Open Research Topics
During our discussion / debate, we came up with an impressive list of, perhaps half-baked, open problems for future research. Here they are, in no particular order:•Secure function evaluation (Rob)
–- Analogous to mashups
•How to authn/z 4 MU
•Trust/reputation of MU
•Offline apps
•Future technologies
–- Attack surfaces
–- Silverlite
•Browser++
–- Javascript – threat/menace
•Users making policy decisions
•Mobile & consumer device w2.0
•Grand challenges
•Enterprise 2.0
•Phishing & Pharming
•Security solutions
•Benchmarking
•S&P policy compositions
–- Sticky policies
•Assurance & formal verification
•Data caching???
•Deletion of data? / unregistering from sites
–- Data minimization
•Data provenance
•What does it mean to give up???
–- Anarchy?
•Anti-mashups (anti-framing, anti-inlining, …)
•Deception & related usability issues
•C00k13s 2.0
•HTTP++
–- Proxies, cookies, …
•Identity & trust
–- “real world” to “web” identities
–- Identity theft
•Reputation systems
•Accountability 2.0
•Privacy 2.0
•Search engines – threat/menace
•Best practices
•Safe / secure programming models
•MU risk evaluation
•Exploits / war stories – menace
•Evolution -- Services, web
•Browser extension?
•Usability of w2.0 mechanisms
•security standards for W2.0 APIs
–- REST, ATOM, ….
•Financial mashups
–- Buying on the web (including Cell phone)
•Heavy weight solutions for security
–- E.g., Multi-core, virtualization
•Security applicances
•TPM / NGSCB / Palladium / etc.
•Anonymity mechanisms?
•“hosted” web operating system (browser == OS?)
•Hosted applications (docs, spreadsheet, …)