Workshop Program

W2SP 2009: Web 2.0 Security and Privacy 2009

Thursday, May 21
The Claremont Resort, Oakland, California

The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas. (For full submission details, see the call for papers.)

Previous W2SP Workshops: 2008, 2007

Registration: Workshop registration will only be available via the 2009 IEEE Symposium on Security and Privacy conference web site.


7:30–8:45 Continental Breakfast
8:45–9:00 Opening Remarks
9:00–9:45 Invited Talk

Brendan Eich
Improving JavaScript's Default Security Model Without Breaking the Web (Slides)

9:45–10:15 Break
10:15–11:45 Session 1 (Session Chair: Helen Wang)

Chris Grier, Samuel T. King, and Dan S. Wallach
How I Learned to Stop Worrying and Love Plugins (Slides)

Adam Langley
Opportunistic Encryption Everywhere

Adam Barth, Collin Jackson, and William Li
Attacks on JavaScript Mashup Communication (Slides)

11:45–1:00 Lunch and Keynote: Douglas Crockford (Yahoo!)

A Web of Confusion (Slides)
The browser is generally regarded as an incompetent blunder, crafted with horrendous security vulnerabilities which, 14 years on, still have not been repaired. Yet, despite the browser's deservedly lousy reputation, when it come to security, it is significantly better than everything else. By understanding what the browser got right that everyone else continues to get wrong, we can see where the web needs to go to ultimately become a dependable platform.

1:00–2:30 Session 2 (Session Chair: Adrienne Felt)

Julien Freudiger, Nevena Vratonjic, and Jean-Pierre Hubaux
Towards Privacy-Friendly Online Advertising (Slides)

Justin Becker and Hao Chen
Measuring Privacy Risk in Online Social Networks (Slides)

Blase Ur and Vinod Ganapathy
Evaluating Attack Amplification in Online Social Networks (Slides)

2:30–3:00 Break
3:00–4:00 Session 3 (Session Chair: Adam Barth)

Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos
Code Injection Attacks in Browsers Supporting Policies (Slides)

Sergio Maffeis, John C. Mitchell, and Ankur Taly
Run-Time Enforcement of Secure JavaScript Subsets (Slides)

4:00–4:30 Break
4:30–6:00 Position Papers / Debate (Session Chair: Larry Koved)

John Engler, Chris Karlof, Elaine Shi, and Dawn Song
Is it too late for PAKE? (Slides)

E. Michael Maximilien, Tyrone Grandison, Tony Sun, Dwayne Richardson, Sherry Guo, and Kun Liu (Slides)
Privacy-as-a-Service: Models, Algorithms, and Results on the Facebook Platform

Dan Forsberg
RESTful Security (Slides)

Kapil Sachdeva, H. Karen Lu, and Ksheerabdhi Krishna
Browser-Based Approach to Smart Card Connectivity (Slides)

Suresh Chari, Larry Koved, and Mary Ellen Zurko
Using Recommenders for Discretionary Access Control (Slides)