MADWeb 2022 Program


Due to Covid-19, MADWeb 2022 will be a fully virtual event.

To register, please visit the NDSS Registrations website.

Thursday April 28, 2022 All times in PDT (UTC-7)
9:00am - 9:15am Welcome and Introductory Remarks
9:15am - 10:20am

Abstract: Billions of people use Chrome to go about their daily lives: for school, for work, for joy, for shopping, for curiosity, and for secrets. Members of the Chrome engineering team are deeply conscious of (and constrained by) the responsibility that comes with broad product adoption. Adriana will talk about the lessons learned through a decade on the Chrome team. She’ll share surprises that she encountered when she transitioned from academia to industry, best practices that she learned as a Chrome security team member, and challenges that she has faced as a product engineering leader. What do you do when security goals conflict with other user needs? How do you balance execution speed with security? What’s hard to do even when you have Google's resources behind you? Where is academia ahead of industry, and what papers are sitting on engineers' desks?

Short Bio: Adriana Porter Felt is a Director of Engineering at Google, where she leads Chrome’s Data Science, content ecosystem, and iOS teams. Previously, Adriana founded and led Chrome's usable security team. She is best known externally for her work on moving the web to HTTPS, earning her recognition as one of MIT Technology Review's Innovators Under 35. Adriana holds a PhD from UC Berkeley, and most of her academic publications are on usable security for browsers and mobile operating systems.

10:20am - 10:50am BREAK
10:50am - 11:50am Session 1: Vulnerabilities

Session chair: Phani Vadrevu (University of New Orleans)

  What the Fork? Finding and Analyzing Malware in GitHub Forks
Alan Cao and Brendan Dolan-Gavitt (New York University)
  insecure:// Vulnerability Analysis of URI Scheme Handling in Android Mobile Browsers
Abdulla Aldoseri and David Oswald (University of Birmingham)
  Log4shell: Redefining the Web Attack Surface
Douglas Everson, Long Cheng, and Zhenkai Zhang (Clemson University)
11:50am - 1:10pm LUNCH
1:10pm - 2:10pm

Abstract: Online advertisements are an unavoidable fact of the modern web: they are embedded in and financially support the majority of content websites. Significant prior work in the computer security and privacy community has previously studied the ecosystem of online advertising, particularly in terms of its privacy implications. What has not been substantively considered in the security community, however, is the visible, user-facing content of these advertisements. Our recent work reveals significant prevalence of a range of problematic content in these ads, including clickbait, misinformation, scams, and manipulative design patterns. In this talk, I will describe our work characterizing and measuring problematic content in the online ad ecosystem, including an investigation of ad content on misinformation sites and a study of political-themed ads on news and media websites around the time of the 2020 U.S. elections.

Short Bio: Franziska (Franzi) Roesner is an Associate Professor in the Paul G. Allen School of Computer Science & Engineering at the University of Washington, where she co-directs the Security and Privacy Research Lab. Her research focuses broadly on computer security and privacy for end users of existing and emerging technologies. Her work has studied topics including online tracking and advertising, security and privacy for sensitive user groups, security and privacy in emerging augmented reality (AR) and IoT platforms, and online mis/disinformation. She is the recipient of a Consumer Reports Digital Lab Fellowship, an MIT Technology Review "Innovators Under 35" Award, an Emerging Leader Alumni Award from the University of Texas at Austin, a Google Security and Privacy Research Award, and an NSF CAREER Award. She serves on the USENIX Security and USENIX Enigma Steering Committees.

2:10pm - 2:20pm BREAK
2:20pm - 3:00pm Session 2: Infrastructure

Session chair: Nick Nikiforakis (Stony Brook University)

  Chhoyhopper: A Moving Target Defense with IPv6
A S M Rizvi and John Heidemann (University of Southern California / Information Sciences Institute)
  P4DDPI: Securing P4-Programmable Data Plane Networks via DNS Deep Packet Inspection
Ali AlSabeh, Elie Kfoury, Jorge Crichigno (University of South Carolina) and Elias Bou-Harb (University of Texas at San Antonio)
3:00pm - 3:30pm BREAK
3:30pm - 4:10pm Session 3: New Web Features

Session chair: Gunes Acar (Radboud University)

  What Storage? An Empirical Analysis of Web Storage in the Wild
Zubair Ahmad, Samuele Casarin, and Stefano Calzavara (Università Ca’ Foscari Venezia)
  Characterizing the Adoption of Security.txt Files and their Applications to Vulnerability Notification
William Findlay and AbdelRahman Abdou (Carleton University)
4:10pm - 4:20pm Best Paper Award and Closing Remarks