[Nets-seminars] NOW: faculty candidate talk,
Deian Stefan (Stanford CS)
Brad Karp
bkarp at cs.ucl.ac.uk
Wed Mar 25 13:57:22 GMT 2015
Just a final reminder--all encouraged to please join us!
Begin forwarded message:
> From: Brad Karp <bkarp at cs.ucl.ac.uk>
> Date: March 25, 2015 at 8:35:03 AM GMT
> To: research at cs.ucl.ac.uk
> Cc: nets at cs.ucl.ac.uk, nets-seminars at cs.ucl.ac.uk, bkarp at cs.ucl.ac.uk
> Subject: TODAY: faculty candidate talk, Deian Stefan (Stanford CS)
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> A reminder to all: *please* come join us for a talk by CS faculty
> candidate Deian Stefan of Stanford CS, who is interviewing for a
> Lecturer position in the Systems and Networks research group. Deian's
> talk is at 2 PM TODAY in Medical Sciences HO Schild G46 LT (just on
> the other side of the "tunnel" on the way to the main UCL quad).
>
> We very much need excellent turnout from colleagues across *all*
> research areas; Deian's talk is pitched to a broad CS audience, and
> good talk attendance (and questions!) is an important part of showing
> that our department offers a vibrant intellectual community.
>
> Deian is doing exciting practical work in systems security, and draws
> on techniques from programming languages, crypto, and systems in his work.
>
> Title, abstract, and bio follow.
>
> See you there!
>
> - -Brad, bkarp at cs.ucl.ac.uk
>
> - ---
>
> UCL CS Faculty Candidate Talk
>
> Speaker: Deian Stefan, Stanford CS
> http://www.scs.stanford.edu/~deian/index.html#apps
>
> Location and time: 2 PM, Wed 25 Mar, HO Schild G46 LT
>
> Title:
>
> Principled and Practical Web Application Security
>
> Abstract:
>
> Large-scale private user data theft has become a common occurrence on
> the web. A huge factor in these privacy breaches we hear so much
> about is that developers specify and enforce data security policies by
> strewing checks throughout their application code. Overlooking even a
> single check can lead to vulnerabilities.
>
> In this talk, I will describe a new approach to protecting sensitive
> data even when application code is buggy or malicious. The key ideas
> behind my approach are to separate the security and privacy concerns
> of an application from its functionality, and to use language-level
> information flow control (IFC) to enforce policies throughout the
> code. The main challenge of this approach is at once to design
> practical systems that can be easily adopted by average developers,
> and simultaneously to leverage formal semantics that rule out large
> classes of design error. The talk will cover a server-side web
> framework (Hails), a language-level IFC system (LIO), and a browser
> security architecture (COWL), which, together, provide end-to-end
> security against the privacy leaks that plague today's web applications.
>
> Bio:
>
> Deian Stefan is a PhD student in Computer Science at Stanford. His
> research interests intersect systems, programming languages, and
> security. As part of his PhD work, Deian focused on web application
> security; he built practical systems with formal underpinnings that
> enable average developers to build secure web applications. Deian is a
> recipient of a NDSEG Fellowship and a Mozilla Research Grant for his
> work on web security. He is a co-founder and the CTO of GitStar Inc.,
> a company that provides security-as-a-service to web developers. He
> is a member of the W3C Web Application Security Group, where he serves
> as editor of the COWL spec. He received his BE and ME in Electrical
> Engineering from Cooper Union.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iEYEARECAAYFAlUSczEACgkQNz6hPDTA3IFWRQCcCkelAPoxC74sVkdEBnQn9YwJ
> 4S4An2SShd5qP8rjVHiI2mNsGGwuu/Q4
> =NajN
> -----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oakham.cs.ucl.ac.uk/pipermail/nets-seminars/attachments/20150325/e1cfadb0/attachment.html
More information about the Nets-seminars
mailing list