Section Menu

Bolstering Security Education through Integration of Research and Education on Browser Security                     NSF

The goal of the proposed project is to bolster security education through integrity of research and education on browser security. To achieve the goal, we will transit research on browser security into education and develop a consortium of universities by organizing faculty/student workshops and investing on their continued development which enhance their research and education experiences in browser security.

Topics 

  • Browser Basics: HTTP, HTML, HTML5
  • Web development basics: CCS 
  • Browser security policy:
  • Securing your web browser 101: http://www.cert.org/tech_tips/securing_browser/
  • Content separation, app isolation
  • Plug-in security: Adobe, Sliverlight, Java, ActiveX
  • Private browsing
  • Web-based Malware and Phishing: http://crypto.stanford.edu/antiphishing/
  • Web vulnerability and mitigation: XSS, CSP, SOMA, Click Jacking, Frame busting
  • Web vulnerability and mitigation: BEEP , XSS Auditor, and Critical Vulnerability in Browser Security Metrics
  • Browser Vulnerability and mitigation, OP, Tahoma, and Cross-Origin CSS Attacks
  • Browser Vulnerability and mitigation: Chromium and Gazelle
  • Browser-based communication and security: Web messaging, WebSocket, ForceHTTPS Cookies, DNS attacks
  • Browser Storage: Web SQL and SQL injection
  • Browser Encryption 
    • http://www.w3.org/TR/WebCryptoAPI/: a JavaScript API for performing basic cryptographic operations in web applications, such as hashing, signature generation and verification, and encryption and decryption.
    • Fast Symmetric Cryptography in Javascript, Emily Stark, Michael Hamburg, and Dan Boneh, In Proc. of the 25th Annual Computer Security Applications Conference. (ACSAC 2009)
  • Web Browsing and Privacy: The web browser serves as a doorway to the Internet for much of a typical user’s online activity. Browsers have the potential to impact on the privacy and security of any action they are used to complete
    • Cookies, http://crypto.stanford.edu/safecache/
    • Certificates,
    • Trusted Paths for Browsers
    • TOR: https://www.torproject.org/
    • I Still Know What You Visited Last Summer: Leaking browsing history via user interaction and side channel attacks, Zack Weinberg, Eric Chen, Pavithra Ramesh Jayaraman, and Collin Jackson, In Proc. of the IEEE Security and Privacy Symposium (Oakland 2011).
    • An Analysis of Private Browsing Modes in Modern Browsers, Gaurav Aggarwal, Elie Burzstein, Dan Boneh, and Collin Jackson, In Proc. of the 19th USENIX Security Symposium. (USENIX Security 2010)
    • Towards Short-Lived Certificates, Emin Topalovic, Brennan Saeta, Lin-Shung Huang, Collin Jackson, and Dan Boneh, In Web 2.0 Security and Privacy (W2SP 2012)
    • The Case for Prefetching and Prevalidating TLS Server Certificates, Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson, and Dan Boneh, In Proc. of the 19th Network and Distributed System Security Symposium (NDSS 2012)
  •  Software testing and development

Hands-on Labs

Behavior Tracking   Slides

Team

Wenliang (Kevin) Du is a Professor at the Department of Electrical Engineering and Computer Science in SU. Over the last 10 years, he has developed 33 hands-on labs for security education, which are used by over 100 universities worldwide. Those labs have been mapped to popular security textbooks written by M. Goodrich and R. Tammassia. Dr. Du has published over 80 research and education papers in renowned security journals and proceedings in the area of computer security.

Li Yang is an Associate Professor from UTC and the Director of UTC InfoSec Center, a National Center of Academic Excellence – Information Assurance Education (CAE-IAE).  Since 2008, she has also directed Graduate Study in the Department of Computer Science and Engineering. She has developed and published a number of hands-on labs in the areas of cryptography, biometrics and database security. She has also edited and published a research book on applied cryptography for cyber security and defense, and served as a guest editor in the International Journal of Information Security and Privacy.  She has published a number of research papers in Android security, access control, electronic transaction, and security of smart healthcare.

Xiaohong Yuan is an Associate Professor in the Department of Computer Science and the Director of the NC A&T SU Center for Cyber Defense. Her research interests include computer science education, information assurance, software engineering and visualization. Dr. Yuan has led the establishment of the Secure Software Engineering program in the Department of Computer Science. Dr. Yuan has published more than fifty research and education papers in refereed conferences and journals.

 

 

©