Swedish web site
TDDC90 Software Security
Paper presentation
General information
As part of the examination for the course, students are required to read a paper on web security (in pairs) and present it on a seminar towards the end of the course. The goal of this moment is to give a deeper understanding of the concepts discussed in the lecture, both by reading the paper and preparing the presentation, as well as from listening to the other groups' presentations.
You will do this assignment together with the person that you signed up with in Webreg. Note that both students in each group must be present and take equal part in the presentation! Participation during the entire seminar is also mandatory for all students.
The final presentations will be held on December 14:th (see schedule). Presentations will be roughly 10-15 minutes, plus a few minutes for questions. Exact time constraints will be posted later. (Since we typically have a few dropouts during the run of the course, we cannot precisely estimate how many will make it to the final presentations at the start of the course.)
There are also an additional milestone, to allow us to gauge your progress and steer you in the right direction if needed (see list of milestones below).
Requirements for presentation
To ensure high-quality presentations that are informative to the audience, we have defined several requirements. Presentations should address the following topics/questions:
- What is the goal and purpose of the work? What problem(s) does it aim to solve, or what question(s) does it seek to answer?
- It is also very important to provide sufficient background to the audience. When preparing your presentation, you should assume that the listeners have the background knowledge given in the web security lecture, but any prerequisite knowledge beyond that needs to be addressed in your presentation.
- What is the practical significance of the work?
- What were the results presented in the paper? How well did the proposed technique work, or what were the answers to the questions stated in the paper?
- You should also critique the work. For example: Were the ideas clearly conveyed? Does the empirical results support claims made in the paper? How big was the contribution of the work, in terms of potentially improving web security?
You can (and should) use external sources when preparing the presentation, e.g. for understanding concepts you may not already be familiar with. However, in the presentation it must be clear what are results from the paper, what are your own opinions or interpretations, and what is information or material taken from other sources.
Note that addressing all the above points in a 10-15 minute presentation requires careful planning and selection of topics. (It always takes more time to prepare a short presentation than a longer one.) You should therefore make sure to start early with this assignment and allot sufficient time for it!
Deadlines and milestones
In addition to the final presentation, each group must also submit a brief outline of their presentation. This is to make sure that groups are on the right track in terms of scope and depth, and allow potential adjustments of the final presentation based on our feedback.- November 22 at 18.00: Request period for papers opens. Requests for papers should be emailed to ulf.kargen@liu.se. See below for formatting requirements on request emails. Papers will be assigned to groups in a first-come first-serve order. However, note that requests received before this time will be ignored! This is to give you time to carefully consider which papers to choose before doing your requests.
- November 24 at 12.00 (noon): Deadline for paper requests.
- November 24 afternoon: Paper assignments will be posted on this page.
-
December 4 at 18.00: Deadline to submit initial outline of the presentation. The outline should be in the form of a simple email (no slides or graphics) to ulf.kargen@liu.se.
The email should briefly answer the question in each of the bullets under "Requirements for presentation" above. Use one paragraph (a few sentences) per bullet. Also, the email should contain a rough outline of the structure of the presentation, in the form of a bullet list or similar.
- December 5-7: Groups will receive feedback on their outlines.
- December 7: The final presentation schedule will be posted here, including the exact time constraints for presentations.
- December 14, 13.15-17.00: Final presentations in two parallel tracks. (Since we allow up to two groups per paper, we split the class in two.)
Format for paper request email
Please use the following format when sending your paper requests to ulf.kargen@liu.se:
Title:
TDDC90 - paper requestBody:
Group: Webreg group number
Requested paper(s):
1. Paperxxx (your first choice of paper)
2. Paperxxx (your second choice)
3. Paperxxx (your third choice)
4. Paperxxx (your fourth choice)
5. Paperxxx (your fifth choice)Where the Paperxxx is the paper id from the list of papers below.
Papers
This is the list of papers you may choose from. Note that some of the papers can only be accessed for free if you are on the university network. (That is, for some papers you need to click a "View PDF" or similar link to get the full paper, and this link may only be available while on the university network.)
