European Roadmap for Research on Web Security

The Web platform is a hotbed of innovation that will affect deployment of technologies and applications for the next decade, and will influence the security and privacy that European users and service providers can achieve. The STREWS project will link European security and trust related research and development with ongoing standards and development work for the Web in IETF and W3C. The project will develop a technical state of practice document for Web Security as a basis for case studies on selected Web security topics. A roadmap for future research and standardization in the Web security field will provide guidance for ongoing and future research. Over the course of the project, STREWS will reach out to European industry and projects, and organize a series of workshops to collect broad input into its roadmapping and case study work, and to create a European Web security community across academia and practice

Feeds from partners

From STREWS: CfP IEEE Internet Computing special issue on security and the real-time Web

31 March 2014, 6:39 pm

The STREWS project is guest editor for a special issue of the IEEE Internet Computing magazine. The theme is security and the real-time Web. This is a copy of the Call for Papers: Call for Papers The real-time Web (WebRTC) is a maturing technology involving many players in what could be a significant evolution or revolution for voice and...

>> Read more...

From W3C: Last Call: User Interface Security Directives for Content Security Policy

18 March 2014, 2:45 pm

The Web Application Security Working Group has published a Last Call Working Draft of User Interface Security Directives for Content Security Policy. This document defines directives for the Content Security Policy mechanism to declare a set of input protections for a web resource’s user interface, defines a non-normative set of heuristics...

>> Read more...

From W3C: First Public Working Draft of Subresource Integrity Published

18 March 2014, 2:31 pm

The Web Application Security Working Group has published a First Public Working Draft of Subresource Integrity. This specification defines a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected manipulation. Learn more about the Security Activity.

>> Read more...

From STREWS: A successful STRINT workshop

13 March 2014, 1:18 pm

The STRINT workshop concluded with some preliminary recommendations: Encryption works and needs to be used more, despite its cost (which is steadily going down anyway). Data minimization is worthwhile, too, but difficult: Traffic analysis research and protocol development need to work together. The threat models discussed in the workshop...

>> Read more...

From STREWS: STRINT workshop papers published

8 February 2014, 6:31 pm

The first version of the agenda and the list of submitted papers of the STRINT workshop were published today. The agenda has seven sessions, three on Friday and the rest on Saturday: Threats, COMSEC (part 1), Policy, COMSEC (part 2), Metadata, Deployment, and Break-out sessions There are 66 papers. Together they give an overview of current...

>> Read more...

From Nessos: The Final version of the NESSoS research roadmap is available

2 February 2014, 9:45 pm

The final version of the NESSoS research roadmap is available at the URL:  http://www.nessos-project.eu/media/deliverables/y3/NESSoS-D4.3-PartII-Roadmap.pdf

>> Read more...

From STREWS: Submissions to STRINT workshop closed

21 January 2014, 5:49 pm

The deadline for position papers for the STRINT workshop has passed and submission is now closed. We are pleased with the large number of papers we received. The Program Committee is currently reviewing them and we expect to inform the authors of the results around January 31. The complete workshop program will be published around February 7.

>> Read more...

From STREWS: Publication

17 January 2014, 10:55 am

Publications Cookieless, monster: Exploring the ecosystem of web-based device fingerprinting, Nick Nikiforakis, IEEE Symposium on Security and Privacy 2013, 19-22 May 2013, IEEE Computer SocietyWashington, http://dx.doi.org/10.1109/SP.2013.43           You are what you include: large-scale evaluation of remote javascript inclusions  Nick...

>> Read more...

From Nessos: NESSoS invited presentation at ValueSec event

10 December 2013, 4:58 pm

A presentation on the NESSoS activities has been given by Fabio Martinelli at the final conference of the ValueSec project (www.valuesec.eu/). The ValueSec final conference has been a good opportunity to share the latest development of NESSoS in front of a large community of stakeholders interested in risk management activities.

>> Read more...

From Nessos: Project description

12 November 2010, 1:39 pm

The Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS) aims at constituting and integrating a long lasting research community on engineering secure software-based services and systems.

>> Read more...