|
TECHNICAL PROGRAM
Just Up! Videos of the presentations are now available. Access is currently restricted to USENIX members and conference attendees. Not a member? Join today!
All sessions will take place in Salons A–B unless otherwise noted.
Proceedings Front Matter files:
Cover, Copyright, ISBN |
Title Page and Organizers |
Table of Contents |
Message from the Program Chair
Complete Proceedings
NEW! E-Book Proceedings: Read the proceedings on the go in iPad-friendly EPUB format or Kindle-friendly Mobipocket format.
Tech Sessions:
Wednesday, June 15 |
Thursday, June 16
|
Wednesday, June 15, 2011
|
7:30 a.m.–8:30 a.m. Morning Coffee and Tea: Served in Salon F and the Ballroom Foyer
|
|
8:30 a.m.–10:00 a.m.
|
Joint ATC, WebApps, and HotCloud Keynote Address
Salon E
An Agenda for Empirical Cyber Crime Research
Speaker: Stefan Savage, Director of the Collaborative Center for Internet Epidemiology and Defenses (CCIED) and Associate Professor, UCSD
View the Video
Computer security is a field that is fundamentally co-dependent—driven to respond by the actions of adversaries. This dance fuels both the research community and a multi-billion-dollar computer security industry. However, to date most efforts have focused on the technical components of this battle: identifying new vulnerabilities, exploits, and attacks, building and deploying new defenses, and so on. In this talk, I will argue for a complementary research agenda based on understanding the business models that drive today's Internet attacks, deconstructing the underlying value chain for attackers and ultimately using this information to better focus on security interventions. I will provide a rough sketch of the modern cyber-criminal ecosystem, describe its dependencies, and highlight some of the key open questions that motivate our focus. Using a range of activities, including our own completed studies, work in progress, and work in development, I'll illustrate how many of these questions can be tackled empirically. Along the way, I'll discuss the real and significant challenges in conducting this sort of research and how we address these issues in practice. Finally, I'll play pundit and predict where the greatest opportunities for impact are likely to be found.
Stefan Savage is a professor of Computer Science and Engineering at the University of California, San Diego. He received his Ph.D. in Computer Science and Engineering from the University of Washington and a B.S. in Applied History from Carnegie Mellon University. Savage's research interests lie at the intersection of distributed systems, networking, and computer security, with a current focus on embedded security and the economics of cybercrime. He currently serves as director of UCSD's Center for Network Systems (CNS) and as co-director for the Cooperative Center for Internet Epidemiology and Defenses (CCIED), a joint effort between UCSD and the International Computer Science Institute. Savage is a fairly down-to-earth guy and only writes about himself in the third person when asked.
|
|
10:00 a.m.–10:30 a.m. Break: Continental Breakfast served in Salon F and the Ballroom Foyer
|
|
10:30 a.m.–noon |
Opening Remarks
WebApps '11 Program Chair: Armando Fox, University of California, Berkeley
View the Slides
Server-side Security
GuardRails: A Data-Centric Web Application Security Framework
Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans, University of Virginia
Read the Full paper
View the Slides
PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks
Ioannis Papagiannis, Matteo Migliavacca, and Peter Pietzuch, Imperial College London
Read the Full paper
View the Slides
Secure Data Preservers for Web Services
Jayanthkumar Kannan, Google Inc.; Petros Maniatis, Intel Labs; Byung-Gon Chun, Yahoo! Research
Read the Full paper
View the Slides
|
Noon–1:00 p.m. Lunch: Served in Salons F and I
|
|
1:00 p.m.–2:30 p.m. |
Researchers' Workbench
BenchLab: An Open Testbed for Realistic Benchmarking of Web Applications
Emmanuel Cecchet, Veena Udayabhanu, Timothy Wood, and Prashant Shenoy, University of Massachusetts Amherst
Read the Full paper
View the Slides
Resource Provisioning of Web Applications in Heterogeneous Clouds
Jiang Dejun, VU University Amsterdam and Tsinghua University Beijing; Guillaume Pierre, VU University Amsterdam; Chi-Hung Chi, Tsinghua University Beijing
Read the Full paper
View the Slides
C3: An Experimental, Extensible, Reconfigurable Platform for HTML-based Applications
Benjamin S. Lerner and Brian Burg, University of Washington; Herman Venter and Wolfram Schulte, Microsoft Research
Read the Full paper
View the Slides
|
2:30 p.m.–3:00 p.m. Break: Refreshments served in Salon F and the Ballroom Foyer
|
|
3:00 p.m.–4:30 p.m. |
Lessons and Experience
The Effectiveness of Application Permissions
Adrienne Porter Felt, Kate Greenwood, and David Wagner, University of California, Berkeley
Read the| Full paper
Experiences on a Design Approach for Interactive Web Applications
Janne Kuuskeri, Tampere University of Technology
Read the Full paper
View the Slides
Exploring the Relationship Between Web Application Development Tools and Security
Matthew Finifter and David Wagner, University of California, Berkeley
Read the Full paper
View the Slides
|
4:30 p.m.–4:45 p.m. Break
|
|
4:45 p.m.–6:00 p.m. |
JOINT ATC AND WEBAPPS INVITED TALK
Salon E
Helping Humanity with Phones and Clouds
Matthew Faulkner, graduate student in Computer Science at Caltech, and Michael Olson, graduate student in Computer Science at Caltech
Meeting global challenges requires informed decisions. Often, these decisions require gathering data across geographic regions over time, detecting patterns that indicate significant events, formulating best responses to an event, then executing and monitoring those responses. Such decisions are made when deploying first responses to earthquakes, providing health care to people in under-served remote areas, and monitoring natural resources. Smart phones and tablets enable acquisition of data from almost anywhere on the globe. Cloud computing, likewise, enables aggregation and analysis from anywhere on the globe. This talk describes research on applications combining phones and clouds for earthquake detection and rural health care. We show how coupling community sensing and citizen participation to phones and clouds could radically improve the way that technology serves humanity, including the less fortunate, around the globe.
