date	topic	instr.	reading	notes
6/29/15	Introduction
7/1/15	Browser extensions		[1] [2]
7/6/15	No class
7/8/15	Browser policies		[3] [4]
7/9/15	Project proposals			make up for 7/6
7/13/15	No class
7/15/15	No class
7/20/15	Browser frames		[5] [6] [7]
7/22/15	Privacy:side channels		[8] [9]
7/23/15	Privacy:tracking, fingerpriting		[10] [11]	make up for 7/13/15
7/27/15	Network attacks		[12] [13] [14]
7/29/15	No class
7/30/15	Browser vulnerability mitigation 1		[15] [16] [17]	make up for 7/15/15
8/3/15	Browser vulnerability mitigation 2		[18] [19]
8/5/15	Quiz + heap spraying attacks
8/6/15	Project presentation			make up for 7/29/15

[1] An evaluation of the google chrome extension security architecture. [BibTeX]
Carlini Nicholas, Felt Adrienne Porter and Wagner David.
In Proceedings of the 21st USENIX Conference on Security Symposium, 2012. USENIX Association.

[2] Protecting browsers from extension vulnerabilities. [BibTeX]
Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman.
In Proceedings of the Network and Distributed System Security Symposium, 2010.

[3] Reining in the web with content security policy. [BibTeX]
Stamm Sid, Sterne Brandon and Markham Gervase.
In Proceedings of the 19th International Conference on World Wide Web, 2010.

[4] Soma: mutual approval for included content in web pages. [BibTeX]
Oda Terri, Wurster Glenn, van Oorschot P. C., and Somayaji Anil.
In Proceedings of the 15th ACM Conference on Computer and Communications Security, 2008.

[5] Busting frame busting: a study of clickjacking vulnerabilities at popular sites. [BibTeX]
Gustav Rydstedt, Elie Bursztein, Dan Boneh, and Collin Jackson.
In IEEE Oakland Web 2.0 Security and Privacy (W2SP 2010), 2010.

[6] Securing frame communication in browsers. [BibTeX]
Barth Adam, Jackson Collin and Mitchell John C..
In Proceedings of the 17th Conference on Security Symposium, 2008.

[7] The postman always rings twice: attacking and defending postmessage. [BibTeX]
Sooel Son and Vitaly Shmatikov.
In 20th Annual Network and Distributed System Security Symposium, NDSS, 2013.

[8] I still know what you visited last summer: leaking browsing history. [BibTeX]
Zachary Weinberg, Eric Yawei Chen, Pavithra Ramesh Jayaraman, and Collin Jackson.
In IEEE Symposium on Security and Privacy, S\&P, 2011.

[9] Cross-origin pixel stealing: timing attacks using css filters. [BibTeX]
Kotcher Robert, Pei Yutong, Jumde Pranjal, and Jackson Collin.
In Proceedings of the 2013 ACM SIGSAC conference on Computer and Communications Security, 2013.

[10] How unique is your web browser? [BibTeX]
Eckersley Peter.
In Proceedings of the 10th International Conference on Privacy Enhancing Technologies, pages 1–18, 2010.

[11] The web never forgets: persistent tracking mechanisms in the wild. [BibTeX]
Acar Gunes, Eubank Christian, Englehardt Steven, Juarez Marc, Narayanan Arvind, and Diaz Claudia.
In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014.

[12] Protecting browsers from dns rebinding attacks. [BibTeX]
Jackson Collin, Barth Adam, Bortz Andrew, Shao Weidong, and Boneh Dan.
In Proceedings of the 14th ACM Conference on Computer and Communications Security, 2007.

[13] Dynamic pharming attacks and locked same-origin policies for web browsers. [BibTeX]
Karlof Chris, Shankar Umesh, Tygar J. D., and Wagner David.
In Proceedings of the 14th ACM Conference on Computer and Communications Security, 2007.

[14] Pretty-bad-proxy: an overlooked adversary in browsers' https deployments. [BibTeX]
Chen Shuo, Mao Ziqing, Wang Yi-Min, and Zhang Ming.
In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, 2009.

[15] Secure web browsing with the op web browser. [BibTeX]
Grier Chris, Tang Shuo and King Samuel T..
In Proceedings of the 2008 IEEE Symposium on Security and Privacy, 2008.

[16] The security architecture of the chromium browser. [BibTeX]
Adam Barth, Charles Reis, Collin Jackson, and Google Chrome Team Google Inc..
January 2008.

[17] A safety-oriented platform for web applications. [BibTeX]
Cox Richard S., Gribble Steven D., Levy Henry M., and Hansen Jacob Gorm.
In Proceedings of the 2006 IEEE Symposium on Security and Privacy, 2006.

