W2SP 2008: Web 2.0 Security and Privacy 2008

Thursday, May 22
The Claremont Resort, Oakland, California
Sponsored by the 2008 IEEE Symposium on Security and Privacy

The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas. (For full submission details, see the call for position papers.)

Keynote Speaker: Niels Provos (Google), All Your iFrames Are Point to Us.

Previous W2SP Workshops: 2007

Workshop Co-Chairs: W2SP2008@ieee-security.org

Larry Koved, IBM T. J. Watson Research Center
Dan S. Wallach, Rice University

Registration: Workshop registration will only be available via the 2008 IEEE Symposium on Security and Privacy conference web site.


Presentations (order and times subject to change)

(Papers have been posted below. Presentations will be posted after the workshop is over.)

7:30–8:45 Continental breakfast
8:45–9:00 Opening remarks
9:00–10:00 Session 1: Authentication and Authorization

Daniel Sandler and Dan S. Wallach. <input type="password"> must die! (slides)

Ben Adida. Web Authentication by Email Address (slides)


10:00–10:30 Break
10:30–12:15 Session 2: Browser Security Models and Isolation

Collin Jackson and Adam Barth. Beware of Finer-Grained Origins (slides)

Kapil Singh and Wenke Lee. On the Design of a Web Browser: Lessons learned from Operating Systems (slides)

Mike Ter Louw, Prithvi Bisht and V.N. Venkatakrishnan. Analysis of Hypertext Markup Isolation Techniques for XSS Prevention (slides)



Lunch and Keynote: Niels Provos (Google), All Your iFrames Are Point to Us

1:30–2:30 Session 3: Social Computing Privacy Issues

Adrienne Felt and David Evans. Privacy Protection for Social Networking Platforms (slides)

Monica Chew, Dirk Balfanz, and Ben Laurie. (Under)mining Privacy in Social Networks


2:30–3:00 Break
3:00–4:30 Session 4: Mashups and Privacy

D. K. Smetters. Building Secure Mashups (slides)

Tyler Close. Web-key: Mashing with Permission (slides)

Mihai Christodorescu. Private Use of Untrusted Web Servers via Opportunistic Encryption (slides)


4:30–6:00 Discussion / Debate

Papers without presentations

Nishith Khantal, Johannes Helander, Benjamin G. Zorn and Oscar Almeida. Evidence-Based Access Control for Ubiquitous Web Services

Zulfikar Ramzan. JavaScript Breaks Free Redux (waiting for the author to submit the final paper)

Markus Jakobsson, Ari Juels and Jacob Ratkiewicz. Privacy Preserving History Mining for Web Browsers

Paula Austel, Sumeer Bhola, Suresh Chari, Larry Koved, Michael McIntosh, Michael Steiner, Samuel Weber. Secure Delegation for Web 2.0 and Mashups

Michael Maximilien, Tyrone Grandison. Towards Privacy Propagation in the Social Web