Web 2.0 Security     

links

Web 2.0 Security - Publications

The following article surveys security issues pertaining to AJAX and Web2.0

• Sachiko Yoshiyama, Frederik De Keukelaere, Michael Steiner, Naohiko Uramoto. , Overcome Security Threats for Ajax Applications, IBM DeveloperWorks, June 2007.

The following paper describes our approach and prototype for securing mashup type applications.

• Frederik De Keukelaere, Sumeer Bhola, Michael Steiner, Suresh Chari and Sachiko Yoshihama. SMash: Secure Cross-Domain Mashups on Unmodified Browsers, 17th International World Wide Web Conference (WWW 2008).

We also published many ideas in the Web2.0 Security and Privacy Workshops held in conjunction with the IEEE Symposium on Security and Privacy and co-founded by IBM Researcher Larry Koved.

2007

• Paul A. Karger. Mashups Legitimize Man-in-the-Middle Attacks (paper, slides)
• Sumeer Bhola, Suresh Chari, and Michael Steiner. Security for Web 2.0 Application Scenarios: Exposures, Issues, and Challenges (paper, slides)
• Sachiko Yoshihama, Naohiko Uramoto, Satoshi Makino, Ai Ishida, Shinya Kawanaka, and Frederik De Keukelaere. Security Model for the Client-Side Web Application Environments (paper, slides)
• K. Vikram and Michael Steiner. Mashup Component Isolation via Server-Side Analysis and Instrumentation (paper, slides)

2008

• Mihai Christodorescu. Private Use of Untrusted Web Servers via Opportunistic Encryption ( paper, slides)
• Paula Austel, Sumeer Bhola, Suresh Chari, Larry Koved, Michael McIntosh, Michael Steiner, Samuel Weber. Secure Delegation for Web 2.0 and Mashups (paper)

2009

• Suresh Chari, Larry Koved, and Mary Ellen Zurko. Using Recommenders for Discretionary Access Control (paper, slides)