TECHNICAL PROGRAM

Just Up! Videos of the presentations are now available. Access is currently restricted to USENIX members and conference attendees. Not a member? Join today!

All sessions will take place in Salons A–B unless otherwise noted.

Proceedings Front Matter files: Cover, Copyright, ISBN | Title Page and Organizers | Table of Contents | Message from the Program Chair

Complete Proceedings

NEW! E-Book Proceedings: Read the proceedings on the go in iPad-friendly EPUB format or Kindle-friendly Mobipocket format.

Tech Sessions:
Wednesday, June 15 | Thursday, June 16

Joint ATC, WebApps, and HotCloud Keynote Address

Salon E

An Agenda for Empirical Cyber Crime Research
Speaker: Stefan Savage, Director of the Collaborative Center for Internet Epidemiology and Defenses (CCIED) and Associate Professor, UCSD

View the Video

Computer security is a field that is fundamentally co-dependent—driven to respond by the actions of adversaries. This dance fuels both the research community and a multi-billion-dollar computer security industry. However, to date most efforts have focused on the technical components of this battle: identifying new vulnerabilities, exploits, and attacks, building and deploying new defenses, and so on. In this talk, I will argue for a complementary research agenda based on understanding the business models that drive today's Internet attacks, deconstructing the underlying value chain for attackers and ultimately using this information to better focus on security interventions. I will provide a rough sketch of the modern cyber-criminal ecosystem, describe its dependencies, and highlight some of the key open questions that motivate our focus. Using a range of activities, including our own completed studies, work in progress, and work in development, I'll illustrate how many of these questions can be tackled empirically. Along the way, I'll discuss the real and significant challenges in conducting this sort of research and how we address these issues in practice. Finally, I'll play pundit and predict where the greatest opportunities for impact are likely to be found.

Stefan Savage is a professor of Computer Science and Engineering at the University of California, San Diego. He received his Ph.D. in Computer Science and Engineering from the University of Washington and a B.S. in Applied History from Carnegie Mellon University. Savage's research interests lie at the intersection of distributed systems, networking, and computer security, with a current focus on embedded security and the economics of cybercrime. He currently serves as director of UCSD's Center for Network Systems (CNS) and as co-director for the Cooperative Center for Internet Epidemiology and Defenses (CCIED), a joint effort between UCSD and the International Computer Science Institute. Savage is a fairly down-to-earth guy and only writes about himself in the third person when asked.

Opening Remarks

WebApps '11 Program Chair: Armando Fox, University of California, Berkeley

View the Slides

Server-side Security

GuardRails: A Data-Centric Web Application Security Framework
Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans, University of Virginia

Read the Full paper

View the Slides

PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks
Ioannis Papagiannis, Matteo Migliavacca, and Peter Pietzuch, Imperial College London

Read the Full paper

View the Slides

Secure Data Preservers for Web Services
Jayanthkumar Kannan, Google Inc.; Petros Maniatis, Intel Labs; Byung-Gon Chun, Yahoo! Research

Read the Full paper

View the Slides

Researchers' Workbench

BenchLab: An Open Testbed for Realistic Benchmarking of Web Applications
Emmanuel Cecchet, Veena Udayabhanu, Timothy Wood, and Prashant Shenoy, University of Massachusetts Amherst

Read the Full paper

View the Slides

Resource Provisioning of Web Applications in Heterogeneous Clouds
Jiang Dejun, VU University Amsterdam and Tsinghua University Beijing; Guillaume Pierre, VU University Amsterdam; Chi-Hung Chi, Tsinghua University Beijing

Read the Full paper

View the Slides

C3: An Experimental, Extensible, Reconfigurable Platform for HTML-based Applications
Benjamin S. Lerner and Brian Burg, University of Washington; Herman Venter and Wolfram Schulte, Microsoft Research

Read the Full paper

View the Slides

Lessons and Experience

The Effectiveness of Application Permissions
Adrienne Porter Felt, Kate Greenwood, and David Wagner, University of California, Berkeley

Read the| Full paper

Experiences on a Design Approach for Interactive Web Applications
Janne Kuuskeri, Tampere University of Technology

Read the Full paper

View the Slides

Exploring the Relationship Between Web Application Development Tools and Security
Matthew Finifter and David Wagner, University of California, Berkeley

Read the Full paper

View the Slides

JOINT ATC AND WEBAPPS INVITED TALK
Salon E

Helping Humanity with Phones and Clouds
Matthew Faulkner, graduate student in Computer Science at Caltech, and Michael Olson, graduate student in Computer Science at Caltech

Meeting global challenges requires informed decisions. Often, these decisions require gathering data across geographic regions over time, detecting patterns that indicate significant events, formulating best responses to an event, then executing and monitoring those responses. Such decisions are made when deploying first responses to earthquakes, providing health care to people in under-served remote areas, and monitoring natural resources. Smart phones and tablets enable acquisition of data from almost anywhere on the globe. Cloud computing, likewise, enables aggregation and analysis from anywhere on the globe. This talk describes research on applications combining phones and clouds for earthquake detection and rural health care. We show how coupling community sensing and citizen participation to phones and clouds could radically improve the way that technology serves humanity, including the less fortunate, around the globe.

