addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgoogleimageimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

Crossing Origins by Crossing Formats

Vi får storfint besøk av Jonas Magazinius ( @internot_ )


[masked]: A lanugage based approach to securing mashups
[masked]: Mat
[masked]: Crossing origins by crossing formats


"A language based approach to securing mashups"

15 years have passed since the “same-origin policy” (SOP) was introduces, with the purpose to control the interaction between web sites. Web sites of today, in particular so called mashups, differ radically in how they interact compared to 15 years ago, and the SOP has become an obstacle that needs to be circumvented. Despite numerous hacks and efforts to control interactions in a secure manner, this problem continues to be challenging. On-going research at Chalmers investigates using language-based techniques to control the flow of information, and by doing so maintaining the hich level of interaction without making compromises in security.


"Crossing Origins by Crossing Formats"

In a heterogeneous system like the web, information is exchanged between components in versatile formats. A new breed of attacks is on the rise that exploit the mismatch between the expected and provided content. We identify the root cause of a large class of attacks: polyglots. A polyglot is a program that is valid in multiple programming languages. Polyglots allow multiple interpretations of the content, providing a new space of attack vectors. We characterize of what constitutes a dangerous format in the web setting and identify particularly dangerous formats, with PDF as the prime example. We demonstrate that polyglot-based attacks on the web open up for insecure communication across Internet origins.

Jonas Magazinius is a PhD student in the Language-based Security group at Chalmers University of Technology. The focus of his research is information-flow in mash-up web applications. Jonas is specialized in web application security, but is interested in most aspects of security. When not immersed in JavaScript, Jonas helps organize events in the OWASP Gothenburg chapter.”





Join or login to comment.

  • Erlend O.

    Jonas' information flow challenge:

    February 7, 2013

  • Erlend O.

    Dere som ikke kom gikk glipp av to _meget_ interessante foredrag :-)

    1 · February 7, 2013

  • Erlend O.

    Dersom du ikke finner frem kan du ringe Arnar på[masked] eller Erlend på 98219335. Det vil henge lapp på inngangsdøra.

    February 4, 2013

  • Erlend O.

    The presentations will be in English

    January 11, 2013

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy