MADWeb 2024 Program

Abstract: The web is a fantastic platform that transformed our society. In the span of two decades, browsers went from rendering texts and images to becoming massive software filled with advanced technology and multimedia capabilities. From a security and privacy perspective, a lot has changed by making our communications more private and by providing proper isolation between components. But are these changes always positive? Is the web evolving too quickly to the detriment of users and their online privacy? In this presentation, we will see that the answer can be complex where innovation, privacy and legislation consistently counterbalance one another.

Short Bio: Pierre Laperdrix is currently a research scientist for CNRS in the Spirals team in the CRIStAL laboratory in Lille, France. Previously, he was a postdoctoral researcher in the PragSec lab at Stony Brook University and, after, in the Secure Web Applications Group at CISPA. His research interests span several areas of security and privacy with a strong focus on the web. One of his main goal is to understand what is happening on the web to ultimately design countermeasures to better protect users online.

Abstract: In this talk, I will share my reflection about web security research. There are a number of superficial understandings about the nature of web security issues, the focus of defense technologies and the emerging concept of Web3. To deepen these understandings, it is necessary to see the Web as a “multi-mind” computing paradigm, which has two fundamental characteristics: (1) it is an open platform on which people with potential conflicts of interest (COI) can add code modules; (2) app functionalities are achieved by running through multiple COI modules. These characteristics distinguish the Web from other computing paradigms, such as personal computing, cloud computing and even distributed computing. Recognizing the intrinsic multi-mind nature of the Web, I will use concrete examples to show some unique research angles. I will explain that web security problems are not general security problems manifested in the Web. Accordingly, there are novel promising approaches that are methodological for defense. In the last part of the talk, I will argue that Web3 is a natural next stage in the evolution of the Web.

Short Bio: Shuo Chen is a senior principal researcher at Microsoft Research Redmond. His interest is about studying operational systems to understand their security challenges and develop systematic solutions. He worked in the areas of software-as-a-service, browser, web privacy/security and blockchain/smart-contract. His research led to several real-world security pushes, such as a cross-company effort to fix browser bugs that compromise HTTPS security; Microsoft Internet Explorer team’s effort to systematically fix GUI-spoofing (phishing) bugs; a cross-company effort to fix logic bugs in e-commerce, online payment and single-sign-on services. His research was covered by the media, such as CNN, CNET, MIT Tech Review, etc. He also works in the area of program verification for browsers, web protocols and smart contracts. Shuo served on the program committees for IEEE S&P, USENIX Security, ACM CCS, DSN, etc. He obtained his Ph.D. degree from University of Illinois at Urbana-Champaign.