[18] Native client: a sandbox for portable, untrusted x86 native code. [BibTeX]
Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Orm, Shiki Okasaka, Neha Narula, Nicholas Fullagar, and Google Inc.
In Proceedings of the 2009 IEEE Symposium on Security and Privacy, 2009.

[19] Establishing browser security guarantees through formal shim verification. [BibTeX]
Jang Dongseok, Tatlock Zachary and Lerner Sorin.
In Proceedings of the 21st USENIX Conference on Security Symposium, 2012.

[1]	An evaluation of the google chrome extension security architecture. [BibTeX] Carlini Nicholas, Felt Adrienne Porter and Wagner David. In Proceedings of the 21st USENIX Conference on Security Symposium, 2012. USENIX Association.
[2]	Protecting browsers from extension vulnerabilities. [BibTeX] Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman. In Proceedings of the Network and Distributed System Security Symposium, 2010.
[3]	Reining in the web with content security policy. [BibTeX] Stamm Sid, Sterne Brandon and Markham Gervase. In Proceedings of the 19th International Conference on World Wide Web, 2010.
[4]	Soma: mutual approval for included content in web pages. [BibTeX] Oda Terri, Wurster Glenn, van Oorschot P. C., and Somayaji Anil. In Proceedings of the 15th ACM Conference on Computer and Communications Security, 2008.
[5]	Busting frame busting: a study of clickjacking vulnerabilities at popular sites. [BibTeX] Gustav Rydstedt, Elie Bursztein, Dan Boneh, and Collin Jackson. In IEEE Oakland Web 2.0 Security and Privacy (W2SP 2010), 2010.
[6]	Securing frame communication in browsers. [BibTeX] Barth Adam, Jackson Collin and Mitchell John C.. In Proceedings of the 17th Conference on Security Symposium, 2008.
[7]	The postman always rings twice: attacking and defending postmessage. [BibTeX] Sooel Son and Vitaly Shmatikov. In 20th Annual Network and Distributed System Security Symposium, NDSS, 2013.
[8]	I still know what you visited last summer: leaking browsing history. [BibTeX] Zachary Weinberg, Eric Yawei Chen, Pavithra Ramesh Jayaraman, and Collin Jackson. In IEEE Symposium on Security and Privacy, S\&P, 2011.
[9]	Cross-origin pixel stealing: timing attacks using css filters. [BibTeX] Kotcher Robert, Pei Yutong, Jumde Pranjal, and Jackson Collin. In Proceedings of the 2013 ACM SIGSAC conference on Computer and Communications Security, 2013.
[10]	How unique is your web browser? [BibTeX] Eckersley Peter. In Proceedings of the 10th International Conference on Privacy Enhancing Technologies, pages 1–18, 2010.
[11]	The web never forgets: persistent tracking mechanisms in the wild. [BibTeX] Acar Gunes, Eubank Christian, Englehardt Steven, Juarez Marc, Narayanan Arvind, and Diaz Claudia. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014.
[12]	Protecting browsers from dns rebinding attacks. [BibTeX] Jackson Collin, Barth Adam, Bortz Andrew, Shao Weidong, and Boneh Dan. In Proceedings of the 14th ACM Conference on Computer and Communications Security, 2007.
[13]	Dynamic pharming attacks and locked same-origin policies for web browsers. [BibTeX] Karlof Chris, Shankar Umesh, Tygar J. D., and Wagner David. In Proceedings of the 14th ACM Conference on Computer and Communications Security, 2007.
[14]	Pretty-bad-proxy: an overlooked adversary in browsers' https deployments. [BibTeX] Chen Shuo, Mao Ziqing, Wang Yi-Min, and Zhang Ming. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, 2009.
[15]	Secure web browsing with the op web browser. [BibTeX] Grier Chris, Tang Shuo and King Samuel T.. In Proceedings of the 2008 IEEE Symposium on Security and Privacy, 2008.
[16]	The security architecture of the chromium browser. [BibTeX] Adam Barth, Charles Reis, Collin Jackson, and Google Chrome Team Google Inc.. January 2008.
[17]	A safety-oriented platform for web applications. [BibTeX] Cox Richard S., Gribble Steven D., Levy Henry M., and Hansen Jacob Gorm. In Proceedings of the 2006 IEEE Symposium on Security and Privacy, 2006.
[18]	Native client: a sandbox for portable, untrusted x86 native code. [BibTeX] Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Orm, Shiki Okasaka, Neha Narula, Nicholas Fullagar, and Google Inc. In Proceedings of the 2009 IEEE Symposium on Security and Privacy, 2009.
[19]	Establishing browser security guarantees through formal shim verification. [BibTeX] Jang Dongseok, Tatlock Zachary and Lerner Sorin. In Proceedings of the 21st USENIX Conference on Security Symposium, 2012.