Workshop on Web Applications and Secure Hardware (WASH’13)
In conjunction with the International Conference on Trust and Trustworthy Computing.
|Submission of papers:|
|Notification of authors:|
|Workshop:||20th June 2013|
Web browsers are becoming the platform of choice for applications that need to work across a wide range of different devices, including mobile phones, tablets, PCs, TVs and in-car systems. However, for web applications which require a higher level of assurance, such as online banking, mobile payment, and media distribution (DRM), there are significant security and privacy challenges. A potential solution to some of these problems can be found in the use of secure hardware – such as TPMs, Arm TrustZone, virtualisation and secure elements – but these are rarely accessible to web applications or used by web browsers.
This workshop will focus on how secure hardware can enhance web applications and web browsers to provide functionality such as credential storage, attestation and secure execution. This includes challenges in usability and compatibility (supporting the same security features despite different user hardware) as well as multi-device scenarios where a device with hardware mechanisms can help provide assurance for systems without. Also of interest are proposals to enhance existing security mechanisms and protocols, security models where the browser is not trusted by the web application, and enhancements to the browser itself.
The primary goals of the workshop are to identify challenges in this area, share early results and work-in-progress, and identify new areas for research and development.
We invite submissions on the following topics:
- Trustworthy computing infrastructures for web applications
- Improvements to existing web protocols and APIs based on secure hardware
- APIs and standards for browser-based cryptography and access to secure hardware
- Uses of secure hardware in web browsers
- Enhancing the security of mobile web applications through trusted hardware
- Security models for web applications involving secure hardware
- Credential management and key storage in the browser
- Web application authentication
- Multi-screen secure web applications
- Web browser access control and isolation techniques
- Design implications of web applications running on secure hardware
We strongly encourage work-in-progress papers, experience reports and position papers.
- Submissions due: 26th April 2013
- Notification: 13th May 2013
- Workshop: 20th June 2013
We intend to publish the accepted papers with CEUR, an open access publisher of peer-reviewed workshops proceedings. CEUR proceedings can be indexed with DBLP and can be found from Google Scholar. Authors will retain the copyright for individual papers but will grant the proceedings editors non-exclusive and non-time limited publication permission.
Submissions should be submitted via EasyChair using this link: https://www.easychair.org/conferences/?conf=wash13 .
Please use the Springer LNCS template for submissions. Submissions must be in PDF format and should also meet the guidelines outlined on the CEUR submission webpage. These include two important points:
- All papers must be scientific or serve academic purposes. Advertisements (including logos of sponsor companies) are not permitted.
- The papers must be original, i.e. not published in an earlier workshop or conference or journal.
We strongly recommend that papers are no more than 7 pages long. Longer papers may be accepted, but reviewers will be critical of papers which could have been made shorter.
All submissions that meet these guidelines will be peer reviewed.
See the committees page.
For more information, please contact John Lyle ( john.lyle [at ] cs.ox.ac.uk ).