Language based web security: the operational semantics approach

Add to your list(s) Download to your calendar using vCal

• Sergio Maffeis, Imperial College, London
• Thursday 30 May 2013, 16:00-17:00
• Room FW11, Computer Laboratory, William Gates Building.

If you have a question about this talk, please contact Jonathan Hayman.

The goal of language based security is to develop applications that are provably secure by design. My recent research has focused on the development of programming-language and program-analysis techniques for enforcing web application security.

In this talk I will describe the path from web technologies to formal models, and ultimately to security proofs. I will focus on two complementary JavaScript-related examples that lead to the discovery of fresh vulnerabilities in widely deployed web applications, such as Facebook, Yahoo!, FireFox, LastPass. These exampls motivate an ongoing effort to mechanize the semantics of web programming languages: I will report on our progress on this front.

This talk is part of the Logic and Semantics Seminar (Computer Laboratory) series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Computer Laboratory talks
• Computing and Mathematics
• Logic and Semantics Seminar (Computer Laboratory)
• Room FW11, Computer Laboratory, William Gates Building
• School of Technology

Note that ex-directory lists are not shown.