In this talk, I will share my reflection about web security research. There are a number of superficial understandings about the nature of web security issues, the focus of defense technologies and the emerging concept of Web3. To deepen these understandings, it is necessary to see the Web as a “multi-mind” computing paradigm, which has two fundamental characteristics: (1) it is an open platform on which people with potential conflicts of interest (COI) can add code modules; (2) app functionalities are achieved by running through multiple COI modules. These characteristics distinguish the Web from other computing paradigms, such as personal computing, cloud computing and even distributed computing. Recognizing the intrinsic multi-mind nature of the Web, I will use concrete examples to show some unique research angles. I will explain that web security problems are not general security problems manifested in the Web. Accordingly, there are novel promising approaches that are methodological for defense. In the last part of the talk, I will argue that Web3 is a natural next stage in the evolution of the Web.

Speaker's Biography: Shuo Chen is a senior principal researcher at Microsoft Research Redmond. His interest is about studying operational systems to understand their security challenges and develop systematic solutions. He worked in the areas of software-as-a-service, browser, web privacy/security and blockchain/smart-contract. His research led to several real-world security pushes, such as a cross-company effort to fix browser bugs that compromise HTTPS security; Microsoft Internet Explorer team’s effort to systematically fix GUI-spoofing (phishing) bugs; a cross-company effort to fix logic bugs in e-commerce, online payment and single-sign-on services. His research was covered by the media, such as CNN, CNET, MIT Tech Review, etc. He also works in the area of program verification for browsers, web protocols and smart contracts. Shuo served on the program committees for IEEE S&P, USENIX Security, ACM CCS, DSN, etc. He obtained his Ph.D. degree from University of Illinois at Urbana-Champaign.

View More Papers

SSL-WM: A Black-Box Watermarking Approach for Encoders Pre-trained by...

Peizhuo Lv (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Pan Li (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Shenchen Zhu (Institute of Information Engineering, Chinese Academy of Sciences, China;…

Read More

Investigating the Impact of Evasion Attacks Against Automotive Intrusion...

Paolo Cerracchio, Stefano Longari, Michele Carminati, Stefano Zanero (Politecnico di Milano)

Read More

Random Spoofing Attack against Scan Matching Algorithm SLAM (Long)

Masashi Fukunaga (MitsubishiElectric), Takeshi Sugawara (The University of Electro-Communications)

Read More

TinyML meets IoBT against Sensor Hacking

Raushan Kumar Singh (IIT Ropar), Sudeepta Mishra (IIT Ropar)

Read More