The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas. (For details, see the call for position papers.)
Presentations / Schedule
|9:10–10:10||Session 1: Broad Issues & Opinions|
Sumeer Bhola, Suresh Chari, and Michael Steiner. Security for Web 2.0 Application Scenarios: Exposures, Issues, and Challenges. (Slides PPT, PDF)
|10:45–11:45||Session 2: Models|
Michael Hart, Rob Johnson, and Amanda Stent. More Content - Less Control: Access Control in the Web 2.0. (Slides ODP, PDF)
Sebastian Gajek, Mark Manulis, Ahmad-Reza Sadeghi and Jörg Schwenk. Browser Models for Usable Authentication Protocols. (Slides PDF)
Sachiko Yoshihama, Naohiko Uramoto, Satoshi Makino, Ai Ishida, Shinya Kawanaka, and Frederik De Keukelaere. Security Model for the Client-Side Web Application Environments. (Slides PDF)
Lunch and Keynote: Rob Franco (Microsoft)
|1:00–2:20||Session 3: Architectures|
Benjamin Livshits and Úlfar Erlingsson. Towards Security by Construction for Web 2.0 Applications. (Slides PPTX, PDF)
Michael Steiner and K. Vikram. Mashup Component Isolation via Server-Side Analysis and Instrumention. (Slides PPT, PDF)
Ben Adida. The Browser as a Secure Platform for Loosley Coupled, Private-Data Mashups. (Slides PDF)
Stanislav Malyshev. Securing PHP - Approaches to Web Application Security. (Slides PPT, PDF)
|3:00–4:00||Session 4: Trust & Deception|
|4:00–5:00||Discussion / Debate|
Papers without presentations
Anoop Singhal. Web Services Security: Challenges and Techniques.
Andrew Cirillo, Radha Jagadeesan, Corin Pitcher, and James Riely. Formal Methods for Web 2.0 Security Protocols.
Naveen Agarwal, Scott Renfro, and Arturo Bejar. Current Anti-Phishing Solutions and Yahoo's Sign-in Seal.
Úlfar Erlingsson, Benjamin Livshits, and Yinglian Xie. Mutation-Event Transforms: A Flexible Client-side Foundation for End-to-end Web 2.0 Security.