SecWeb 2024

Designing Security for the Web

News

February 22, 2024: Deadline extended to February 26, 2024.

February 8, 2024: The submission site is live! Please visit HotCRP to submit your papers. Deadline February 22, 2024.

December 18, 2023: SecWeb 2024 will be jointly held with IEEE S&P in San Francisco on May 23, 2024.

What is SecWeb?

Back in the days, the Web was not designed with security or privacy in mind. Many key mechanisms we rely on today for critical functionality were arguably not designed for security (such as cookies for authentication purposes) and numerous mechanisms have been piecemeal retrofitted to the Web to add security to it. In this workshop, we want to move away from augmenting the Web with Security and rather design Security for the Web.



Aim & Scope

The Web has become the key access point to a plethora of security-sensitive services, which we use on a daily basis, yet it was not designed with security in mind. Over the years, this has led to many security mechanisms which were piecemeal retrofit to not cause breakage to existing web applications. The goal of the SecWeb workshop is therefore twofold: we want to collect ideas on how the Web could be extended with novel security mechanisms, better access interfaces (browsers) and disciplined programming abstractions, so as to natively support secure web application development. Moreover, we also invite in particular contributions which aim to redesign parts of the ecosystem, so as not to be stuck on a patchwork of security on the Web, but rather have security built-in by design.

Besides traditional Web security papers, SecWeb particularly welcomes position papers which propose provocative thoughts on how (parts of) the current web platform could be heavily re-envisioned for security. Such proposals often do not fit major computer security conferences, because their real-world deployment might be complicated, yet they have value for the web security community, since they advance the understanding of relevant web security problems, their root causes and the design space of possible solutions. Ideally, we expect well-thought proposals accepted at SecWeb to be excellent starting points for discussion with browser vendors (which we explicitly envision as participants) and/or major players of the Web market, who have the commitment and the resources to convert academic proposals into reality.

Logistics & Dates

SecWeb 2024 is co-located with IEEE S&P 2024 and scheduled for May 23, 2024.



Important Dates

  • Submission Due: February 22 February 26, 2024 (11:59PM AoE)
  • Notification to authors: March 15, 2024
  • Camera-ready deadline for accepted papers: March 24, 2024

Call for Papers

All papers discussing Web security and Web privacy aspects are solicited for submission. SecWeb particularly welcomes position papers which propose provocative thoughts on how (parts of) the current Web platform could be heavily re-envisioned for security. This explicitly includes proposals that would break today’s Web to improve its security tomorrow.

Topics of interest include, but are not limited to, the following:

  • Browser security
  • Formal methods for Web security
  • Language-based Web security
  • Security policies for the Web
  • Usable Web security
  • Web application firewalls
  • Web attacks and defenses
  • Web authentication and authorization
  • Web protocol security
  • Web security architectures
  • Web tracking and online advertisement

Reviewing and Publication Process

SecWeb solicits both full and short papers. All papers must be written in English and must not exceed 10 pages (full) and 6 pages (short) in A4 format using the IEEE conference proceeding template (excluding bibliography and well-marked appendixes). Submissions must be in PDF format and should print easily on simple default configurations. Submissions are anonymous, so information that might identify the authors must be excluded. It is the authors' responsibility to ensure that their anonymity is preserved when citing their own work. Failures to adhere to these requirements can be grounds for rejection.

The proceedings will be published by the IEEE after the workshop and will be made available in IEEE Xplore. During submission, authors can choose to have their paper excluded from the proceedings. At least one author of each accepted paper must register to the workshop for presentation.

All submissions considered for inclusion in the proceedings must contain an original contribution. That is, these papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal, conference or workshop. In particular, simultaneous submission of the same work is not allowed. This requirement is relaxed for submissions which will not be included in the proceedings: in particular, we also invite papers that are currently under submission or planned to be submitted before the SecWeb notification.

Submission Site

Submissions go to https://secweb24.secpriv.tuwien.ac.at/.

Program Committee

  • Jason Polakis (University of Illinois at Chicago) -- Chair
  • Marco Squarcina (TU Wien) -- Chair
  • Alexandros Kapravelos (NC State)
  • Artur Janc (Google)
  • Aurore Fass (CISPA)
  • Coby Wang (Visa Research)
  • Cristian-Alexandru Staicu (CISPA)
  • David Klein (Technische Universität Braunschweig)
  • Frederik Braun (Mozilla)
  • Haehyun Cho (Soongsil University)
  • Hugo Jonker (Open University of the Netherlands)
  • Jannis Rautenstrauch (CISPA)
  • Junhua Su (NC State)
  • Kejsi Take (NYU)
  • Lorenzo Veronese (TU Wien)
  • Manuel Viaggi (EURECOM)
  • Marius Steffens (Google)
  • Matteo Große-Kampmann (Rhine-Waal University of Applied Sciences, AWARE7 GmbH)
  • Ming Xu (National University of Singapore)
  • Mingxue Zhang (Zhejiang University)
  • Mir Masood Ali (UIC)
  • Moe Ghasemisharif (Palo Alto Networks)
  • Panagiotis Ilia (Cyprus University of Technology)
  • Pedro Bernardo (TU Wien)
  • Pierre Laperdrix (CNRS)
  • Prianka Mandal (William and Mary)
  • Sebastian Roth (TU Wien)
  • Simon Koch (Technische Universität Braunschweig)
  • Sooel Son (KAIST)
  • Tom Van Goethem (Google / DistriNet, KU Leuven)
  • Umar Iqbal (Washington University in St. Louis)
  • Victor Le Pochat (imec-DistriNet, KU Leuven)
  • Walter Rudametkin (University of Lille)
  • Wei Meng (The Chinese University of Hong Kong)
  • Yohan Beugin (University of Wisconsin-Madison)

SecWeb Reviewing Mentoring

Reviewing is hard, constructive reviewing even more so. For SecWeb, we therefore will have a mentoring program for junior members of the community. We will invite a limited number of students in the area of Web security into the PC and each junior member will have a mentor with whom to discuss their reviews. In this way, junior community members are exposed to the reviewing and discussion process, while also benefiting from the experience and insights of more senior reviewers. If you or your students are interested in this, fill in the form to indicate your (or your students') interest.