Web 2.0 Security & Privacy 2012

Thursday, May 24
The Westin St. Francis Hotel, San Francisco

The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations in these areas.

More information regarding workshops co-located with the 2012 IEEE Symposium on Security and Privacy can be found on the conference website.

Previous W2SP Workshops:  2011, 2010, 2009, 2008, 2007


7:30–8:30 Continental Breakfast
9:00–9:10 Opening Remarks
9:10–10:00 Session 1: Authentication (Session Chair: Arvind Narayanan)

Joseph Bonneau and Rubin Xu (University of Cambridge)

Harry Halpin (W3C)

10:00–10:30 Break
10:30–12:00 Session 2: Mobile Web (Joint with MoST) (Session Chair: Larry Koved)

Michael Hackett and Kirstie Hawkey (Dalhousie University)

Kapil Singh (IBM T.J. Watson Research Center)

Jenna Kallaher, Amal Krishnan, Paul Makowski, Eric Yawei Chen, and Collin Jackson (Carnegie Mellon University)

Markus Jakobsson (PayPal Inc)

    The Case for Replacing Passwords with Biometrics (Short Paper)

12:00–1:00 Lunch
1:00–2:00 Keynote: Do Not Track: The Future of Web Privacy

Concerns over Web privacy increasingly draw media coverage and regulatory interest -- trends that will only increase as we share more sensitive information online. One notable example is that of Web tracking: collection of information on a user's browsing activity by the numerous parties that use it for personalization, ad targeting or other purposes. This widespread practice has inspired calls from advocates, browser vendors and regulators for a simple Do Not Track mechanism. The World Wide Web Consortium's Tracking Protection Working Group has been chartered to improve user privacy by defining mechanisms for expressing user preferences around this kind of prevalent Web tracking. For the past nine months, the group has sought to standardize both the technology (e.g., the bits on the wire) and the meaning (i.e. how to comply with the user's preference) of Do Not Track. Currently dozens of engineers, lawyers and academics are working to define an international standard that will represent the consensus of advocates, regulators and industry towards such a consumer choice mechanism. This talk will give an update on the status of the W3C Working Group's process, the proposed technical architecture and the surrounding political context. The work on Do Not Track exemplifies larger trends in the handling of Web privacy issues: signaling policy through technology and using multistakeholder processes to develop privacy codes of conduct for the Web. What lessons can we learn from this privacy debate to apply to the next Web privacy issue?

Speaker: Nick Doty works for the World Wide Web Consortium (W3C) managing the Tracking Protection Working Group and Privacy Interest Group. Nick is a PhD student at the University of California at Berkeley School of Information, working with lawyers, technologists and social-scientists on Internet privacy research. In particular, his focus is on privacy-by-design: how engineers and the technical design process affect privacy outcomes.

2:00–3:00 Session 3: Privacy and Anonymity (Session Chair: Kapil Singh)

Keaton Mowery and Hovav Shacham (UC San Diego)

Rebecca Balebako, Pedro Leon, Richard Shay, Blase Ur, and Lorrie Faith Cranor (Carnegie Mellon University)

3:00–3:30 Break
3:30–5:00 Session 4: Integrity and Information Control (Session Chair: Charlie Reis)

Emin Topalovic and Brennan Saeta (Stanford University), Lin-Shung Huang and Collin Jackson (Carnegie Mellon University), and Dan Boneh (Stanford University)

Sebastian Lekies and Martin Johns (SAP Research Karlsruhe)

Eric Yawei Chen, Sergey Gorbaty, Astha Singhal, and Collin Jackson (Carnegie Mellon University)