LZI - Schloss Dagstuhl - Talks + Materials of Seminar 12401

Seminar 12401
Web Application Security

Lieven Desmet (K.U. Leuven, BE), Martin Johns (SAP Research CEC - Karlsruhe, DE), Benjamin Livshits (Microsoft Research - Redmond, US), Andrei Sabelfeld (Chalmers UT - Göteborg, SE)

Caveat: Due to caching problems of dynamic webpages, sometimes newly
uploaded files are not shown. Please reload the page accordingly.


Seminar Wide Materials
 Group Photo
Other: jpg

 Slides to summarize information flow breakout session
Slides: pdf


Marco Balduzzi , TREND MICRO Italy S.r.l. - Sesto San Giovanni

Nataliia Bielova , INRIA Bretagne Atlantique - Rennes
 Quantified Browser Fingerprints: Or how quantified interference represents the knowledge of the web tracker
Abstracts: txt


Arnar Birgisson , Chalmers UT - Göteborg

Egon Boerger , University of Pisa

Bastian Braun , Universität Passau
 Control-Flow Integrity in Web Applications
Abstracts: txt


Juan Chen , Microsoft Research - Redmond

Ravi Chugh , University of California - San Diego
 Dependent Types for JavaScript
Abstracts: txt Slides: pdf


Jorge Cuellar , Siemens - München
 Contribute your Location Privacy Solution
Abstracts: txt Slides: ppt


Valentin Dallmeier , Universität des Saarlandes

Philippe De Ryck , KU Leuven

Lieven Desmet , KU Leuven
 JSand:server-driven sandboxing of third-party JavaScript
Abstracts: txt


Akhawe Devdatta , University of California - Berkeley
 Privilege Separation for HTML5 Applications
Abstracts: txt


Daniele Filaretti , Imperial College London
 Towards Certified Verification for Web Programming
Abstracts: txt Slides: pdf


Cormac Flanagan , University of California - Santa Cruz
 Multiple Facets for Dynamic Information Flow
Abstracts: txt


Cedric Fournet , Microsoft Research UK - Cambridge

Michael Franz , University of California - Irvine
 Software Immunity via Large-Scale Diversification
Abstracts: txt


Dieter Gollmann , TU Hamburg-Harburg

Arjun Guha , Cornell University
 First Class Field Names
Abstracts: txt Slides: pdf


Daniel Hedin , Chalmers UT - Göteborg

Mario Heiderich , Ruhr-Universität Bochum
 Creating the HTML5Purifier - on top of the HTMLPurifier
Abstracts: txt Slides: pdf

 Scriptless Attacks – Stealing the Pie Without Touching the Sill
Abstracts: txt Slides: pdf

 JSAgents – Policy-Definition & Enforcing for DOM Elements
Abstracts: txt Slides: pdf


Boris Hemkemeier , Commerzbank AG - Frankfurt

Michael Hicks , University of Maryland
 Toward decentralized collaborative webapps via knowledge-based security
Abstracts: txt Slides: pptx


Thorsten Holz , Ruhr-Universität Bochum
 Browser Security: IceShield and JSAgents
Abstracts: txt Slides: pdf


Thomas Jensen , INRIA Bretagne Atlantique - Rennes
 Certified analysis of JavaScript (5min talk)
Slides: pdf


Ranjit Jhala , University of California - San Diego

Martin Johns , SAP Research - Karlsruhe
 Web Security - Are we there yet?
Abstracts: txt


Shriram Krishnamurthi , Brown University
 Browser Extension Analysis and Other JavaScript Adventures
Abstracts: txt


Benjamin Livshits , Microsoft Research - Redmond

Sergio Maffeis , Imperial College London
 Discovering Concrete Attacks on Website Authorization by Formal Analysis (20 minutes talk)
Abstracts: txt Slides: pdf


Fabio Massacci , University of Trento - Povo
 my software has a vulnerability should i worry?
Abstracts: txt

 Changed Talk! Anatomy of Exploit Kits - What bad guys do with a browser fingerprint
Abstracts: txt


John C. Mitchell , Stanford University
 Science of Web Security and Third-Party Tracking
Other: pptx


Nick Nikiforakis , KU Leuven
 You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions
Abstracts: txt


Martin Ochoa , Siemens - München
 Automatic Quantification of CPU Cache Side-channels
Abstracts: txt


Frank Piessens , KU Leuven
 FlowFox: an experiment on bringing information flow control to the browser
Abstracts: txt


Joe Gibbs Politz , Brown University
 A Tested Semantics for Getters, Setters, and Eval in JavaScript
Abstracts: txt Slides: pptx

 Progressive Types
Abstracts: txt Slides: pptx


Joachim Posegga , Universität Passau
 Client Side Security: Plan B?
Slides: pdf


Tamara Rezk , INRIA Sophia Antipolis - Méditerranée

Eric Rothstein , Universität Passau

Andrei Sabelfeld , Chalmers UT - Göteborg
 GlassTube: A Lightweight Approach to Web Application Integrity
Abstracts: txt Slides: pdf


Sebastian Schinzel , Universität Erlangen-Nürnberg
 Side Channels on the Web
Slides: ppt


Juraj Somorovsky , Ruhr-Universität Bochum
 On Breaking SAML: Be Whoever You Want To Be
Abstracts: txt

 How To Break XML Encryption
Abstracts: txt


Nikhil Swamy , Microsoft Research - Redmond
 Verifying JavaScript programs with the Dijkstra State Monad
Abstracts: txt

 Fully Abstract Compilation to JavaScript
Abstracts: txt


Steven Van Acker , KU Leuven
 behind FlashOver: Automated Discovery of Cross-site Scripting Vulnerabilities in Rich Internet Applications
Abstracts: txt Slides: pdf



Creative Commons License
This webpage and the material that is made available on this webpage is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License.

The CC by-nc-nd license allows you to copy, distribute and transmit the work under the following conditions: