Security and Vulnerability Analysis - S15

CSE 591

Paper Discussion Format

35 min Total
10 min Summary
5 min Pros
5 min Cons
15 min Discussion

Paper Selection

Each member of the class must select two papers to present: one as a member of the Pro team and one as a member of the Con team. Sign up for paper choices on the Google Doc sent out on the class mailing list, one each for team Pro and team Con by 3/20/15 11:59:59pm Arizona time. Paper selection is on a first-come basis.

Paper Presentation Responsibility

The paper presenters will be responsible for leading the class discussion on the given paper. The presenters in the “Pro” team are responsible for finding and discussing the strengths of the paper, and the presenters in the “Con” team are responsible for finding and discussing the weaknesses of the paper.

Audience Responsibility

The other class members (AKA non-presenters) are expected to participate in the class discussion on the paper (participation will be reflected in the Paper Presentation and Discretionary portion of the grade). Before each class, every non-presenter is required to choose one of the papers discussed that day, read the paper, fill out the form. Note that this review form is due before class starts.

Paper Title:
Publication Date:
Conference Published:
Acceptance Rate of Conference (if available):

Paper Summary (1--3 sentences):

Paper Strengths (at least 2 bullet points):

Paper Weaknesses (at least 2 bullet points):

Core Idea (1--2 sentences):

Paper Presentation Schedule

  • 3/24 — Huang et al. Web application security assessment by fault injection and behavior monitoring (2003)

  • 3/24 — Huang et al. Securing Web Application Code by Static Analysis and Runtime Protection (2004)

  • 3/26 — Pietraszek et al. Defending against Injection Attacks through Context-Sensitive String Evaluation (2005)

  • 3/26 — Halfond and Orso. AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks (2005)

  • 3/31 — Livshits and Lam. Finding Security Vulnerabilities in Java Applications with Static Analysis (2005)

  • 3/31 — Jovanovic et al. Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (2006) (IEEE Security & Privacy version)

  • 4/2 — Stefan et al. Secubat: A Web Vulnerability Scanner (2006)

  • 4/2 — Xie and Aiken. Static detection of security vulnerabilities in scripting languages (2006)

  • 4/7 — Balzarotti et al. Saner: Composing static and dynamic analysis to validate sanitization in web applications (2008)

  • 4/7 — Dalton et al. Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications (2009)

  • 4/9 — Bisht et al. NoTamper: Automatic Blackbox Detection of Parameter Tampering Opportunities in Web Applications (2010)

  • 4/9 — Doupé et al. Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners (2010)

  • 4/14 — Felmetsger et al. Toward Automated Detection of Logic Vulnerabilities in Web Applications (2010)

  • 4/14 — Saxena et al. ScriptGard: Automatic Context-Sensitive Sanitization for Large-Scale Legacy Web Applications (2011)

  • 4/16 — Sun et al. Static Detection of Access Control Vulnerabilities in Web Applications (2011)

  • 4/16 — Doupé et al. Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner (2012)

  • 4/21 — Heiderich et al. mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations (2013)

  • 4/21 — Son et al. Fix Me Up: Repairing Access-Control Bugs in Web Applications (2013)

  • 4/23 — Dahse et al. Code Reuse Attacks in PHP: Automated POP Chain Generation (2014)

  • 4/23 — Monshizadeh et al. MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications (2014)