<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16640" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=411381517-02052008><FONT face=Arial
color=#0000ff size=2>Bill Zeller will present his research seminar/general
exam on Monday May 12</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=411381517-02052008><FONT face=Arial
color=#0000ff size=2>at 2PM in Room 402. The members of his committee
are: Ed Felten (advisor), </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=411381517-02052008><FONT face=Arial
color=#0000ff size=2>Brian Kernighan, and Andrew Appel. Everyone is
invited to attend his talk, and </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=411381517-02052008><FONT face=Arial
color=#0000ff size=2>those faculty wishing to remain for the oral exam following
are welcome to do so.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=411381517-02052008><FONT face=Arial
color=#0000ff size=2>His abstract and reading list follow
below.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=411381517-02052008><FONT face=Arial
color=#0000ff
size=2>---------------------------------------</FONT></SPAN></DIV><BR><SPAN
class=nfakPe>Abstract</SPAN>:<BR><BR>Cross-Site Request Forgery (CSRF) attacks
occur when a malicious web site causes a user's web browser to perform an
unwanted action on a trusted site. These attacks have been called the "sleeping
giant" of web-based vulnerabilities, because many sites on the Internet fail to
protect against them and because they have been largely ignored by the web
development and security communities. We present four serious CSRF
vulnerabilities we have discovered on four major sites, including what we
believe is the first published attack involving a financial institution. These
vulnerabilities allow an attacker to transfer money out of user bank accounts,
harvest user email addresses, violate user privacy and compromise user accounts.
We recommend server-side changes (which we have implemented) that are able to
completely protect a site from CSRF attacks. We also describe the features a
server-side solution should have (the lack of which has caused CSRF protections
to unnecessarily break typical web browsing behavior). Additionally, we have
implemented a client-side browser plugin that can protect users from certain
types of CSRF attacks even if a site has not taken steps to protect
itself.<BR><BR>Books:<BR> - Practical Cryptography: Ferguson,
Schneier<BR> - Security Engineering:
Anderson<BR><BR>Papers<BR> - [Anupam, Mayer] Security of Web
Browser Scripting Languages: Vulnerabilities, Attacks, and
Remedies<BR> <A
href="http://delivery.acm.org/10.1145/1270000/1267564/p15-anupam.pdf?key1=1267564&key2=7559754021&coll=GUIDE&dl=GUIDE&CFID=57632849&CFTOKEN=53175682"
target=_blank>http://delivery.acm.org/10.1145/1270000/1267564/p15-anupam.pdf?key1=1267564&key2=7559754021&coll=GUIDE&dl=GUIDE&CFID=57632849&CFTOKEN=53175682</A><BR><BR>
- [Fu, Sit, Smith, Feamster] Dos and Don'ts of Client Authentication on the
Web<BR> <A
href="http://pdos.csail.mit.edu/papers/webauth:sec10.pdf"
target=_blank>http://pdos.csail.mit.edu/papers/webauth:sec10.pdf</A>
<BR><BR> - [Krannig] Towards Web Security Using
PLASMA<BR> <A
href="http://delivery.acm.org/10.1145/1270000/1267563/p14-krannig.pdf?key1=1267563&key2=0389754021&coll=GUIDE&dl=GUIDE&CFID=57633385&CFTOKEN=26863737"
target=_blank>http://delivery.acm.org/10.1145/1270000/1267563/p14-krannig.pdf?key1=1267563&key2=0389754021&coll=GUIDE&dl=GUIDE&CFID=57633385&CFTOKEN=26863737</A><BR><BR>
- [Moore, Voelker, Savage] Inferring Internet Denial-of-Service
Activity<BR> <A
href="http://www.caida.org/publications/papers/2001/BackScatter/usenixsecurity01.pdf"
target=_blank>http://www.caida.org/publications/papers/2001/BackScatter/usenixsecurity01.pdf</A><BR><BR>
- [Huang, Yu, Christian Hang, Tsai, Lee, Kuo] Securing Web Application Code by
Static Analysis and Runtime Protection<BR> <A
href="http://www.cs.ucsb.edu/%7Eyuf/paper/WWW04.pdf"
target=_blank>http://www.cs.ucsb.edu/~yuf/paper/WWW04.pdf</A><BR><BR>
- [Bortz, Boneh, Nandy] Exposing Private Information by Timing Web
Applications<BR> <A
href="http://crypto.stanford.edu/%7Eabortz/papers/timingweb.pdf"
target=_blank>http://crypto.stanford.edu/~abortz/papers/timingweb.pdf</A><BR><BR>
- [Boyd, Keromytis] SQLrand: Preventing SQL Injection
Attacks<BR> <A
href="http://www1.cs.columbia.edu/%7Eangelos/Papers/sqlrand.pdf"
target=_blank>http://www1.cs.columbia.edu/~angelos/Papers/sqlrand.pdf</A><BR><BR>
- [Chou, Ledesma, Teraguchi, Boneh, Mitchell] Client-side defense against
web-based identity theft<BR> <A
href="http://crypto.stanford.edu/SpoofGuard/webspoof.pdf"
target=_blank>http://crypto.stanford.edu/SpoofGuard/webspoof.pdf</A><BR><BR>
- [Xie, Aiken] Static Detection of Security Vulnerabilities in Scripting
Languages<BR> <A
href="http://theory.stanford.edu/%7Eaiken/publications/papers/usenix06.pdf"
target=_blank>http://theory.stanford.edu/~aiken/publications/papers/usenix06.pdf</A><BR><BR>
- [Vogt, Nentwich, Jovanovic, Kirda, Kruegel, Vigna] Cross-Site Scripting
Prevention with Dynamic Data Tainting and Static
Analysis<BR> <A
href="http://www.seclab.tuwien.ac.at/papers/xss_prevention.pdf"
target=_blank>http://www.seclab.tuwien.ac.at/papers/xss_prevention.pdf</A><BR><BR>
- [Ye, Smith] Trusted Paths for Browsers<BR> <A
href="http://delivery.acm.org/10.1145/1070000/1065546/p153-ye.pdf?key1=1065546&key2=3080854021&coll=GUIDE&dl=GUIDE&CFID=57635236&CFTOKEN=42774008"
target=_blank>http://delivery.acm.org/10.1145/1070000/1065546/p153-ye.pdf?key1=1065546&key2=3080854021&coll=GUIDE&dl=GUIDE&CFID=57635236&CFTOKEN=42774008</A><BR></BODY></HTML>