LZI - Schloss Dagstuhl - Talks + Materials of Seminar 12401
 Functions: 

Seminar 12401
Web Application Security

Lieven Desmet (K.U. Leuven, BE), Martin Johns (SAP Research CEC - Karlsruhe, DE), Benjamin Livshits (Microsoft Research - Redmond, US), Andrei Sabelfeld (Chalmers UT - Göteborg, SE)

Caveat: Due to caching problems of dynamic webpages, sometimes newly
uploaded files are not shown. Please reload the page accordingly.

 

Seminar Wide Materials
 
 Group Photo
Other: jpg

 Slides to summarize information flow breakout session
Slides: pdf

 


Marco Balduzzi , TREND MICRO Italy S.r.l. - Sesto San Giovanni
 

Nataliia Bielova , INRIA Bretagne Atlantique - Rennes
 Quantified Browser Fingerprints: Or how quantified interference represents the knowledge of the web tracker
Abstracts: txt

 

Arnar Birgisson , Chalmers UT - Göteborg
 

Egon Boerger , University of Pisa
 

Bastian Braun , Universität Passau
 Control-Flow Integrity in Web Applications
Abstracts: txt

 

Juan Chen , Microsoft Research - Redmond
 

Ravi Chugh , University of California - San Diego
 Dependent Types for JavaScript
Abstracts: txt Slides: pdf

 

Jorge Cuellar , Siemens - München
 Contribute your Location Privacy Solution
Abstracts: txt Slides: ppt

 

Valentin Dallmeier , Universität des Saarlandes
 

Philippe De Ryck , KU Leuven
 

Lieven Desmet , KU Leuven
 JSand:server-driven sandboxing of third-party JavaScript
Abstracts: txt

 

Akhawe Devdatta , University of California - Berkeley
 Privilege Separation for HTML5 Applications
Abstracts: txt

 

Daniele Filaretti , Imperial College London
 Towards Certified Verification for Web Programming
Abstracts: txt Slides: pdf

 

Cormac Flanagan , University of California - Santa Cruz
 Multiple Facets for Dynamic Information Flow
Abstracts: txt

 

Cedric Fournet , Microsoft Research UK - Cambridge
 

Michael Franz , University of California - Irvine
 Software Immunity via Large-Scale Diversification
Abstracts: txt

 

Dieter Gollmann , TU Hamburg-Harburg
 

Arjun Guha , Cornell University
 First Class Field Names
Abstracts: txt Slides: pdf

 

Daniel Hedin , Chalmers UT - Göteborg
 

Mario Heiderich , Ruhr-Universität Bochum
 Creating the HTML5Purifier - on top of the HTMLPurifier
Abstracts: txt Slides: pdf

 Scriptless Attacks – Stealing the Pie Without Touching the Sill
Abstracts: txt Slides: pdf

 JSAgents – Policy-Definition & Enforcing for DOM Elements
Abstracts: txt Slides: pdf

 

Boris Hemkemeier , Commerzbank AG - Frankfurt
 

Michael Hicks , University of Maryland
 Toward decentralized collaborative webapps via knowledge-based security
Abstracts: txt Slides: pptx

 

Thorsten Holz , Ruhr-Universität Bochum
 Browser Security: IceShield and JSAgents
Abstracts: txt Slides: pdf

 

Thomas Jensen , INRIA Bretagne Atlantique - Rennes
 Certified analysis of JavaScript (5min talk)
Slides: pdf

 

Ranjit Jhala , University of California - San Diego
 

Martin Johns , SAP Research - Karlsruhe
 Web Security - Are we there yet?
Abstracts: txt

 

Shriram Krishnamurthi , Brown University
 Browser Extension Analysis and Other JavaScript Adventures
Abstracts: txt

 

Benjamin Livshits , Microsoft Research - Redmond
 

Sergio Maffeis , Imperial College London
 Discovering Concrete Attacks on Website Authorization by Formal Analysis (20 minutes talk)
Abstracts: txt Slides: pdf

 

Fabio Massacci , University of Trento - Povo
 my software has a vulnerability should i worry?
Abstracts: txt

 Changed Talk! Anatomy of Exploit Kits - What bad guys do with a browser fingerprint
Abstracts: txt

 

John C. Mitchell , Stanford University
 Science of Web Security and Third-Party Tracking
Other: pptx

 

Nick Nikiforakis , KU Leuven
 You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions
Abstracts: txt

 

Martin Ochoa , Siemens - München
 Automatic Quantification of CPU Cache Side-channels
Abstracts: txt

 

Frank Piessens , KU Leuven
 FlowFox: an experiment on bringing information flow control to the browser
Abstracts: txt

 

Joe Gibbs Politz , Brown University
 A Tested Semantics for Getters, Setters, and Eval in JavaScript
Abstracts: txt Slides: pptx

 Progressive Types
Abstracts: txt Slides: pptx

 

Joachim Posegga , Universität Passau
 Client Side Security: Plan B?
Slides: pdf

 

Tamara Rezk , INRIA Sophia Antipolis - Méditerranée
 

Eric Rothstein , Universität Passau
 

Andrei Sabelfeld , Chalmers UT - Göteborg
 GlassTube: A Lightweight Approach to Web Application Integrity
Abstracts: txt Slides: pdf

 

Sebastian Schinzel , Universität Erlangen-Nürnberg
 Side Channels on the Web
Slides: ppt

 

Juraj Somorovsky , Ruhr-Universität Bochum
 On Breaking SAML: Be Whoever You Want To Be
Abstracts: txt

 How To Break XML Encryption
Abstracts: txt

 

Nikhil Swamy , Microsoft Research - Redmond
 Verifying JavaScript programs with the Dijkstra State Monad
Abstracts: txt

 Fully Abstract Compilation to JavaScript
Abstracts: txt

 

Steven Van Acker , KU Leuven
 behind FlashOver: Automated Discovery of Cross-site Scripting Vulnerabilities in Rich Internet Applications
Abstracts: txt Slides: pdf

 



License

Creative Commons License
This webpage and the material that is made available on this webpage is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License.

The CC by-nc-nd license allows you to copy, distribute and transmit the work under the following conditions: