Max-Planck-Institut für Informatik
max planck institut
informatik
mpii logo Minerva of the Max Planck Society
 

MPI-INF or MPI-SWS or Local Campus Event Calendar

<< Previous Entry Next Entry >> New Event Entry Edit this Entry Login to DB (to update, delete)
What and Who
Title:Principled and Practical Web Application Security
Speaker:Deian Stefan
coming from:Stanford University
Speakers Bio:Deian Stefan is a PhD student in Computer Science at Stanford. His
research interests intersect systems, programming languages, and
security. As part of his PhD work, Deian focused on web application
security; he built practical systems with formal underpinnings that
enable average developers to build secure web applications. Deian is a
recipient of a NDSEG Fellowship and a Mozilla Research Grant for his
work on web security. He is a co-founder and the CTO of GitStar Inc.,
a company that provides security-as-a-service to web developers. He
is a member of the W3C Web Application Security Group, where he serves
as editor of the COWL spec. He received his BE and ME in Electrical
Engineering from Cooper Union.
Event Type:SWS Colloquium
Visibility:D1, D2, D3, D4, D5, SWS, RG1, MMCI
We use this to send out email in the morning.
Level:Expert Audience
Language:English
Date, Time and Location
Date:Monday, 2 March 2015
Time:10:30
Duration:60 Minutes
Location:Saarbr├╝cken
Building:E1 5
Room:029
Abstract
Large-scale private user data theft has become a common occurrence on
the web. A huge factor in these privacy breaches we hear so much
about is that developers specify and enforce data security policies by
strewing checks throughout their application code. Overlooking even a
single check can lead to vulnerabilities.

In this talk, I will describe a new approach to protecting sensitive
data even when application code is buggy or malicious. The key ideas
behind my approach are to separate the security and privacy concerns
of an application from its functionality, and to use language-level
information flow control (IFC) to enforce policies throughout the
code. The main challenge of this approach is at once to design
practical systems that can be easily adopted by average developers,
and simultaneously to leverage formal semantics that rule out large
classes of design error. The talk will cover a server-side web
framework (Hails), a language-level IFC system (LIO), and a browser
security architecture (COWL), which, together, provide end-to-end
security against the privacy leaks that plague today's web
applications.
Contact
Name(s):Brigitta Hansen
Phone:0681 93039102
EMail:--email address not disclosed on the web
Video Broadcast
Video Broadcast:YesTo Location:Kaiserslautern
To Building:G26To Room:112
Tags, Category, Keywords and additional notes
Note:
Attachments, File(s):
Created by:Brigitta Hansen/MPI-SWS, 02/24/2015 01:24 PMLast modified by:Uwe Brahm/MPII/DE, 11/24/2016 04:14 PM
  • Brigitta Hansen, 02/24/2015 01:27 PM -- Created document.