Workshop Program

W2SP 2010: Web 2.0 Security and Privacy 2010

Thursday, May 20
The Claremont Resort, Oakland, California

The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas. (For full submission details, see the call for papers.)

Previous W2SP Workshops: 2009, 2008, 2007

Registration: Workshop registration is available on-site. Although the main conference is sold out, W2SP still has space available.


8:00–8:45 Continental Breakfast
8:45–9:00 Opening Remarks
9:00–9:45 Keynote

Jeremiah Grossman, founder and CTO, WhiteHat Security, is a world-renowned Web security expert. A co-founder of the Web Application Security Consortium (WASC), he was named to InfoWorld's Top 25 CTOs in 2007 and is frequently quoted by business and technical media. He has authored dozens of articles and whitepapers, is credited with the discovery of many cutting-edge attack and defensive techniques, and is a co-author of "XSS Attacks: Cross Site Scripting Exploits and Defense." Grossman is also an influential blogger who offers insight and encourages open dialogue regarding Web security research and trends. Prior to WhiteHat, Grossman was an information security officer at Yahoo!

9:45–10:15 Break
10:15–11:45 Session 1: Privacy (Session Chair: Ben Adida)

Ioannis Papagiannis, Matteo Migliavacca, David Eyers, Briand Shand, Jean Bacon, and Peter Pietzuch
Enforcing User Privacy in Web Applications using Erlang (slides)

Brendan Meeder, Jennifer Tam, Patrick Gage Kelley, and Lorrie Faith Cranor
RT @IWantPrivacy: Widespread Violation of Privacy Settings in the Twitter Social Network

Artur Janc and Lukasz Olejnik
Feasibility and Real-World Implications of Web Browser History Detection (slides)

11:45–1:00 Lunch and Invited Talk

Kurt Opsahl (Electronic Frontier Foundation)
Social Networking Privacy Issues (slides)

1:00–1:45 Session 2: Mobile Web (Session Chair: Charlie Reis)

Jon Howell and Stuart Schechter
What You See is What They Get: Protecting users from unwanted use of microphones, cameras, and other sensors (slides)

Ben Livshits and David Molnar
Position paper: Empowering Browser Security for Mobile Devices Using Smart CDNs (slides)

1:45–2:00 Break
2:00–2:45 Session 3: Measuring Security (Session Chair: Adam Barth)

Elias Athanasopoulos, Antonis Krithinakis, and Evangelos P. Markatos
Hunting Cross-Site Scripting Attacks in the Network (slides)

Mustafa Acer and Collin Jackson
Position paper: Critical Vulnerability in Browser Security Metrics (slides)

2:45–3:15 Break
3:15–4:30 Session 4: Usage of Existing Browser APIs (Session Chair: Helen Wang)

Gustav Rydstedt, Elie Burzstein, Dan Boneh, and Collin Jackson
Busting Framebusting: a Study of Clickjacking Vulnerabilities at Popular Sites (slides)

Steve Hanna, Richard Shin, Devdatta Akhawe, Prateek Saxena, Arman Boehm, and Dawn Song
The Emperor’s New APIs: On the (In)Secure Usage of New Client Side Primitives (slides)

Yuchen Zhou and David Evans
Position paper: Why Aren’t HTTP-only Cookies More Widely Deployed? (slides)

4:30–4:45 Break
4:45–5:30 Session 5: Next Generation Browser APIs (Session Chair: Thomas Roessler)

Terri Oda and Anil Somayaji
Position paper: No Web Site Left Behind: Are We Making Web Security Only for the Elite? (slides)

Jeff Hodges and Andy Steingruebl
Position paper: The Need for Coherent Web Security Policy Framework(s) (slides)

Leo A. Meyerovich, David Zhu, and Benjamin Livshits
Position paper: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources (slides)

5:30–6:00 Discussion