2014-09-10 Web Security - Securing Untrusted Web Content in Browsers - Phu Phung

The majority of websites nowadays embed 3rd party JavaScript into their pages, coming from external partners. Ideally, these scripts are benign and come from trusted sources, but over time, these scripts often start to misbehave, or to come under control of an attacker. Unfortunately, the current state-of-practice integration techniques for 3rd party scripts do not impose restrictions on the execution of JavaScript code, allowing such an attacker to perform unwanted actions on behalf of the website owner and/or website visitor.

In this talk, the latest techniques in JavaScript security will be covered. In particular, our approach is based on self-protecting JavaScript and a 2-tier JavaScript sandbox architecture, which will be discussed in detail. Our proposed techniques will improve upon the state-of-the-art as it does not depend on browser modification nor pre-processing or transformation of untrusted code, thus allowing the secure enforcement of fine-grained, stateful access control policies.

Dr. Phu H. Phung is a researcher at Department of Computer Science and Engineering, Gothenburg University (Sweden) and currently holds a joint appointment as a research associate at Department of Computer Science, University of Illinois at Chicago (UIC). Prior to that, he was a postdoctoral researcher at Chalmers University of Technology (Sweden), where he received his PhD degree in 2011. He received an MSc degree from University of Ulsan (South Korea), 2006, and a bachelor degree from  Ho Chi Minh City University of Technology (Vietnam) in 2001.  In 2010, he spent 3 months as a visiting researcher at Stanford University. From 2001 to 2004, he was a lecturer at Department of Computer Science and Engineering, Ho Chi Minh City University of Technology.

His work focuses on software security research, spanning the use of inlined reference monitor approach for system security including JavaScript and web application security, security architecture for automobile systems, and cloud-based sustainability governance platforms. Dr. Phung is a senior member of IEEE and IEEE Computer Society, and a member of ACM, ACM SIGSAC, ACM SIGCSE, AAAS, and OWASP. Homepage: http://www.cs.uic.edu/~phu/ 

While there will be light refreshments available, feel free to "brown bag" it and bring in food from the outside to eat during the social hour.

Reservations:

Our primary system for meeting reservations is now the meetup.com site. Sign up for free and RSVP here:

meetup.com/chicagoacm

or send an e-mail to greg@neumarke.net