IMPORTANT ANNOUNCEMENT
Due to Covid-19, MADWeb 2022 will be a fully virtual event.
To register, please visit the NDSS Registrations website.
Thursday April 28, 2022 | All times in PDT (UTC-7) |
---|---|
9:00am - 9:15am | Welcome and Introductory Remarks |
9:15am - 10:20am | Abstract: Billions of people use Chrome to go about their daily lives: for school, for work, for joy, for shopping, for curiosity, and for secrets. Members of the Chrome engineering team are deeply conscious of (and constrained by) the responsibility that comes with broad product adoption. Adriana will talk about the lessons learned through a decade on the Chrome team. She’ll share surprises that she encountered when she transitioned from academia to industry, best practices that she learned as a Chrome security team member, and challenges that she has faced as a product engineering leader. What do you do when security goals conflict with other user needs? How do you balance execution speed with security? What’s hard to do even when you have Google's resources behind you? Where is academia ahead of industry, and what papers are sitting on engineers' desks? |
10:20am - 10:50am | BREAK |
10:50am - 11:50am | Session 1: Vulnerabilities Session chair: Phani Vadrevu (University of New Orleans) |
What the Fork? Finding and Analyzing Malware in GitHub Forks Alan Cao and Brendan Dolan-Gavitt (New York University) |
|
insecure:// Vulnerability Analysis of URI Scheme Handling in Android Mobile Browsers Abdulla Aldoseri and David Oswald (University of Birmingham) |
|
Log4shell: Redefining the Web Attack Surface Douglas Everson, Long Cheng, and Zhenkai Zhang (Clemson University) |
|
11:50am - 1:10pm | LUNCH |
1:10pm - 2:10pm | Abstract: Online advertisements are an unavoidable fact of the modern web: they are embedded in and financially support the majority of content websites. Significant prior work in the computer security and privacy community has previously studied the ecosystem of online advertising, particularly in terms of its privacy implications. What has not been substantively considered in the security community, however, is the visible, user-facing content of these advertisements. Our recent work reveals significant prevalence of a range of problematic content in these ads, including clickbait, misinformation, scams, and manipulative design patterns. In this talk, I will describe our work characterizing and measuring problematic content in the online ad ecosystem, including an investigation of ad content on misinformation sites and a study of political-themed ads on news and media websites around the time of the 2020 U.S. elections. |
2:10pm - 2:20pm | BREAK |
2:20pm - 3:00pm | Session 2: Infrastructure Session chair: Nick Nikiforakis (Stony Brook University) |
Chhoyhopper: A Moving Target Defense with IPv6 A S M Rizvi and John Heidemann (University of Southern California / Information Sciences Institute) |
|
P4DDPI: Securing P4-Programmable Data Plane Networks via DNS Deep Packet Inspection Ali AlSabeh, Elie Kfoury, Jorge Crichigno (University of South Carolina) and Elias Bou-Harb (University of Texas at San Antonio) |
|
3:00pm - 3:30pm | BREAK |
3:30pm - 4:10pm | Session 3: New Web Features Session chair: Gunes Acar (Radboud University) |
What Storage? An Empirical Analysis of Web Storage in the Wild Zubair Ahmad, Samuele Casarin, and Stefano Calzavara (Università Ca’ Foscari Venezia) |
|
Characterizing the Adoption of Security.txt Files and their Applications to Vulnerability Notification William Findlay and AbdelRahman Abdou (Carleton University) |
|
4:10pm - 4:20pm | Best Paper Award and Closing Remarks |
madwebwork.bsky.social
infosec.exchange/@madwebwork
@madwebwork
MADWeb 2025, in cooperation with the NDSS Symposium