The Web2.0 Security and Privacy Workshop held in conjunction with the 2007 IEEE Symposium on Security and Privacy was co-chaired by IBM Researcher Larry Koved. The following papers at the workshop were presented by IBM researchers.
- Paul A. Karger. Mashups Legitimize Man-in-the-Middle Attacks (paper, slides)
- Sumeer Bhola, Suresh Chari, and Michael Steiner. Security for Web 2.0 Application Scenarios: Exposures, Issues, and Challenges (paper, slides)
- Sachiko Yoshihama, Naohiko Uramoto, Satoshi Makino, Ai Ishida, Shinya Kawanaka, and Frederik De Keukelaere. Security Model for the Client-Side Web Application Environments (paper, slides)
- K. Vikram and Michael Steiner. Mashup Component Isolation via Server-Side Analysis and Instrumentation (paper, slides)
The following article surveys security issues pertaining to AJAX and Web2.0
- Sachiko Yoshiyama, Frederik De Keukelaere, Michael Steiner, Naohiko Uramoto. , Overcome Security Threats for Ajax Applications, IBM DeveloperWorks, June 2007.
The following paper describes our approach and prototype for securing mashup type applications.
- Frederik De Keukelaere, Sumeer Bhola, Michael Steiner, Suresh Chari and Sachiko Yoshihama. SMash: Secure Cross-Domain Mashups on Unmodified Browsers, submitted for publication, June 2007.