Matthew Faulkner is a graduate student in Computer Science at Caltech. He received an S.B (2008) and an M.Eng. (2009) in Computer Science from MIT. His research interests are in machine learning, distributed systems, and sensor networks.

Michael Olson is a graduate student in Computer Science at Caltech. He received a B.S. (2004) in Computer Science from Carnegie Mellon. His research interests are in distributed systems, sensor networks, and event processing.

JOINT ATC AND WEBAPPS POSTER SESSION AND HAPPY HOUR
Mount Hood and Allie's American Grille

The joint WebApps '11 and USENIX ATC '11 poster session will be held in conjunction with a happy hour and will allow researchers to present recent and ongoing projects. The poster session is an excellent forum to discuss new ideas and get useful feedback from the community. Find out more here.

JOINT ATC AND WEBAPPS PLENARY SESSION
Salon E

Dead Media: What the Obsolete, Unsuccessful, Experimental, and Avant-Garde Can Teach Us About the Future of Media
Finn Brunton, Postdoctoral Researcher at NYU

View the Video

Listen to the MP3

The Telharmonium. Scopitone. The Euphonia. Bone music, Oramics, rocket mail, the Multiphone, optical telegraphs, scent organs, mechanical televisions, breath printing, calculating machines, magic lanterns . . . What does it mean for a communication or information storage medium to die? What can old media formats—dead, obsolete, experimental, or ahead of their time—tell us about the future of technological communication now? This talk will go back to Cambrian explosions in media types and the visionaries, hucksters, and lunatics who staked knowledge, fame, fortune, and sometimes their lives on the success of their technologies, and tell stories from the vast population of amazing projects that never made it.

Finn Brunton is a postdoctoral researcher at NYU, where he works on digital technology: history, privacy, anonymity, modification and misuse. He is writing a book about spam for Duke University Press.

Panel: The Future of Client-side Web Apps

Moderator: Michael Maximilien, IBM Research

Panelists: Patrick Chanezon, Google, Inc.; Charles Ying, Flipboard, Inc.; Erik Meijer, Microsoft Corp.; Raffi Krikorian, Twitter, Inc.

View the Video

Listen to the MP3

Extending and Protecting the Client

Integrating Long Polling with an MVC Web Framework
Eric Stratmann, John Ousterhout, and Sameer Madan, Stanford University

Read the Full paper

Detecting Malicious Web Links and Identifying Their Attack Types
Hyunsang Choi, Korea University; Bin B. Zhu, Microsoft Research Asia; Heejo Lee, Korea University

Read the Full paper

View the Video | Slides

Listen to the MP3

Maverick: Providing Web Applications with Safe and Flexible Access to Local Devices
David W. Richardson and Steven D. Gribble, University of Washington

Read the Full paper

View the Video

Listen to the MP3

JOINT WEBAPPS AND ATC INVITED TALK
Salon E

Software G Forces: The Effects of Acceleration
Kent Beck, Facebook, Inc.

View the Video

Listen to the MP3

As deployment cycles shrink, what constitutes effective software engineering changes radically. Practices that bring improvement to a quarterly release cycle can be fatal with an hourly release cycle. This talk outlines the changes required of software engineering and organization at different cycle times: quarterly, monthly, weekly, daily, and hourly.

Kent Beck is the founder and director of Three Rivers Institute (TRI). His career has combined the practice of software development with reflection, innovation, and communication. His contributions to software development include patterns for software, the rediscovery of test-first programming, the xUnit family of developer testing tools, and Extreme Programming. He currently divides his time between writing, programming, and coaching. Beck is the author/co-author of Implementation Patterns, Extreme Programming Explained: Embrace Change 2nd Edition, Contributing to Eclipse, Test-Driven Development: By Example, Planning Extreme Programming, The Smalltalk Best Practice Patterns, and the JUnit Pocket Guide. He received his B.S. and M.S. in Computer Science from the University of Oregon.

RECEPTION
Salons F and I