welcome & introductory remarks - ieee 2014 web 2.0 security & privacy workshop
DESCRIPTION
The IEEE 2014 Web 2.0 Security & Privacy Workshop is a one-day workshop that brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers, cloud, mobile and their eco-system.TRANSCRIPT
The 2014 IEEE Workshop on Web 2.0 Security and
PrivacyMay 18th, 2014
• Statistics• Post-Workshop Impact
• Best Paper Announcement• KeyNote Introduction
Workshop Statistics
AuthorsBelgium
5% China4%
Germany8%India4%Ireland
1%
Israel9%
Mexico1%
Pakistan2%
Saudi Arabia1%
Singapore4%
United Kingdom
3%
United States58%
SubmissionsAustria
3%Belgium
3%China
3%
Germany9%
India6%
Ireland3%
Israel6%
Mexico3%
Pakistan3%
Saudi Arabia3%
Singapore3%
United Kingdom3%
United States53%
Program CommitteeBrazil
3%Germany
6%India3%
Italy8%
Jamaica6%
Morocco3%
Poland3%
Russian Federation
3%United
Kingdom3%
United States64%
Program Committee
Female34%
Male66%
Accepted Papers
Germany20%
Israel10%
Singapore10%
United States60%
General Statistics
Accepted29%
Rejected71%
Impact
Post-WorkshopPublication Venues
IEEE Internet Computing
18%
IEEE Software12%
IEEE IT Profes-sional26%
No Venue44%
Best Paper
I Know Where You’ve Been: Geo-Inference Attacks via the Browser Cache
Many websites customize their services according to different geo-locations of users, to provide more relevant content and better responsiveness, including Google, Craigslist, etc. Recently, mobile devices further allow web applications to directly read users’ geo-location information from GPS sensors. However, if such websites leave location-sensitive content in the browser cache, other sites can sniff users’ geo-locations by utilizing timing side-channels. In this paper, we demonstrate that such geo-location leakage channels are widely open in popular web applications today, including 62% of Alexa Top 100 websites. With geo-inference attacks that measure the timing of browser cache queries, we can locate users’ countries, cities and neighborhoods in our case studies. We also discuss whether existing defenses can effectively prevent such attacks and additional support required for a better defense deployment.
Yaoqi Jia, Xinshu Dong, Zhenkai Liang, Prateek Saxena.
KeynoteMichelle Finneran Dennedy
Vice President & Chief Privacy Officer, McAfee
Michelle currently serves as Chief Privacy Officer to McAfee, an Intel Company. She is responsible to creating a privacy practice that is focused on quality and excellence in McAfee’s policies, products, procedures and governance efforts. Her team is a staunch supporter of McAfee’s outreach efforts to educate and protect children, families and communities in the Digital Age. Before coming to McAfee, Michelle founded The iDennedy Project, a consulting and advisory company specializing in privacy and security sensitive organizations. Michelle is also a founder and editor in chief of a new media site—TheIdentityProject.com—that was started as an advocacy and education site, currently focused on the growing crime of Child ID theft. Michelle was the Vice President for Security & Privacy Solutions for the Oracle Corporation. Her team worked closely with customers to enable them to proceed with the confidence that information is protected and accelerated as an asset. Before the Oracle acquisition of Sun, Michelle was Chief Data Governance Officer within the Cloud Computing division at Sun Microsystems, Inc. Michelle worked closely with Sun's business, technical and legal teams to create to the best data governance policies and processes possible for cloud computing to build trust for cloud environments through vendor transparency. Michelle also served as Sun’s Chief Privacy Officer where she was responsible for the development and implementation of Sun's data privacy policies and practices, working across Sun's business groups to drive the company's continued data privacy excellence.
Michelle has a JD from Fordham University School of Law and a BS degree with university honors from The Ohio State University. In 2009, she was awarded the Goodwin Procter-IAPP Vanguard award for lifetime achievement and the EWF – CSO Magazine Woman of Influence award for work in the privacy and security fields. In 2012, she was honored by the National Diversity Council as one of California’s Most Powerful and Influential Women. Michelle is a Coauthor, The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value, 2014, Apress Media."