|Oct 1||Overview and Introduction
How to Read a Paper by S. Keshav
The Rise of Worse is Better by R. P. Gariel
|Oct 3||How Memory Safety Violations Enable Exploitation of Programs by M. Payer
A Modern History of Offensive Security Research by D. Dai Zovi
See also: Low-Level Software Security by Example by U. Erlingssona et al.
|Oct 8 1||Control-Flow Integrity: Precision, Security, and Performance by N. Burow et al.
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity by N. Carlini et al.
|Oct 10||Principles and Implementation Techniques of Software-Based Fault Isolation by G. Tan
Bringing the Web up to Speed with WebAssembly by A. Haas et al.
|Oct 15 2||Beware of Finer-Grained Origins by C. Jackson and A. Barth
Securing Frame Communication in Browsers by A. Barth et al.
Chromium's design documents on Site Isolation and Cross-Origin Read Blocking
The Web Origin Concept by A. Barth
|Oct 17||Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers by M. T. Louw and V.N. Venkatakrishnan
Robust Defenses for Cross-Site Request Forgery by A. Barth et al.
Using positive tainting and syntax-aware evaluation to counter SQL injection attacks by W. G. J. Halfond et al.
|Oct 22||CSP is dead, long live CSP! On the insecurity of whitelists and the future of content security policy by L. Weichselbaum et al.
|Oct 24||Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies by G. Franken et al.
An Analysis of Private Browsing Modes in Modern Browsers by G. Aggarwal et al.
Browser History re:visited by M. Smith et al.
|Oct 29||Trusted Browsers for Uncertain Times by D. Kohlbrenner and H. Shacham
The Design and Implementation of the Tor Browser by M. Perry
|Oct 31||Spectre Attacks: Exploiting Speculative Execution by P. Kocher et al.
Meltdown: Reading Kernel Memory from User Space by M. Lipp et al.
Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution by J. Van Bulck et al.
|Nov 5||Hyperflow: A Processor Architecture for Nonmalleable, Timing-Safe Information-Flow Security by A. Ferraiuolo et al.
GhostRider: A Hardware-Software System for Memory Trace Oblivious Computation by C. Liu et al.
|Nov 7||A Survey of Symbolic Execution Techniques by R. Baldoni et al.
Under-Constrained Symbolic Execution: Correctness Checking for Real Code by D. A. Ramos and D. Engler
SAGE: Whitebox Fuzzing for Security Testing by P. Godefroid et al.
|Nov 19||AEG: Automatic Exploit Generation by T. Avgerinos et al.
NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications by A. Alhuzali et al.
Driller: Augmenting Fuzzing Through Selective Symbolic Execution by N. Stephens et al.
|Nov 26||Docker ecosystem–Vulnerability Analysis by A. Martin et al.
A Look In the Mirror: Attacks on Package Managers by J. Cappos et al.
|Nov 28||CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds by K. Nikitin et al.
Contour: A Practical System for Binary Transparency by M. Al-Bassam and S. Meiklejohn
|Dec 3||Thirty Years Later: Lessons from the Multics Security Evaluation by P. A. Karger and R. R. Schell
This World of Ours by J. Mickens
Looking Back: Addendum by D. E. Bell
|Dec 5||How to Write a Great Research Paper by S. P. Jones
How to Give a Great Research Talk by S. P. Jones
On Preparing Good Talks by R. Jhala