W2SP 2009: Web 2.0 Security & Privacy 2009

Workshop Program

W2SP 2009: Web 2.0 Security and Privacy 2009

Thursday, May 21
The Claremont Resort, Oakland, California

The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas. (For full submission details, see the call for papers.)

Previous W2SP Workshops: 2008, 2007

Registration: Workshop registration will only be available via the 2009 IEEE Symposium on Security and Privacy conference web site.

Schedule

7:30–8:45	Continental Breakfast
8:45–9:00	Opening Remarks
9:00–9:45	Invited Talk
	Brendan Eich Improving JavaScript's Default Security Model Without Breaking the Web (Slides)
9:45–10:15	Break
10:15–11:45	Session 1 (Session Chair: Helen Wang)
	Chris Grier, Samuel T. King, and Dan S. Wallach How I Learned to Stop Worrying and Love Plugins (Slides) Adam Langley Opportunistic Encryption Everywhere Adam Barth, Collin Jackson, and William Li Attacks on JavaScript Mashup Communication (Slides)
11:45–1:00	Lunch and Keynote: Douglas Crockford (Yahoo!)
	A Web of Confusion (Slides) The browser is generally regarded as an incompetent blunder, crafted with horrendous security vulnerabilities which, 14 years on, still have not been repaired. Yet, despite the browser's deservedly lousy reputation, when it come to security, it is significantly better than everything else. By understanding what the browser got right that everyone else continues to get wrong, we can see where the web needs to go to ultimately become a dependable platform.
1:00–2:30	Session 2 (Session Chair: Adrienne Felt)
	Julien Freudiger, Nevena Vratonjic, and Jean-Pierre Hubaux Towards Privacy-Friendly Online Advertising (Slides) Justin Becker and Hao Chen Measuring Privacy Risk in Online Social Networks (Slides) Blase Ur and Vinod Ganapathy Evaluating Attack Amplification in Online Social Networks (Slides)
2:30–3:00	Break
3:00–4:00	Session 3 (Session Chair: Adam Barth)
	Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos Code Injection Attacks in Browsers Supporting Policies (Slides) Sergio Maffeis, John C. Mitchell, and Ankur Taly Run-Time Enforcement of Secure JavaScript Subsets (Slides)
4:00–4:30	Break
4:30–6:00	Position Papers / Debate (Session Chair: Larry Koved)
	John Engler, Chris Karlof, Elaine Shi, and Dawn Song Is it too late for PAKE? (Slides) E. Michael Maximilien, Tyrone Grandison, Tony Sun, Dwayne Richardson, Sherry Guo, and Kun Liu (Slides) Privacy-as-a-Service: Models, Algorithms, and Results on the Facebook Platform Dan Forsberg RESTful Security (Slides) Kapil Sachdeva, H. Karen Lu, and Ksheerabdhi Krishna Browser-Based Approach to Smart Card Connectivity (Slides) Suresh Chari, Larry Koved, and Mary Ellen Zurko Using Recommenders for Discretionary Access Control (Slides)