| CARVIEW |
Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) 2026
Call for Papers
The web connects billions of devices, running a plethora of clients, and serves billions of users every day. To cope with such a widespread adoption, the web constantly changes. This is evident by some browsers that have a release cycle of just six weeks. Unfortunately, these rapid changes are not always designed with a security mindset, resulting in new attack vectors not observed before.
The MADWeb workshop aims to attract researchers who work on the intersection of browser evolution and web security. Our goal is to create and sustain a specialized venue for discussing any aspects of web security and privacy, such as the rapid changes to browsers from a security perspective, the security implications of current web technologies, how we can protect users now, and make browsers in the future more secure without hindering the evolution of the web.
Since MADWeb merged with the SecWeb workshop in 2025, we welcome ideas on extending the web with novel security mechanisms, better access interfaces (browsers), and disciplined programming abstractions to support secure web application development natively. Moreover, we invite contributions that propose provocative thoughts on re-envisioning (part of) the current web platform with security built-in by design.
We welcome work in progress and encourage junior researchers to explore new ideas before publication at a major security conference. We select papers based on their technical contributions and their potential to spark interesting discussions at MADWeb.
Our social media contacts are:
Please use the official hashtag #MADWeb for any public posts related to the workshop.
Important Dates
- Abstract submission: Thursday, December 11, 2025 Anywhere-on-earth (AOE)
- Paper submission:
Thursday, December 11, 2025 Anywhere-on-earth (AOE)Wednesday, December 17, 2025 Anywhere-on-earth (AOE) - Acceptance notification (tentative): Friday, January 16, 2026
- Camera-ready deadline (tentative): Friday February 6, 2026
- Workshop date: Friday February 27, 2026 (co-located with NDSS 2026)
Areas of Interest
Submissions are solicited in, but not limited to, the following areas:
- Fingerprinting and tracking on the web
- Browser exploitation
- Secure browser architectures
- Security and privacy of emerging web technologies
- Security of progressive web apps
- Web authentication and authorization
- Web protocol security
- Security policies for the web
- Formal methods for web security
- Measurement studies of online crime, fraud, and underground economies
- Measurement studies of web security & privacy issues
- Privacy-enhancing technologies for the web
- Machine learning and AI applications for a secure web
- Data-driven web security and malware detection
- Anti-phishing technologies
- Detection of bots and crawlers/scrapers
- DNS security and privacy
- Unethical and malicious activity on the web
- Digital forensics for the web
- Security and privacy of GenAI’s integration on the web
Submission Instructions
All papers must be written in English. Papers must be formatted for US letter size (not A4) paper in a two-column layout, with columns no more than 9.25 in. high and 3.5 in. wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing. Authors are strongly encouraged to use the templates provided by NDSS.
We invite both full papers and work-in-progress papers. Full papers should have no more than 10 pages in total (excluding references and appendices). Work-in-progress papers must have less than 6 pages (again, excluding references and appendices), and can discuss work-in-progress and novel ideas. Please prefix the paper title with (“Work-in-progress:”). Work-in-progress papers will be selected based on their potential to spark interesting discussions during the workshop and they will not be included in the formal proceedings of the workshop. Note that full papers might be accepted as Work-in-progress if they are deemed as not mature enough but may spark enough discussions at the workshop.
Submissions must be properly anonymized for double-blind review (please follow NDSS guidelines on paper anonymization).
Submission site https://madweb26.hotcrp.com/
Use of Generative AI (drawn from NDSS CFP)
The use of Generative Artificial Intelligence, i.e., tools capable of generating text, images, or other data using generative models, often in response to prompts, is permitted for paper preparation as long as (1) the result does not plagiarize, misrepresent, or falsify content, (2) the resulting work in its totality is an accurate representation of the authors’ underlying work and novel intellectual contributions and is not primarily the result of the tools’ generative capabilities, and (3) the authors accept responsibility for the veracity and correctness of all material in their paper, including any AI-generated material.
The use of generative AI software tools must be disclosed as part of the paper submission. The level of disclosure should be commensurate with the proportion of new text or content generated by these tools. If entire (sub)sections of a paper, including tables, graphs, images, and other content were AI-generated, the authors must disclose which sections and which tools and tool versions were used to generate those sections (e.g., by preparing an Appendix that describes the use, specific tools and versions, the text of the prompts provided as input, and any post-generation editing). If the amount of text being generated is small (limited to phrases or a few sentences), then it would be sufficient to add a citation or a footnote to the relevant section of the submission utilizing the system(s) and include a general disclaimer in the Acknowledgements section. If generative AI software tools are only used to edit and improve the quality of human-generated existing text in much the same way as one would use a basic word processing system to correct spelling or grammar or use a typing assistant (like Grammarly) to improve spelling, grammar, punctuation, clarity, engagement, it is not necessary to disclose such usage of these tools in the paper.
