Language based web security: the operational semantics approach
Add to your list(s)
Download to your calendar using vCal
If you have a question about this talk, please contact Jonathan Hayman.
The goal of language based security is to develop applications that are
provably secure by design. My recent research has focused on the
development of programming-language and program-analysis techniques for
enforcing web application security.
In this talk I will describe the path from web technologies to formal
models, and ultimately to security proofs. I will focus on two
complementary JavaScript-related examples that lead to the discovery of
fresh vulnerabilities in widely deployed web applications, such as
Facebook, Yahoo!, FireFox, LastPass. These exampls motivate an ongoing
effort to mechanize the semantics of web programming languages: I will
report on our progress on this front.
This talk is part of the Logic and Semantics Seminar (Computer Laboratory) series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
|