MADWeb 2024 Program


Awards

Best paper award
Free Proxies Unmasked: A Vulnerability and Longitudinal Analysis of Free Proxy Services
Naif Mehanna (Univ. Lille / Inria / CNRS), Walter Rudametkin (IRISA / Univ Rennes), Pierre Laperdrix (CNRS, Univ Lille, Inria Lille), and Antoine Vastel (Datadome)

Best paper runner-up award
EMMasker: EM Obfuscation Against Website Fingerprinting
Mohammed Aldeen, Sisheng Liang, Zhenkai Zhang, Linke Guo (Clemson University), Zheng Song (University of Michigan – Dearborn), and Long Cheng (Clemson University)

Best presentation award
The Fault in Our Stars: An Analysis of GitHub Stars as an Importance Metric for Web Source Code
Simon Koch, David Klein, and Martin Johns (TU Braunschweig)

MADWeb 2024 will take place as an in-person event on Friday March 1, 2024 in San Diego, CA (co-located with NDSS).


Friday March 1, 2024 All times in PT (UTC-8)
8:00am - 9:00am Breaksfast
9:00am - 9:10am Welcome and Opening Remarks
9:10am - 10:10am

Abstract: The web is a fantastic platform that transformed our society. In the span of two decades, browsers went from rendering texts and images to becoming massive software filled with advanced technology and multimedia capabilities. From a security and privacy perspective, a lot has changed by making our communications more private and by providing proper isolation between components. But are these changes always positive? Is the web evolving too quickly to the detriment of users and their online privacy? In this presentation, we will see that the answer can be complex where innovation, privacy and legislation consistently counterbalance one another.

Short Bio: Pierre Laperdrix is currently a research scientist for CNRS in the Spirals team in the CRIStAL laboratory in Lille, France. Previously, he was a postdoctoral researcher in the PragSec lab at Stony Brook University and, after, in the Secure Web Applications Group at CISPA. His research interests span several areas of security and privacy with a strong focus on the web. One of his main goal is to understand what is happening on the web to ultimately design countermeasures to better protect users online.

10:10am - 10:30am BREAK
10:30am - 12:00pm Session 1: Network Security on the Web

Session chair: Shujiang Wu (F5)

  The impact of data-heavy, post-quantum TLS 1.3 on the Time-To-Last-Byte of Web connections
Panos Kampanakis and Will Childs-Klein (AWS)
  EMMasker: EM Obfuscation Against Website Fingerprinting
Mohammed Aldeen, Sisheng Liang, Zhenkai Zhang, Linke Guo (Clemson University), Zheng Song (University of Michigan – Dearborn), and Long Cheng (Clemson University)
  Free Proxies Unmasked: A Vulnerability and Longitudinal Analysis of Free Proxy Services
Naif Mehanna (Univ. Lille / Inria / CNRS), Walter Rudametkin (IRISA / Univ Rennes), Pierre Laperdrix (CNRS, Univ Lille, Inria Lille), and Antoine Vastel (Datadome)
12:00pm - 1:30pm LUNCH
1:30pm - 2:30pm

Abstract: In this talk, I will share my reflection about web security research. There are a number of superficial understandings about the nature of web security issues, the focus of defense technologies and the emerging concept of Web3. To deepen these understandings, it is necessary to see the Web as a “multi-mind” computing paradigm, which has two fundamental characteristics: (1) it is an open platform on which people with potential conflicts of interest (COI) can add code modules; (2) app functionalities are achieved by running through multiple COI modules. These characteristics distinguish the Web from other computing paradigms, such as personal computing, cloud computing and even distributed computing. Recognizing the intrinsic multi-mind nature of the Web, I will use concrete examples to show some unique research angles. I will explain that web security problems are not general security problems manifested in the Web. Accordingly, there are novel promising approaches that are methodological for defense. In the last part of the talk, I will argue that Web3 is a natural next stage in the evolution of the Web.

Short Bio: Shuo Chen is a senior principal researcher at Microsoft Research Redmond. His interest is about studying operational systems to understand their security challenges and develop systematic solutions. He worked in the areas of software-as-a-service, browser, web privacy/security and blockchain/smart-contract. His research led to several real-world security pushes, such as a cross-company effort to fix browser bugs that compromise HTTPS security; Microsoft Internet Explorer team’s effort to systematically fix GUI-spoofing (phishing) bugs; a cross-company effort to fix logic bugs in e-commerce, online payment and single-sign-on services. His research was covered by the media, such as CNN, CNET, MIT Tech Review, etc. He also works in the area of program verification for browsers, web protocols and smart contracts. Shuo served on the program committees for IEEE S&P, USENIX Security, ACM CCS, DSN, etc. He obtained his Ph.D. degree from University of Illinois at Urbana-Champaign.

2:30pm - 3:10pm Session 2: Work In Progress

Session chair: Xu Lin (Washington State University)

  Work-in-Progress: A Large-Scale Long-term Analysis of Online Fraud across Multiple Companies and Platforms
Yi Han, Shujiang Wu, Mengmeng Li, Zixi Wang, and Pengfei Sun (F5)
  Work-in-Progress: Manifest V3 Unveiled: Navigating the New Era of Browser Extensions
Nikolaos Pantelaios and Alexandros Kapravelos (North Carolina State University)
3:10pm - 3:40pm BREAK
3:40pm - 4:40pm Session 3: Program Language Security on the Web

Session chair: Yash Vekaria (University of California, Davis)

  The Fault in Our Stars: An Analysis of GitHub Stars as an Importance Metric for Web Source Code
Simon Koch, David Klein, and Martin Johns (TU Braunschweig)
  Analysis of the Effect of the Difference between Japanese and English Input on ChatGPT-Generated Secure Codes
Rei Yamagishi, Shinya Sasa, and Shota Fujii (Hitachi, Ltd.)
4:40pm - 5:00pm Awards and Closing Remarks




madwebwork.bsky.social
infosec.exchange/@madwebwork
@madwebwork

MADWeb 2025, in cooperation with the NDSS Symposium