W2SP 2011: Web 2.0 Security and Privacy 2011Thursday, May 26
The Claremont Resort, Oakland, California
The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas. (For full submission details, see the call for papers.)
Registration: Online registration. Workshop registration will also be available on-site.
|9:15–10:15||Keynote: Protecting the Graph|
Facebook is under attack all the time from phishers, fraudsters, and spammers. They aim to steal user information and expose users to unwanted spam. The attackers have vast resources at their disposal. They are well-funded, with full-time skilled labor, control over compromised and infected accounts, and access to global botnets. Protecting our users is a challenging adversarial learning problem with extreme scale and load requirements. Over the past several years we have built and deployed a system to protect our users and the graph. The system performs realtime checks and classifications on every read and write action. As of March 2011, this is 25B checks per day, reaching 650K classifications per second. The system also generates signals for use as feedback in classifiers and other components. We believe this system has contributed to making Facebook the safest place on the Internet for people and their information. This talk will outline specific threats to the graph and describe the systems we have built and challenges we continue to face.
Speaker: Tao Stein is an Engineer at Facebook. For the past 3 years he has been building systems to protect users and the Graph. Prior to Facebook, Tao was a Researcher at Microsoft Research Asia in Beijing for several years where he built an experimental multicore OS and deployed a video distribution system on the Internet connecting Chinese colleges. Tao received a PhD from Harvard in computer systems.
|10:15–11:45||Session 1: Attacks (Session Chair: Shuo Chen)|
Alexander Neumann, Johannes Barnickel, Ulrike Meyer (RWTH Aachen University, RedTeam Pentesting)
Keaton Mowery, Dillon Bogenreif, Scott Yilek, Hovav Shacham (UC San Diego, University of St. Thomas)
|1:00–2:30||Session 2: Cross-Origin Interactions (Session Chair: Collin Jackson)|
Andrew Bortz, Adam Barth, Alexei Czeskis (Stanford, Google, U. Washington)
Dongseok Jang, Aishwarya Venkataraman, G. Michael Sawka, and Hovav Shacham (UC San Diego, Topix)
|2:30–2:45||W3C workshop recap: Identity in the browser (Thomas Roessler)|
|3:00–4:00||Session 3: Privacy (Session Chair: Larry Koved)||
Balachander Krishnamurthy, Konstantin Naryshkin, Craig Wills
(AT&T Research, Worcester Polytechnic Institute)
Antonio Tapiador, Diego Carrera, j. Salvachua
(Technical University of Madrid, Universidad Politecnica de
|4:15–5:30||Session 4: Mobile (Session Chair: Dirk Balfanz)|