Web security: Securing untrusted web content in browsers

This is a past event

46 people went


The large majority of websites nowadays embeds 3rd party JavaScript into their pages, coming from external partners. Ideally, these scripts are benign and come from trusted sources, but over time, these scripts often start to misbehave, or to come under control of an attacker. Unfortunately, the current state-of-practice integration techniques for 3rd party scripts do not impose restrictions on the execution of JavaScript code, allowing such an attacker to perform unwanted actions on behalf of the website owner and/or website visitor.

In this talk, the latest techniques in JavaScript security will be covered. In particular, our approach is based on self-protecting JavaScript and a 2-tier JavaScript sandbox architecture, which will be discussed in detail. Our proposed techniques will improve upon the state-of-the- art as it does not depend on browser modification nor pre-processing or transformation of untrusted code, thus allowing the secure enforcement of fine-grained, stateful access control policies.

Dr Phu H Phung (http://www.cs.uic.edu/~phu/phu.jpg)

Speaker's short bio:
Dr. Phu H. Phung is a researcher at Department of Computer Science and Engineering, Gothenburg University (Sweden) and currently holds a joint appointment as a research associate at Department of Computer Science, University of Illinois at Chicago (UIC). Prior to that, he was a postdoctoral researcher at Chalmers University of Technology (Sweden), where he received his PhD degree in 2011. He received an MSc degree from University of Ulsan (South Korea), 2006, and a bachelor degree from Ho Chi Minh City University of Technology (Vietnam) in 2001. In 2010, he spent 3 months as a visiting researcher at Stanford University. From 2001 to 2004, he was a lecturer at Department of Computer Science and Engineering, Ho Chi Minh City University of Technology.

His works focus on software security research, spanning the use of inlined reference monitor approach for system security including JavaScript and web application security, security architecture for automobile system, and cloud-based sustainability governance platforms. Dr. Phung is a senior member of IEEE and IEEE Computer Society, and a member of ACM, ACM SIGSAC, ACM SIGCSE, AAAS, and OWASP. Homepage: http://www.cs.uic.edu/~phu/