Oct 1 |
Overview and Introduction How to Read a Paper by S. Keshav The Rise of Worse is Better by R. P. Gariel |
|
Low-Level Vulnerabilities and Defenses |
Oct 3 |
How Memory Safety Violations Enable Exploitation of Programs by M. Payer A Modern History of Offensive Security Research by D. Dai Zovi See also: Low-Level Software Security by Example by U. Erlingssona et al. |
Oct 8 |
Control-Flow Integrity: Precision, Security, and Performance by N. Burow et al. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity by N. Carlini et al. |
Oct 10 |
Principles and Implementation Techniques of Software-Based Fault Isolation by G. Tan Bringing the Web up to Speed with WebAssembly by A. Haas et al. |
|
Web Security |
Oct 15 |
Beware of Finer-Grained Origins by C. Jackson and A. Barth Securing Frame Communication in Browsers by A. Barth et al. Chromium's design documents on Site Isolation and Cross-Origin Read Blocking The Web Origin Concept by A. Barth |
Oct 17 |
Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers by M. T. Louw and V.N. Venkatakrishnan Robust Defenses for Cross-Site Request Forgery by A. Barth et al. Using positive tainting and syntax-aware evaluation to counter SQL injection attacks by W. G. J. Halfond et al. |
Oct 22 |
CSP is dead, long live CSP! On the insecurity of whitelists and the future of content security policy by L. Weichselbaum et al. Protecting Users by Confining JavaScript with COWL by D. Stefan et al. |
|
Web Privacy |
Oct 24 |
Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies by G. Franken et al. An Analysis of Private Browsing Modes in Modern Browsers by G. Aggarwal et al. Browser History re:visited by M. Smith et al. |
Oct 29 |
Trusted Browsers for Uncertain Times by D. Kohlbrenner and H. Shacham The Design and Implementation of the Tor Browser by M. Perry |
|
The Hardware-Software Boundary |
Oct 31 |
Spectre Attacks: Exploiting Speculative Execution by P. Kocher et al. Meltdown: Reading Kernel Memory from User Space by M. Lipp et al. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution by J. Van Bulck et al. |
Nov 5 |
Hyperflow: A Processor Architecture for Nonmalleable, Timing-Safe Information-Flow Security by A. Ferraiuolo et al. GhostRider: A Hardware-Software System for Memory Trace Oblivious Computation by C. Liu et al. |
|
Automatic Vulnerability Discovery |
Nov 7 |
A Survey of Symbolic Execution Techniques by R. Baldoni et al. Under-Constrained Symbolic Execution: Correctness Checking for Real Code by D. A. Ramos and D. Engler SAGE: Whitebox Fuzzing for Security Testing by P. Godefroid et al. |
Nov 19 |
AEG: Automatic Exploit Generation by T. Avgerinos et al. NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications by A. Alhuzali et al. Driller: Augmenting Fuzzing Through Selective Symbolic Execution by N. Stephens et al. |
|
Package managers and sofware distribution |
Nov 26 |
Docker ecosystem–Vulnerability Analysis by A. Martin et al. A Look In the Mirror: Attacks on Package Managers by J. Cappos et al. |
Nov 28 |
CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds by K. Nikitin et al. Contour: A Practical System for Binary Transparency by M. Al-Bassam and S. Meiklejohn |
|
Stepping Back |
Dec 3 |
Thirty Years Later: Lessons from the Multics Security Evaluation by P. A. Karger and R. R. Schell This World of Ours by J. Mickens Looking Back: Addendum by D. E. Bell |
Dec 5 |
How to Write a Great Research Paper by S. P. Jones How to Give a Great Research Talk by S. P. Jones On Preparing Good Talks by R. Jhala |