Vulnerabilities in existing web browsers and the applications they render, as well as new technologies that enable web applications that were never before possible. Material largely based on current research problems, and students will be expected to criticize and improve existing defenses. Topics include browser encryption, JavaScript security, plug-in security, sandboxing, web mashups, and authentication.

Syllabus

https://courses.ece.cmu.edu/18636

Class format

Lecture and project-based

Home department

ECE

Target audience

ECE and INI graduate students.

Background required

Graduate Standing or instructor permission. Previous experience with security, e.g., completing an Introduction to Security course. Working knowledge of programming is required and Web development knowledge is preferred.

Learning objectives

• Technical skills in building a secure browsing environment and analyzing the security properties of a browsing environment. Students will learn the security mechanisms deployed in browsers and apply that knowledge toward securing the web. Students will learn to critically analyze the security properties of websites and browser mechanisms.
• Analytical and creative skills in identifying problems within browser-related security topics and finding solutions.
  • Students will be able to identify, formulate, and solve simple security issues in modern browsing context.
  • Students will gain knowledge of contemporary issues of browser and web security and will be aware of the current pressing browser security challenges.
• Technologies: Students will learn how the modern browsers came into existence and the reason they work the way they do. Students will learn internals of Browser’s security architecture, Extension Engine and major attack vectors like XSS and CSRF to name a few.

Faculty and instructors who have taught this course in the past

Hanan Hibshi, Limin Jia