W2SP 2008: Web 2.0 Security and Privacy 2008
Thursday, May 22The Claremont Resort, Oakland, California
Sponsored by the 2008 IEEE Symposium on Security and Privacy
The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas. (For full submission details, see the call for position papers.)
Keynote Speaker: Niels Provos (Google), All Your iFrames Are Point to Us.
Previous W2SP Workshops: 2007
Workshop Co-Chairs: W2SP2008@ieee-security.org
Larry Koved, IBM T. J. Watson Research Center
Dan S. Wallach, Rice University
Registration: Workshop registration will only be available via the 2008 IEEE Symposium on Security and Privacy conference web site.
Program
Presentations (order and times subject to change)
(Papers have been posted below. Presentations will be posted after the workshop is over.)
| 7:30–8:45 | Continental breakfast |
|---|---|
| 8:45–9:00 | Opening remarks |
| 9:00–10:00 | Session 1: Authentication and Authorization |
|
Daniel Sandler and Dan S. Wallach. <input type="password"> must die! (slides) Ben Adida. Web Authentication by Email Address (slides) Discussion |
|
| 10:00–10:30 | Break |
| 10:30–12:15 | Session 2: Browser Security Models and Isolation |
|
Collin Jackson and Adam Barth. Beware of Finer-Grained Origins (slides) Kapil Singh and Wenke Lee. On the Design of a Web Browser: Lessons learned from Operating Systems (slides) Mike Ter Louw, Prithvi Bisht and V.N. Venkatakrishnan. Analysis of Hypertext Markup Isolation Techniques for XSS Prevention (slides) Discussion |
|
| 12:15–1:30 |
Lunch and Keynote: Niels Provos (Google), All Your iFrames Are Point to Us
|
| 1:30–2:30 | Session 3: Social Computing Privacy Issues |
|
Adrienne Felt and David Evans. Privacy Protection for Social Networking Platforms (slides) Monica Chew, Dirk Balfanz, and Ben Laurie. (Under)mining Privacy in Social Networks Discussion |
|
| 2:30–3:00 | Break |
| 3:00–4:30 | Session 4: Mashups and Privacy |
|
D. K. Smetters. Building Secure Mashups (slides) Tyler Close. Web-key: Mashing with Permission (slides) Mihai Christodorescu. Private Use of Untrusted Web Servers via Opportunistic Encryption (slides) Discussion |
|
| 4:30–6:00 | Discussion / Debate |
Papers without presentations
Nishith Khantal, Johannes Helander, Benjamin G. Zorn and Oscar Almeida. Evidence-Based Access Control for Ubiquitous Web Services
Zulfikar Ramzan. JavaScript Breaks Free Redux (waiting for the author to submit the final paper)
Markus Jakobsson, Ari Juels and Jacob Ratkiewicz. Privacy Preserving History Mining for Web Browsers
Paula Austel, Sumeer Bhola, Suresh Chari, Larry Koved, Michael McIntosh, Michael Steiner, Samuel Weber. Secure Delegation for Web 2.0 and Mashups
Michael Maximilien, Tyrone Grandison. Towards Privacy Propagation in the Social Web