Campus Event Calendar: John C. Mitchell (05/04/2009 in E1 4/019)

Campus Event Calendar

Campus Event Calendar:
- All Upcoming:
  - only for D1
  - only for D2
  - only for INET
  - only for D4
  - only for D5
  - only for D6
  - only for RG1
  - Mailing Lists
  - by Speaker
  - by Type
  - by Category
  - by Title
  - Calendar
  - RSS Feed
- History of Events:

Event Entry

New for: D1, D3, D4, D5

What and Who

JavaScript Isolation and Web Security

John C. Mitchell

Stanford University

SWS Colloquium

http://theory.stanford.edu/people/jcm/

AG 1, AG 3, AG 4, AG 5, SWS, RG1, MMCI

MPI Audience

English

Note: We use this to send email in the morning.

Date, Time and Location

Monday, 4 May 2009

16:00

60 Minutes

E1 4

019

Saarbrücken

Abstract

Web sites that incorporate untrusted content may use browser-or
language-based methods to keep such content from maliciously altering
pages, stealing sensitive information, or causing other harm. We use
accepted methods from the study of programming languages to
investigate language-based methods for filtering and rewriting
JavaScript code, using Facebook's FBJS as a motivating example.

We explain the core problems by describing previously unknown
vulnerabilities and shortcomings, provide JavaScript code that
enforces provable isolation properties at run-time, and develop a
foundation for improved solutions based on an operational semantics of the full ECMA262 language. We also compare our results with the
techniques used in FBJS.

Joint work with Sergio Maffeis and Ankur Taly

Contact

Michael Backes

--email hidden

System used:

Meeting URL:

Meeting ID:

Passcode:

passcode not visible

Code Visible for:

logged in users only

Tags, Category, Keywords and additional notes

Keywords, Tags:

JavaScript, Security, Web, Browser

Carina Schmitt, 05/11/2009 11:00
Carina Schmitt, 05/04/2009 10:47
Uwe Brahm, 05/04/2009 10:33 -- Created document.

Imprint / Impressum | Data Protection / Datenschutzhinweis