The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas. (For details, see the call for position papers.)

Final Program

Presentations / Schedule

7:30–9:00 Continental breakfast
9:00–9:10 Opening remarks
9:10–10:10 Session 1: Broad Issues & Opinions

Paul A. Karger. Mashups Legitimize Man-in-the-Middle Attacks. (Slides PDF)

Sumeer Bhola, Suresh Chari, and Michael Steiner.  Security for Web 2.0 Application Scenarios: Exposures, Issues, and Challenges. (Slides PPT, PDF)

Markus Jakobsson, Zulfikar Ramzan, and Sid Stamm.  JavaScript Breaks Free. (Slides PPT, PDF)

10:10–10:45 Break
10:45–11:45 Session 2: Models

Michael Hart, Rob Johnson, and Amanda Stent.  More Content - Less Control: Access Control in the Web 2.0. (Slides ODP, PDF)

Sebastian Gajek, Mark Manulis, Ahmad-Reza Sadeghi and Jörg Schwenk. Browser Models for Usable Authentication Protocols. (Slides PDF)

Sachiko Yoshihama, Naohiko Uramoto, Satoshi Makino, Ai Ishida, Shinya Kawanaka, and Frederik De Keukelaere. Security Model for the Client-Side Web Application Environments. (Slides PDF)

11:45–1:00

Lunch and Keynote: Rob Franco (Microsoft)

A client in the cross-hairs: how one software company deals with the challenge of protecting its users on the web. (Slides PPT, PDF)

1:00–2:20 Session 3: Architectures

Benjamin Livshits and Úlfar Erlingsson.  Towards Security by Construction for Web 2.0 Applications. (Slides PPTX, PDF)

Michael Steiner and K. Vikram. Mashup Component Isolation via Server-Side Analysis and Instrumention. (Slides PPT, PDF)

Ben Adida.  The Browser as a Secure Platform for Loosley Coupled, Private-Data Mashups. (Slides PDF)

Stanislav Malyshev.  Securing PHP - Approaches to Web Application Security. (Slides PPT, PDF)

2:20–3:00 Break
3:00–4:00 Session 4: Trust & Deception

Richard Chow, Philippe Golle, and Jessica Staddon. Inference Detection Technology for Web 2.0. (Slides PPT, PDF)

Johannes Helander and Benjamin Zorn.  Medina: Combining Evidence to Build Trust. (Slides PPT, PDF)

Annarita Giani and Paul Thompson.  Detecting Deception in the Context of Web 2.0. (Slides PPT, PDF)

4:00–5:00 Discussion / Debate


Papers without presentations

Anoop Singhal. Web Services Security: Challenges and Techniques.

Andrew Cirillo, Radha Jagadeesan, Corin Pitcher, and James Riely. Formal Methods for Web 2.0 Security Protocols.

Naveen Agarwal, Scott Renfro, and Arturo Bejar.  Current Anti-Phishing Solutions and Yahoo's Sign-in Seal.

Carrie Gates.  Access Control Requirements for Web 2.0 Security and Privacy.

Francis Hsu.  Input Validation of Client-Server Web Applications Through Static Analysis.

Úlfar Erlingsson, Benjamin Livshits, and Yinglian Xie.  Mutation-Event Transforms: A Flexible Client-side Foundation for End-to-end Web 2.0 Security.