Jefferson’s Wheel

Yuchen Zhou will present a paper [PDF] on HTTP-only cookies and why it is so hard to deploy security technologies at Web 2.0 Security and Privacy (attached to the Oakland conference) on May 20.

HTTP-only cookies were introduced eight years ago as a simple way to prevent cookie-stealing through cross-site scripting attacks. Adopting HTTP-only cookies seems to be an easy task with no significant costs or drawbacks, but many major websites still do not use HTTP-only cookies. This paper reports on a survey of HTTP-only cookie use in popular websites, and considers reasons why HTTP-only cookies are not yet more widely deployed.

The list of papers accepted to the 31st IEEE Symposium on Security and Privacy is now posted:
http://oakland10.cs.virginia.edu/papers.html.

The PC accepted 26 research papers (from 237 submissions) and 5 Systematization of Knowledge papers (from 30 submissions).

Hope to see everyone at the conference in Berkeley this May!

Oakland 2010 submissions closed last week. We received 269 total submissions (of which 30 were Systematization of Knowledge papers). The program should be available by early February, for the conference that will be held May 16-19, 2010 at the Claremont Resort in Berkeley, CA.

The Call for Papers for the 2010 IEEE Symposium on Security and Privacy is now available: oakland10.cs.virginia.edu/cfp.html.

The first three deadlines are:

Workshop proposals due: Friday, 21 August 2009
Research papers due: Wednesday, 18 November 2009
Systematization of Knowledge papers due: Tuesday, 24 November

I found two of our former undergraduate researchers at a seminar at Dagstuhl (Germany) on Web Application Security.

Photo by Anh Nguyen-Tuong

Salvatore Guarnieri (UVa BS 2006, left in the picture) is now a PhD student at the University of Washington. He presented his work on (mostly) statically analyzing JavaScript that he did as an intern at MSR.

William G. J. Halfond (UVa BS 2002, right in the picture) is finishing a PhD at Georgia Tech this year. He presented his work on automatically generating inputs for web application penetration testing.

John Wilander has been blogging the workshop: Dagstuhl Seminar Final (or, if you can’t read Swedish try Google’s translation).

The list of papers accepted to the 2009 IEEE Symposium on Security and Privacy (Oakland Conference) is now posted here:
http://oakland09.cs.virginia.edu/papers.html.

Twenty-six papers were accepted (from over 250 submissions).

The symposium will be held 17-20 May 2009 at the Claremont Resort in Oakland, CA. Hope to see you there!

I’m organizing a workshop next week on the “Science of Security”, co-sponsored by the National Science Foundation, IARPA, and the National Security Agency.

The goal of the workshop is to gather a group of about 40 leading scientists and researchers in a diverse range of areas to identify scientific questions regarding computer security, and to stimulate new work toward defining and answering those questions.

For more information, see the workshop website: http://sos.cs.virginia.edu.

The Call for Papers for the 30^th IEEE Symposium on Security and Privacy, May 17-20 2009 is now available: http://oakland09.cs.virginia.edu/cfp.html (PDF for printing: http://oakland09.cs.virginia.edu/cfp.pdf.

Submissions of research papers, workshop proposals, and tutorial proposals are due Monday, 10 November 2008. Please consider submitting a paper and attending the conference!