[Nets-seminars] TODAY: faculty candidate talk,
Deian Stefan (Stanford CS)
Brad Karp
bkarp at cs.ucl.ac.uk
Wed Mar 25 08:35:03 GMT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A reminder to all: *please* come join us for a talk by CS faculty
candidate Deian Stefan of Stanford CS, who is interviewing for a
Lecturer position in the Systems and Networks research group. Deian's
talk is at 2 PM TODAY in Medical Sciences HO Schild G46 LT (just on
the other side of the "tunnel" on the way to the main UCL quad).
We very much need excellent turnout from colleagues across *all*
research areas; Deian's talk is pitched to a broad CS audience, and
good talk attendance (and questions!) is an important part of showing
that our department offers a vibrant intellectual community.
Deian is doing exciting practical work in systems security, and draws
on techniques from programming languages, crypto, and systems in his work.
Title, abstract, and bio follow.
See you there!
- -Brad, bkarp at cs.ucl.ac.uk
- ---
UCL CS Faculty Candidate Talk
Speaker: Deian Stefan, Stanford CS
http://www.scs.stanford.edu/~deian/index.html#apps
Location and time: 2 PM, Wed 25 Mar, HO Schild G46 LT
Title:
Principled and Practical Web Application Security
Abstract:
Large-scale private user data theft has become a common occurrence on
the web. A huge factor in these privacy breaches we hear so much
about is that developers specify and enforce data security policies by
strewing checks throughout their application code. Overlooking even a
single check can lead to vulnerabilities.
In this talk, I will describe a new approach to protecting sensitive
data even when application code is buggy or malicious. The key ideas
behind my approach are to separate the security and privacy concerns
of an application from its functionality, and to use language-level
information flow control (IFC) to enforce policies throughout the
code. The main challenge of this approach is at once to design
practical systems that can be easily adopted by average developers,
and simultaneously to leverage formal semantics that rule out large
classes of design error. The talk will cover a server-side web
framework (Hails), a language-level IFC system (LIO), and a browser
security architecture (COWL), which, together, provide end-to-end
security against the privacy leaks that plague today's web applications.
Bio:
Deian Stefan is a PhD student in Computer Science at Stanford. His
research interests intersect systems, programming languages, and
security. As part of his PhD work, Deian focused on web application
security; he built practical systems with formal underpinnings that
enable average developers to build secure web applications. Deian is a
recipient of a NDSEG Fellowship and a Mozilla Research Grant for his
work on web security. He is a co-founder and the CTO of GitStar Inc.,
a company that provides security-as-a-service to web developers. He
is a member of the W3C Web Application Security Group, where he serves
as editor of the COWL spec. He received his BE and ME in Electrical
Engineering from Cooper Union.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlUSczEACgkQNz6hPDTA3IFWRQCcCkelAPoxC74sVkdEBnQn9YwJ
4S4An2SShd5qP8rjVHiI2mNsGGwuu/Q4
=NajN
-----END PGP SIGNATURE-----
More information about the Nets-seminars
mailing list