Paper001: A Systematic Analysis of XSS Sanitization in Web Application Frameworks
Paper002: Towards a Formal Foundation of Web Security
Paper003: AUTHSCAN: Automatic Extraction of Web Authentication Protocols from Implementations
Paper004: Robust Defenses for Cross-Site Request Forgery
Paper005: Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense
Paper006: mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutation
Paper007: Busting Frame Busting: a Study of Clickjacking Vulnerabilities on Popular Sites
Paper008: Privilege Separation in HTML5 Applications
Paper009: Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks
Paper010: The Emperor's New APIs: On the (In)Secure Usage of New Client-side Primitives
Paper011: Regular Expressions Considered Harmful in Client-Side XSS Filters
Paper012: Reining in the Web with Content Security Policy
Paper013: The Devil is in the (Implementation) Details: an Empirical Analysis of OAuth SSO Systems
Paper014: State of the Art: Automated Black-Box Web Application Vulnerability Testing
Paper015: Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner
Paper016: Same-Origin Policy: Evaluation in Modern Browsers
Paper presentation schedule
| Time | Room: R34 Chair: Jeff Yan | Room: R35 Chair: Ulf Kargén | ||||
|---|---|---|---|---|---|---|
| Group | Students | Paper | Group | Students | Paper | |
| 13.15 | 1 | Carl Nykvist Linus Sjöström | Paper014 | 3 | Dennis Fischer Paul Thiele | Paper007 |
| 13.26 | 5 | Oscar Pap Per Gustavsson | Paper013 | 4 | Elina Lundberg Erica Gavefalk | Paper002 |
| 13.37 | 8 | Björn Jansson John Tinnerholm | Paper009 | 6 | Aurélien Laviron Laure Marchal | Paper003 |
| 13.48 | 9 | Adrien Vignal Christian Diller | Paper008 | 7 | Jonatan Branting Yu-Ling Lin | Paper014 |
| 13.59 | 10 | Emil Gustafsson Fabian Petersen | Paper016 | 12 | Niklas Hätty Petter Granli | Paper011 |
| 14.10 | Break | |||||
| 14.25 | 11 | Erik Rönmark Peter Keijser Tullstedt | Paper010 | 13 | Dennis Dufbäck Hjalmar Wilander | Paper005 |
| 14.36 | 15 | Henrik Adolfsson Tim Österlund | Paper006 | 14 | Emil Norberg Jonathan Johansson | Paper001 |
| 14.47 | 19 | Caroline Lee Quentin Lucas | Paper007 | 16 | Martin Larsson Sebastian Andersson | Paper013 |
| 14.58 | 21 | Niklas Pettersson Nils Petersson | Paper015 | 17 | Jacob Johansson Mohammad Khodari | Paper004 |
| 15.10 | Break | |||||
| 15.20 | 24 | Joakim Ericsson Olle Nilsson | Paper002 | 18 | Filip Polbratt Sara Westberg | Paper015 |
| 15.31 | 25 | Johan Jansson Klas Harrysson | Paper005 | 20 | Adam Hansson Oscar Johansson | Paper016 |
| 15.42 | 26 | Elin Petersén Håkan Gudmundsson | Paper012 | 22 | Emil Segerbäck Robin Christensen | Paper009 |
| 15.53 | 30 | Ermin Pitarevic Hakan Celik | Paper004 | 23 | Hamza Maatougui Violaine Fabry | Paper010 |
| 16.05 | Break | |||||
| 16.15 | 32 | Carl Brage Kimberley French | Paper001 | 27 | Francesco D'alterio Valerio Tomassi | Paper006 |
| 16.26 | 33 | David Chhuon Sébastien Crouzy | Paper003 | 28 | Hampus Viken Mikael ångman | Paper012 |
| 16.37 | 34 | Joakim Falk | Paper011 | 29 | Sam Le (samle75) Yu-Chen Chiu | Paper008 |
| 16.48 | 31 | Antoine Crochet | Paper009 | 2 | José Martín Nogueira Thibault Carré | Paper003 |
Page responsible: Ulf Kargén
Last updated: 2023-10-29