Matthew Faulkner is a graduate student in Computer Science at Caltech. He received an S.B (2008) and an M.Eng. (2009) in Computer Science from MIT. His research interests are in machine learning, distributed systems, and sensor networks.
Michael Olson is a graduate student in Computer Science at Caltech. He received a B.S. (2004) in Computer Science from Carnegie Mellon. His research interests are in distributed systems, sensor networks, and event processing.
|
|
6:00 p.m.–6:30 p.m. Break
|
|
6:30 p.m.–8:00 p.m. |
JOINT ATC AND WEBAPPS POSTER SESSION AND HAPPY HOUR
Mount Hood and Allie's American Grille
The joint WebApps '11 and USENIX ATC '11 poster session will be held in conjunction with a happy hour and will allow researchers to present recent and ongoing projects. The poster session is an excellent forum to discuss new ideas and get useful feedback from the community. Find out more here.
|
|
|
Thursday, June 16, 2011
|
8:00 a.m.–9:00 a.m. Morning Coffee and Tea: Served in Salon F and the Ballroom Foyer
|
|
9:00 a.m.–10:00 a.m.
|
JOINT ATC AND WEBAPPS PLENARY SESSION
Salon E
Dead Media: What the Obsolete, Unsuccessful, Experimental, and Avant-Garde Can Teach Us About the Future of Media
Finn Brunton, Postdoctoral Researcher at NYU
View the Video
Listen to the MP3
The Telharmonium. Scopitone. The Euphonia. Bone music, Oramics, rocket mail, the Multiphone, optical telegraphs, scent organs, mechanical televisions, breath printing, calculating machines, magic lanterns . . . What does it mean for a communication or information storage medium to die? What can old media formats—dead, obsolete, experimental, or ahead of their time—tell us about the future of technological communication now? This talk will go back to Cambrian explosions in media types and the visionaries, hucksters, and lunatics who staked knowledge, fame, fortune, and sometimes their lives on the success of their technologies, and tell stories from the vast population of amazing projects that never made it.
Finn Brunton is a postdoctoral researcher at NYU, where he works on digital technology: history, privacy, anonymity, modification and misuse. He is writing a book about spam for Duke University Press.
|
|
10:00 a.m.–10:30 a.m. Break: Continental Breakfast served in Salon F and the Ballroom Foyer
|
|
10:30 a.m.–noon |
Panel: The Future of Client-side Web Apps
Moderator: Michael Maximilien, IBM Research
Panelists: Patrick Chanezon, Google, Inc.; Charles Ying, Flipboard, Inc.; Erik Meijer, Microsoft Corp.; Raffi Krikorian, Twitter, Inc.
View the Video
Listen to the MP3
|
Noon–1:00 p.m. Lunch: Served in Salons F and I
|
|
1:00 p.m.–2:30 p.m. |
Extending and Protecting the Client
Integrating Long Polling with an MVC Web Framework
Eric Stratmann, John Ousterhout, and Sameer Madan, Stanford University
Read the Full paper
Detecting Malicious Web Links and Identifying Their Attack Types
Hyunsang Choi, Korea University; Bin B. Zhu, Microsoft Research Asia; Heejo Lee, Korea University
Read the Full paper
View the Video | Slides
Listen to the MP3
Maverick: Providing Web Applications with Safe and Flexible Access to Local Devices
David W. Richardson and Steven D. Gribble, University of Washington
Read the Full paper
View the Video
Listen to the MP3
|
2:30 p.m.–3:00 p.m. Break: Refreshments served in Salon F and the Ballroom Foyer
|
|
3:00 p.m.–4:30 p.m. |
JOINT WEBAPPS AND ATC INVITED TALK
Salon E
Software G Forces: The Effects of Acceleration
Kent Beck, Facebook, Inc.
View the Video
Listen to the MP3
As deployment cycles shrink, what constitutes effective software
engineering changes radically. Practices that bring improvement to a
quarterly release cycle can be fatal with an hourly release cycle. This
talk outlines the changes required of software engineering and
organization at different cycle times: quarterly, monthly, weekly, daily,
and hourly.
Kent Beck is the founder and director of Three Rivers Institute (TRI). His career has combined the practice of software development with reflection, innovation, and communication. His contributions to software development include patterns for software, the rediscovery of test-first programming, the xUnit family of developer testing tools, and Extreme Programming. He currently divides his time between writing, programming, and coaching. Beck is the author/co-author of Implementation Patterns, Extreme Programming Explained: Embrace Change 2nd Edition, Contributing to Eclipse, Test-Driven Development: By Example, Planning Extreme Programming, The Smalltalk Best Practice Patterns, and the JUnit Pocket Guide. He received his B.S. and M.S. in Computer Science from the University of Oregon.
|
|
7:00 p.m.–9:00 p.m.
|
RECEPTION
Salons F and I
|
|
|
|