2014-09-10 Web Security - Securing Untrusted Web Content in Browsers - Phu Phung

A joint Chicago Chapter ACM / Loyola University Computer Science Department meeting

Web security: Securing Untrusted Web Content in Browsers

Speaker: Dr Phu H Phung 

Wednesday, September 10, 2014

5:45 pm (Social Hour, light refreshments)

6:30 pm Presentation

Loyola University Water Tower Campus (Chicago/Michigan Area)

111 E. Pearson Street, Chicago IL 60611

Beane Ballroom (13th Floor, Lewis Towers) Campus map

Admission: Free, General Admission, open to the public

The majority of websites nowadays embed 3rd party JavaScript into their pages, coming from external partners. Ideally, these scripts are benign and come from trusted sources, but over time, these scripts often start to misbehave, or to come under control of an attacker. Unfortunately, the current state-of-practice integration techniques for 3rd party scripts do not impose restrictions on the execution of JavaScript code, allowing such an attacker to perform unwanted actions on behalf of the website owner and/or website visitor.

In this talk, the latest techniques in JavaScript security will be covered. In particular, our approach is based on self-protecting JavaScript and a 2-tier JavaScript sandbox architecture, which will be discussed in detail. Our proposed techniques will improve upon the state-of-the-art as it does not depend on browser modification nor pre-processing or transformation of untrusted code, thus allowing the secure enforcement of fine-grained, stateful access control policies.

Dr. Phu H. Phung is a researcher at Department of Computer Science and Engineering, Gothenburg University (Sweden) and currently holds a joint appointment as a research associate at Department of Computer Science, University of Illinois at Chicago (UIC). Prior to that, he was a postdoctoral researcher at Chalmers University of Technology (Sweden), where he received his PhD degree in 2011. He received an MSc degree from University of Ulsan (South Korea), 2006, and a bachelor degree from  Ho Chi Minh City University of Technology (Vietnam) in 2001.  In 2010, he spent 3 months as a visiting researcher at Stanford University. From 2001 to 2004, he was a lecturer at Department of Computer Science and Engineering, Ho Chi Minh City University of Technology.

His work focuses on software security research, spanning the use of inlined reference monitor approach for system security including JavaScript and web application security, security architecture for automobile systems, and cloud-based sustainability governance platforms. Dr. Phung is a senior member of IEEE and IEEE Computer Society, and a member of ACM, ACM SIGSAC, ACM SIGCSE, AAAS, and OWASP. Homepage: http://www.cs.uic.edu/~phu/ 

While there will be light refreshments available, feel free to "brown bag" it and bring in food from the outside to eat during the social hour.

Reservations:

Our primary system for meeting reservations is now the meetup.com site. Sign up for free and RSVP here:

meetup.com/chicagoacm

or send an e-mail to greg@neumarke.net

  

LinkedIn

Planned Meeting Dates

October 8, 2014

November 12, 2014

December 10, 2014

January 14, 2015

February 11, 2015

March 11, 2015

April 8, 2015

Ian Horswill, speaker

May 20, 2015

June 10, 2015

Subscribe to the Chicago Chapter ACM e-mail list. (Look for an e-mail after pressing the button)