Units:

12

Description:

The Web continues to grow in popularity as platform for retail transactions, financial services, and rapidly evolving forms of communication. It is becoming an increasingly attractive target for attackers who wish to compromise users' systems or steal data from other sites. Browser vendors must stay ahead of these attacks by providing features that support secure web applications. This course will study vulnerabilities in existing web browsers and the applications they render, as well as new technologies that enable web applications that were never before possible. The material will be largely based on current research problems, and students will be expected to criticize and improve existing defenses. Topics of study include (but are not limited to) browser encryption, JavaScript security, plug-in security, sandboxing, web mashups, and authentication. The course will involve an intensive group research project focusing on protocols/algorithms, vulnerabilities, and attacks as well as several individual homework and programming tasks. Groups will perform a sequence of cumulative tasks (literature review, analysis, simulation, design, implementation) to address aspects of their chosen topic, occasionally reporting their results to the class through brief presentations, leading to a final report.

This course is crosslisted with 18-636. ECE graduate students will be prioritized for 18-636, and ECE undergraduate students will be prioritized for 18-436. Although students in 18-436 will share lectures with students in 18-636, students in 18-636 will write a report critiquing research methodologies and validity of results for selected research papers on web and browser security.

Prerequisites: 18-213

Last Modified: 2025-06-30 11:58AM

Semesters offered:

• Fall 2025