6.858 / Spring 2020 / Paper Reading Questions

Paper Reading Questions

For each paper, your assignment is two-fold. Before lecture:

Submit your answer for each lecture's paper question via the submission web site in a file named lecn.txt, and

Submit your own question about the paper (e.g., what you find most confusing about the paper or the paper's general context/problem) in a file named sqn.txt. You cannot use the question below. To the extent possible, during lecture we will try to answer these questions. If you submit your question before midnight the day before lecture, then there is a chance we will answer by email. Below, we have included the questions we've received from students in past years (when available), along with answers to those questions, in case you find it helpful.

Once you submit your own question and answer (or after the deadline has passed), you can view the questions and answers that other students submitted.

Lecture 11

Suppose you are helping the developers of a complex web site at http://bitdiddle.com/ to evaluate their security. This web site uses an HTTP cookie to authenticate users. The site developers are worried an adversary might steal the cookie from one of the visitors to the site, and use that cookie to impersonate the victim visitor.

What should the developers look at in order to determine if a user's cookie can be stolen by an adversary? In other words, what kinds of adversaries might be able to steal the cookie of one of the visitors to http://bitdiddle.com/, what goes "wrong" to allow the adversary to obtain the cookie, and how might the developers prevent it?

Note: an exhaustive answer might be quite long, so you can stop after about 5 substantially-different issues that the developers have to consider.