Web 2.0 Security & Privacy 2015

Thursday May 21, 2015
The Fairmont Hotel, San Jose, California

The goal of this one-day workshop is to bring together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers, cloud, mobile and their eco-system. We have had eight years of successful W2SP workshops.

More information regarding workshops co-located with the 2015 IEEE Symposium on Security and Privacy can be found on the conference website.

Previous W2SP Workshops:  2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007

Read the 2015 Call For Papers


7:30–8:30 Breakfast
8:30–8:50 Welcome + Best Paper award
8:50–9:50 Keynote: Making browser security usable: successes & open challenges

Speaker: Adrienne Porter Felt - Software Engineer, Google

Abstract: Our community puts enormous effort into detecting malware, designing protocols, and isolating origins. Unfortunately, much of this work can be rendered useless in a few clicks when a user turns a feature off or breezes past a warning. The Google Chrome security team has been systematically re-building Chrome's security UI in an effort to make browser security more usable. This talk will give a peek into how we design browser security features via a set of real world case studies. We've taken a data-driven approach to usable security, by defining and measuring a set of usability metrics. These metrics let us know what works (and what doesn't). From this experience, I'll share a set of best practices that have led to successes. I'll also discuss some open research and engineering challenges in the area of connection security (SSL).

Speaker Bio:

Adrienne Porter Felt

Adrienne Porter Felt is the tech lead for Google Chrome usable security, where her job is to help Chrome users make good security decisions. Adrienne is responsible for many of the warnings and security UI that you see in Chrome today (for better or worse). Previously, she was a research scientist on Google's security research team. Adrienne received a PhD in computer science from UC Berkeley. For her dissertation, she evaluated whether Android and Chrome permissions are usable by developers (to mitigate vulnerabilities) or end users (to control third party access to resources).

9:50–10:20 Variations in Tracking in Relation to Geographic Location (Download Paper) (Slides)

Authors: Nathaniel Fruchter, Hsin Miao, Scott Stevenson (Carnegie Mellon University), Rebecca Balebako (RAND Corporation)

10:20–10:50 Morning Break
10:50–12:30 Session 1: Tracking and Privacy Extensions

Paper: Because we care: Privacy Dashboard on Firefox OS (Download Paper) (Slides)
Authors: Marta Piekarska, Yun Zhou (Technische Universitat Berlin and Telekom Innovation Labs), Dominik Strohmeier (Mozilla), Alexander Raake (Technische Universitat Berlin)

Paper: Tracking Protection in Firefox For Privacy and Performance (Download Paper) (Slides)
Authors: Georgios Kontaxis (Columbia University), Monica Chew (Mozilla Corporation)

Paper: The Case for a General and Interaction-based Third-party Cookie Policy (Download Paper) (Slides)
Authors: Istemi Ekin Akkus (MPI-SWS), Nicholas Weaver (ICSI & UC Berkeley)

12:30–1:30 Lunch
1:30–3:10 Session 2: Attacks & Defenses

Paper: Stickler: Defending Against Malicious CDNs in an Unmodified Browser (Download Paper)
Authors: Amit Levy, Henry Corrigan-Gibbs, Dan Boneh (Stanford University)

Paper: Breaking Bad: Detecting malicious domains using word segmentation (Download Paper) (Slides)
Authors: Wei Wang (AT&T Security Research Center), Kenneth E. Shirley (AT&T Labs Research)

Paper: Owning Your Home Network: Router Security Revisited (Download Paper) (Slides)
Authors: Marcus Niemietz, Jorg Schwenk (Horst Gortz Institute for IT-Security Ruhr-University Bochum)

3:10–3:40 Afternoon Break
3:40–5:10 Session 3: Security Assessments & Solutions

Paper: Practical Solutions For Format-Preserving Encryption (Download Paper) (Slides)
Authors: Mor Weiss (Technion), Boris Rozenberg, Muhammad Barham (IBM)

Paper: Genuine onion: Simple, Fast, Flexible, and Cheap Website Authentication (Download Paper) (Slides)
Authors: Paul Syverson (U.S. Naval Research Laboratory), Griffin Boyce (Open Internet Tools Project)

Paper: No SQL, No Injection? Examining NoSQL Security (Download Paper) (Slides)
Authors: Aviv Ron, Alexandra Shulman-Peleg (Cyber Security Center of Excellence IBM), Emanuel Bronshtein (Application Security Research IBM)

Workshop Co-Chairs

Larry Koved (IBM T.J. Watson Research Center)
Tyrone Grandison (Proficiency Labs)

Program Chairs

Sean Thorpe (University of Technology, Jamaica)
Abigail Goldsteen (IBM Research Haifa)

Program Committee

Sonali Batra (Operation Asha)
Rinku Dewri (University of Denver)
Kevin Snow (UNC, Chapel Hill)
Leon Stenneth (Nokia Research Labs, Chicago)
Michael Losavio (University of Louisville)
Rose Gamble (University of Tulsa)
Brajendra Panda (University of Arkansas)
Abbie Barbir (Bank of America)
Iman Saleh (University of Miami)
Peter Bodorik (Dalhouise University)
Gary Kessler (Embry Aeronautical University)
Sabrina De Capitani di Vimercati (University of Milan)
Sara Foresti (University of Milan)
Pierangela Samarati (University of Milan)
Murat Kantarcioglu (University of Texas Dallas)
Micha Moffie (IBM Research)
Alexandra Shulman-Peleg (IBM Research)
Per Håkon Meland (SINTEF)
Julia Rubin (MIT)
Arik Friedman (NICTA)
Sid Stamm (Mozilla)
Sonia Jahid (VMware)
Dieter Gollmann (SVA)
Brad Malin (Vanderbilt University)
Anand Prakash (Flipkart)
Alex Smolen (Twitter)
Michael Franz (University of California - Irvine)
James Kettle (PortSwigger)
Carrie Gates (CA Technologies)
Carmela Troncoso (Gradiant)
Saman Zonouz (Rutgers University)
Bo Zhao (SAMSUNG Research America)

Web Chair

Rohan Malcolm (University of Technology, Jamaica)

Publication Chair

Mike Just (Heriot-Watt University)