2014-09-10 Web Security - Securing Untrusted Web Content in Browsers - Phu Phung
Loyola University Water Tower Campus (Chicago/Michigan Area)
111 E. Pearson Street, Chicago IL 60611
Beane Ballroom (13th Floor, Lewis Towers) Campus map
Admission: Free, General Admission, open to the public
The majority of websites nowadays embed 3rd party JavaScript into their pages, coming from external partners. Ideally, these scripts are benign and come from trusted sources, but over time, these scripts often start to misbehave, or to come under control of an attacker. Unfortunately, the current state-of-practice integration techniques for 3rd party scripts do not impose restrictions on the execution of JavaScript code, allowing such an attacker to perform unwanted actions on behalf of the website owner and/or website visitor.
In this talk, the latest techniques in JavaScript security will be covered. In particular, our approach is based on self-protecting JavaScript and a 2-tier JavaScript sandbox architecture, which will be discussed in detail. Our proposed techniques will improve upon the state-of-the-art as it does not depend on browser modification nor pre-processing or transformation of untrusted code, thus allowing the secure enforcement of fine-grained, stateful access control policies.
Dr. Phu H. Phung is a researcher at Department of Computer Science and Engineering, Gothenburg University (Sweden) and currently holds a joint appointment as a research associate at Department of Computer Science, University of Illinois at Chicago (UIC). Prior to that, he was a postdoctoral researcher at Chalmers University of Technology (Sweden), where he received his PhD degree in 2011. He received an MSc degree from University of Ulsan (South Korea), 2006, and a bachelor degree from Ho Chi Minh City University of Technology (Vietnam) in 2001. In 2010, he spent 3 months as a visiting researcher at Stanford University. From 2001 to 2004, he was a lecturer at Department of Computer Science and Engineering, Ho Chi Minh City University of Technology.
His work focuses on software security research, spanning the use of inlined reference monitor approach for system security including JavaScript and web application security, security architecture for automobile systems, and cloud-based sustainability governance platforms. Dr. Phung is a senior member of IEEE and IEEE Computer Society, and a member of ACM, ACM SIGSAC, ACM SIGCSE, AAAS, and OWASP. Homepage: http://www.cs.uic.edu/~phu/
While there will be light refreshments available, feel free to "brown bag" it and bring in food from the outside to eat during the social hour.
Reservations:
Our primary system for meeting reservations is now the meetup.com site. Sign up for free and RSVP here:
or send an e-mail to greg@neumarke.net
Planned Meeting Dates:
October 8, 2014
November 12, 2014
December 10, 2014
January 14, 2015
February 11, 2015
March 11, 2015
April 8, 2015
Ian Horswill, speaker
May 20, 2015
June 10, 2015
Subscribe to the Chicago Chapter ACM e-mail list. (Look for an e-mail after pressing the button)