Instructor Patrick McDaniel (mcdaniel 'at' cse.psu.edu)
Location IST 223B
Meeting Times Wed 10:00am-12:05pm
Credits 3
Office Hours Prof. McDaniel: by appointment

This course provides a graduate-level introduction to web 2.0 and cloud systems security. Students successfully completing this class will be able to evaluate the security models and risks of these systems, and will be able to apply evaluation techniques used in security research appropriate for these domains. The course begins with a tutorial of the terminology, structure and operation of Web 2.0 and cloud systems, and interfaces for solutions reviewed. Several papers and monographs in a wide range of related topics will be discussed. Topics covered include web and cloud systems architectures, web-attacks, web applications, privacy, mash-ups, and browser security.

This course will be focused on systems building. No tests or written projects will be assigned. Students will design, build, and deploy a Web 2.0 system as part of this course.

Note: Admittance to this course is by permission of course instructor only. Students should have completed CSE543 with at least a B+ grade. Experience in performing research in security is highly recommended.

A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule.

Most of the course readings will come from seminal papers in the field. Links to these papers will be provided on the course pages.


The course will be graded on exams, quizzes, assignments, projects, and class participation in the following proportions:

40% Course Project
30% Course Lectures
20% Paper Summaries
10% Class Participation

Course Project

The course project requires each develop a complete Web 2.0 system. Proposal systems will be discussed in class after the introductory material is completed. Be realistic about what can be accomplished in a single semester. However, the work should reflect real thought and committed effort. The grade will be based on the following factors: novelty, depth, robustness, coolness, and demonstrated effort.

Project teams may include groups of up to two students, though single authored works are strongly preferred. I will advise each team/individual independently as needed. The project grade will be a combination of grades received for a number of milestone artifacts and the final project. Details of the milestones and expected content will be dicsussed in class and are documented on the couse assignments page.

Course Lectures

Each student will be required to present 1-3 lectures of a paper assigned to the class, depending on the course enrollment. Students should prepare a detailed lecture complete with detailed slides. The slides will be distributed via the website. The course instructor will provide additional details on the first day of class. All presenters must use the course template for either keynote or powerpoint. Linux folks can use the powerpoint template with Open Office if they choose.

Paper Discussion Summaries

Students will be required to fill out summary for each assigned paper. Summaries will be presented in a XML document to be placed on the student project website. More details about the format and handling of the summaries are provided on assignment #1 of the couse assignments page.

Class Participation

Course lectures will be driven by the contents of assigned papers. Students are going to be required to participate in discussions of the paper content during each lecture. Hence, the students ability to exhibit comprehension of papers is essential to a passing grade. Students failing to do the reading on a regular basis will be removed from the class.

Academic Integrity Policy

Students are required to follow the university guidelines on academic conduct at all times. Students failing to meet these standards will automatically receive a 'F' grade for the course. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy. The instructor will not entertain any discussion on the discovery of an offense, and will assign the 'F' grade and refer the student to the appropriate University bodies for possible further action.

Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or the final project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.

When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor McDaniel.

**** Health Warning **** This semester has the potential to be effected by the H1N1 virus. Students who believe they have been infected should consult a medical professional immediately. Do not come to class but contact the professor to indicate your situation prior to the class. All students should read and monitor Penn State's H1N1 health updates webpage for information.

Course Updates

[3/20/2010] The due dates for the course assignments have been altered to allow students more time to work on the project. Note that on the 31st of March will be having in "in class" project showcase. Each student should be prepare to demonstrate their project at least including all features through assignment 5.

[1/18/2010] Information on assignment #2 is now available on the website. Please read carefully and complete by the 10th of February.

[1/18/2010] The course lecture assignments have been posted on the course webpage. Please check and prepare for any lectures you have been assigned. In the event you are unable to give a particular lecture, you may trade with other students (clear with the instructor before doing so).

[12/1/2009] Welcome to CSE598i - Web Security! The class website is now setup. Students are encouraged to review these page and start reading the assigned readings before the first day in class.