Ethical Considerations (drawn from NDSS CFP)
Each paper may optionally include an “Ethics Considerations” section immediately preceding the reference section. In this section, the authors may discuss if they believe the work poses any ethical risk and the steps that are taken to mitigate such risk. If the authors believe that their work does not pose any ethical considerations, this section is not necessary.
Research can potentially lead to adverse outcomes. Individuals or organizations may experience negative consequences during the research process, immediately following publication, or in the future. Authors must proactively anticipate and address potential negative consequences of both conducting and publishing their research. Submissions may be rejected regardless of scientific merit if they fail to adequately address ethical concerns. If a paper relates to human subjects, analyzes data derived from human subjects, may put humans at risk, or might have other ethical implications or introduce legal issues of potential concern to the NDSS community, authors should disclose if an ethics review (e.g., IRB approval) was conducted, and discuss in the paper how ethical and legal concerns were addressed. IRB exemptions may not be sufficient grounds for proper mitigation of ethical concerns. If the paper reports a potentially high-impact vulnerability, the authors should report or at least discuss their plan for responsible disclosure. The chairs will contact the authors in case of concerns. An Ethics Review Board (ERB), consisting of TPC members, will check papers flagged by reviewers as potentially including ethically fraught research. Authors are encouraged to review the Menlo Report for general ethical guidelines for computer and information security research. The Program Committee reserves the right to reject a submission if insufficient evidence was presented that ethical or relevant legal concerns were appropriately addressed.
Workshop Format
MADWeb will be co-located with NDSS 2026. MADWeb will be an on-site event.
One author of each accepted paper is expected to present the paper, in person, at the workshop. The format will be traditional conference-style research presentations with questions from the audience. Interactive and engaging presentations are welcome. As for the previous editions, we plan to give best paper and best presentation awards. Following notification to authors, more information will be provided regarding speaking times and other details.
The accepted papers will be made available on the workshop website and the workshop will have official proceedings. Publication in the proceedings is not mandatory and authors can choose to have their papers excluded from the official proceedings by selecting “No proceedings” during submission in HotCRP.
Program Committee Co-Chairs
- Limin Jia, Carnegie Mellon University
- Umar Iqbal, Washington University in St. Louis
Program Committee Nomination
Want to help shape MADWeb 2026? Nominate yourself for the Program Committee: https://forms.gle/7nPk4vukFmDFqrD27
Deadline: Oct 31, 2025
Program Committee
- Abdul Haddi Amjad, Virginia Tech
- Adnan Ahmed, Meta Platforms
- Alexandra Nisenoff, CMU
- Anastasia Shuba, DuckDuckGo
- Carl Magnus Bruhner, Linköping University
- Christoph Kerschbaumer, Mozilla
- Coby Wang, Visa Research
- Deian Stefan, UCSD
- Giancarlo Pellegrino, CISPA
- Kostas Solomos, Brandeis University
- Kyungchan Lim, University of Maryland
- Marco Squarcina, TU Wien
- Marius Steffens, Google
- Martin Johns, TU Braunschweig
- Muhammad Muzammil, Stony Brook University
- Nick Nikiforakis, Stony Brook University
- Nikita Borisov, UIUC
- Nurullah Demir, Stanford University
- Pedro Adão, Instituto Superior Técnico
- Peter Snyder, Brave Software
- Ruofan Liu, National University of Singapore
- Saiid El Hajj Chehade, EPFL
- Salim Chouaki, New York University Abu Dhabi
- Shehroze Farooqi, Palo Alto Networks
- Shubham Agarwal, Max Planck Institute for Security and Privacy
- Simon Koch, University of Innsbruck
- Steven Englehardt, DuckDuckGo
- Stijn Pletinckx, University of California, Santa Barbara
- Tom Van Goethem, Google
- Victor Le Pochat, DG CNECT
- Yash Vekaria, University of California, Davis
- Yi Han, F5 Networks
- Yohan Beugin, University of Wisconsin–Madison
- Zahra Moti, Radboud University
- Zane Ma, Oregon State University
Steering Committee
- Alexandros Kapravelos, North Carolina State University
- Nick Nikiforakis, Stony Brook University
- Oleksii Starov, Palo Alto Networks
- Roberto Perdisci, University of Georgia
- Zubair Shafiq, University of California, Davis
- Aurore Fass, CISPA Helmholtz Center for Information Security
- Marco Squarcina, TU Wien
- Yinzhi Cao, Johns Hopkins University
madwebwork.bsky.social
infosec.exchange/@madwebwork
@madwebwork
MADWeb 2026, in cooperation with the NDSS Symposium