Open Research Topics

During our discussion / debate, we came up with an impressive list of, perhaps half-baked, open problems for future research.  Here they are, in no particular order:

Secure function evaluation (Rob)
- Analogous to mashups
How to authn/z 4 MU
Trust/reputation of MU
Offline apps
Future technologies
- Attack surfaces
- Silverlite
- Javascript – threat/menace
Users making policy decisions
Mobile & consumer device w2.0
Grand challenges
Enterprise 2.0
Phishing & Pharming
Security solutions
S&P policy compositions
- Sticky policies
Assurance & formal verification
Data caching???
Deletion of data? / unregistering from sites
- Data minimization
Data provenance
What does it mean to give up???
- Anarchy?
Anti-mashups (anti-framing, anti-inlining, …)
Deception & related usability issues
C00k13s 2.0
- Proxies, cookies, …
Identity & trust
- “real world” to “web” identities
- Identity theft
Reputation systems
Accountability 2.0
Privacy 2.0
Search engines – threat/menace
Best practices
Safe / secure programming models
MU risk evaluation
Exploits / war stories – menace
Evolution -- Services, web
Browser extension?
Usability of w2.0 mechanisms
security standards for W2.0 APIs
- REST, ATOM, ….
Financial mashups
- Buying on the web (including Cell phone)
Heavy weight solutions for security
- E.g., Multi-core, virtualization
Security applicances
TPM / NGSCB / Palladium / etc.
Anonymity mechanisms?
“hosted” web operating system (browser == OS?)
Hosted applications (docs, spreadsheet, …)