Language based web security: the operational semantics approach
Add to your list(s)
Download to your calendar using vCal
If you have a question about this talk, please contact Microsoft Research Cambridge Talks Admins.
This event may be recorded and made available internally or externally via http://research.microsoft.com. Microsoft will own the copyright of any recordings made. If you do not wish to have your image/voice recorded please consider this before attending
The goal of language based security is to develop applications that are provably secure by design. My recent research has focused on the development of programming-language and program-analysis techniques for enforcing web application security.
In this talk I will describe the path from web technologies to formal models, and ultimately to security proofs. I will focus on two complementary JavaScript-related examples that lead to the discovery of fresh vulnerabilities in widely deployed web applications, such as Facebook, Yahoo!, FireFox, LastPass. These examples motivate an ongoing effort to mechanize the semantics of web programming languages: I will report on our progress on this front.
This talk is part of the Microsoft Research Cambridge, public talks series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
|