of the 13th conference on USENIX Security Symposium, Usenix, 2004.
- Zeldovich, Nickolai and Boyd-Wickizer, Silas and Mazieres, David. Securing distributed systems with information flow control in Proceedings of %2Fthe 5th USENIX Symposium on Networked Systems Design and Implementation, Usenix, 2008.
Thu Nov 26, 2009
Read the following papers, referenced and referencing literature and prepare 2 talks (one to TRINC and one to BUNKER)
Thu Dec 10, 2009
Read ALL the papers from the last WSEP workshop - session privacy metrics and techniques - and prepare a disussion about ALL the metrics and techniques presented in the workshop
Thu Jan 14, 2010
Read the following papers, referenced and referencing literature and prepare 2 talks.
- Kelley, P. G., Bresee, J., Cranor, L. F., and Reeder, R. W. 2009. A "nutrition label" for privacy. In Proceedings of the 5th Symposium on Usable Privacy and Security (Mountain View, California, July 15 - 17, 2009). SOUPS '09. ACM, New York, NY, 1-12.
- Kelley, P. G. 2009. Designing a privacy label: assisting consumer understanding of online privacy practices. In Proceedings of the 27th international Conference Extended Abstracts on Human Factors in Computing Systems (Boston, MA, USA, April 04 - 09, 2009). CHI EA '09. ACM, New York, NY, 3347-3352.
Thu Jan 28, 2010
Presentation of research proposals
Thu Feb 4, 2010
Presentation of research proposals