Language based web security: the operational semantics approach

Add to your list(s) Download to your calendar using vCal

• Sergio Maffeis, Imperial College
• Friday 22 November 2013, 16:00-17:00
• Auditorium, Microsoft Research Ltd, 21 Station Road, Cambridge, CB1 2FB.

If you have a question about this talk, please contact Microsoft Research Cambridge Talks Admins.

This event may be recorded and made available internally or externally via http://research.microsoft.com. Microsoft will own the copyright of any recordings made. If you do not wish to have your image/voice recorded please consider this before attending

The goal of language based security is to develop applications that are provably secure by design. My recent research has focused on the development of programming-language and program-analysis techniques for enforcing web application security. In this talk I will describe the path from web technologies to formal models, and ultimately to security proofs. I will focus on two complementary JavaScript-related examples that lead to the discovery of fresh vulnerabilities in widely deployed web applications, such as Facebook, Yahoo!, FireFox, LastPass. These examples motivate an ongoing effort to mechanize the semantics of web programming languages: I will report on our progress on this front.

This talk is part of the Microsoft Research Cambridge, public talks series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Auditorium, Microsoft Research Ltd, 21 Station Road, Cambridge, CB1 2FB
• Cambridge Centre for Data-Driven Discovery (C2D3)
• Cambridge talks
• Chris Davis' list
• Guy Emerson's list
• Interested Talks
• Microsoft Research Cambridge, public talks
• Optics for the Cloud
• PMRFPS's
• School of Technology
• Trust & Technology Initiative - interesting events
• bld31
• ndk22's list
• ob366-ai4er
• personal list
• rp587

Note that ex-directory lists are not shown.