NDSS 2025 - MADWeb 2025, Keynote 2 and Session 3

Описание: SESSION
Keynote talk by Frederik Braun (Mozilla)
Session 3: Web3 and Work in Progress
Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) 2025, co-located with the Network and Distributed System Security (NDSS) Symposium 2025, held from 24 February to 28 February 2025 in San Diego, California.
https://www.ndss-symposium.org/ndss-p...

Keynote 2: With Carrots & Sticks: Can the Browser Handle Web Security?
Frederik Braun (Mozilla)

In this talk, we will examine web security through the browser's perspective. Various browser features have helped fix transport security issues and increase HTTPS adoption: Encouragements in the form of providing more exciting APIs exclusively to Secure Context or deprecating features (like with Mixed Content Blocking) have brought HTTPS adoption to over 90% in ten years.

With these successful interventions as the browser's carrots and sticks - rewards for secure practices and penalties for insecure ones - we will then identify what academia and the industry can do to further apply security improvements. In particular, we will look at highly prevalent security issues in client code, like XSS and CSRF. In the end, we will see how the browser can play an instrumental role in web security improvements and what common tactics and potential issues exist.:

Speaker's Biography: Frederik Braun builds security for the web and Mozilla Firefox in Berlin. As a contributor to standards, Frederik is also improving the web platform by bringing security into the defaults with specifications like the Sanitizer API and Subresource Integrity. Before Mozilla, Frederik studied IT-Security at the Ruhr-University in Bochum where he taught web security and co-founded the CTF team fluxfingers.

PAPERS
DeFiIntel: A Dataset Bridging On-Chain and Off-Chain Data for DeFi Token Scam Investigation
Iori Suzuki (Graduate School of Environment and Information Sciences, Yokohama National University), Yin Minn Pa Pa (Institute of Advanced Sciences, Yokohama National University), Nguyen Thi Van Anh (Institute of Advanced Sciences, Yokohama National University), Katsunari Yoshioka (Graduate School of Environment and Information Sciences, Yokohama National University)

Work-in-Progress: Detecting Browser-in-the-Browser Attacks from Their Behaviors and DOM Structures
Ryusei Ishikawa, Soramichi Akiyama, and Tetsutaro Uehara (Ritsumeikan University)

Work-in-Progress: Towards Browser-Based Consent Management
Gayatri Priyadarsini Kancherla and Abhishek Bichhawat (Indian Institute of Technology Gandhinagar)

Work-in-Progress: Uncovering Dark Patterns: A Longitudinal Study of Cookie Banner Practices under GDPR (2017-2024)
Zihan Qu (Johns Hopkins University), Xinyi Qu (University College London), Xin Shen, Zhen Liang, and Jianjia Yu (Johns Hopkins University)

ABOUT NDSS SYMPOSIUM
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
https://www.ndss-symposium.org/

#NDSS #NDSS25 #NDSS2025 #InternetSecurity