The Workshop on Web Applications and Secure Hardware will be happening on June 20th, 2013 in conjunction with Trust 2013.
The workshop seeks is to bring together researchers and developers in academia and industry to discuss the state of the art in using secure hardware with web applications. The main goals are:
- identifying the key challenges and issues surrounding use of secure hardware for web application,
- sharing information about ongoing academic projects,
- finding out about new emerging web standards and gather experience reports from real systems, and
- identifying new opportunities for research and development.
From the call for papers:
Web browsers are becoming the platform of choice for applications that need to work across a wide range of different devices, including mobile phones, tablets, PCs, TVs and in-car systems. However, for web applications which require a higher level of assurance, such as online banking, mobile payment, and media distribution (DRM), there are significant security and privacy challenges. A potential solution to some of these problems can be found in the use of secure hardware – such as TPMs, Arm TrustZone, virtualisation and secure elements – but these are rarely accessible to web applications or used by web browsers.
This workshop will focus on how secure hardware can enhance web applications and web browsers to provide functionality such as credential storage, attestation and secure execution. This includes challenges in compatibility (supporting the same security features despite different user hardware) as well as multi-device scenarios where a device with hardware mechanisms can help provide assurance for systems without. Also of interest are proposals to enhance existing security mechanisms and protocols, security models where the browser is not trusted by the web application, and enhancements to the browser itself.
The WASH’13 workshop is sponsored by Gemalto