<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Just a final reminder--all encouraged to please join us!<br><br></div><div><br>Begin forwarded message:<br><br></div><blockquote type="cite"><div><b>From:</b> Brad Karp <<a href="mailto:bkarp@cs.ucl.ac.uk">bkarp@cs.ucl.ac.uk</a>><br><b>Date:</b> March 25, 2015 at 8:35:03 AM GMT<br><b>To:</b> <a href="mailto:research@cs.ucl.ac.uk">research@cs.ucl.ac.uk</a><br><b>Cc:</b> <a href="mailto:nets@cs.ucl.ac.uk">nets@cs.ucl.ac.uk</a>, <a href="mailto:nets-seminars@cs.ucl.ac.uk">nets-seminars@cs.ucl.ac.uk</a>, <a href="mailto:bkarp@cs.ucl.ac.uk">bkarp@cs.ucl.ac.uk</a><br><b>Subject:</b> <b>TODAY: faculty candidate talk, Deian Stefan (Stanford CS)</b><br><br></div></blockquote><blockquote type="cite"><div><span>-----BEGIN PGP SIGNED MESSAGE-----</span><br><span>Hash: SHA1</span><br><span></span><br><span>A reminder to all: *please* come join us for a talk by CS faculty</span><br><span>candidate Deian Stefan of Stanford CS, who is interviewing for a</span><br><span>Lecturer position in the Systems and Networks research group. Deian's</span><br><span>talk is at 2 PM TODAY in Medical Sciences HO Schild G46 LT (just on</span><br><span>the other side of the "tunnel" on the way to the main UCL quad).</span><br><span></span><br><span>We very much need excellent turnout from colleagues across *all*</span><br><span>research areas; Deian's talk is pitched to a broad CS audience, and</span><br><span>good talk attendance (and questions!) is an important part of showing</span><br><span>that our department offers a vibrant intellectual community.</span><br><span></span><br><span>Deian is doing exciting practical work in systems security, and draws</span><br><span>on techniques from programming languages, crypto, and systems in his work.</span><br><span></span><br><span>Title, abstract, and bio follow.</span><br><span></span><br><span>See you there!</span><br><span></span><br><span>- -Brad, <a href="mailto:bkarp@cs.ucl.ac.uk">bkarp@cs.ucl.ac.uk</a></span><br><span></span><br><span>- ---</span><br><span></span><br><span>UCL CS Faculty Candidate Talk</span><br><span></span><br><span>Speaker: Deian Stefan, Stanford CS</span><br><span> <a href="http://www.scs.stanford.edu/~deian/index.html#apps">http://www.scs.stanford.edu/~deian/index.html#apps</a></span><br><span></span><br><span>Location and time: 2 PM, Wed 25 Mar, HO Schild G46 LT</span><br><span></span><br><span>Title:</span><br><span></span><br><span>Principled and Practical Web Application Security</span><br><span></span><br><span>Abstract:</span><br><span></span><br><span>Large-scale private user data theft has become a common occurrence on</span><br><span>the web. A huge factor in these privacy breaches we hear so much</span><br><span>about is that developers specify and enforce data security policies by</span><br><span>strewing checks throughout their application code. Overlooking even a</span><br><span>single check can lead to vulnerabilities.</span><br><span></span><br><span>In this talk, I will describe a new approach to protecting sensitive</span><br><span>data even when application code is buggy or malicious. The key ideas</span><br><span>behind my approach are to separate the security and privacy concerns</span><br><span>of an application from its functionality, and to use language-level</span><br><span>information flow control (IFC) to enforce policies throughout the</span><br><span>code. The main challenge of this approach is at once to design</span><br><span>practical systems that can be easily adopted by average developers,</span><br><span>and simultaneously to leverage formal semantics that rule out large</span><br><span>classes of design error. The talk will cover a server-side web</span><br><span>framework (Hails), a language-level IFC system (LIO), and a browser</span><br><span>security architecture (COWL), which, together, provide end-to-end</span><br><span>security against the privacy leaks that plague today's web applications.</span><br><span></span><br><span>Bio:</span><br><span></span><br><span>Deian Stefan is a PhD student in Computer Science at Stanford. His</span><br><span>research interests intersect systems, programming languages, and</span><br><span>security. As part of his PhD work, Deian focused on web application</span><br><span>security; he built practical systems with formal underpinnings that</span><br><span>enable average developers to build secure web applications. Deian is a</span><br><span>recipient of a NDSEG Fellowship and a Mozilla Research Grant for his</span><br><span>work on web security. He is a co-founder and the CTO of GitStar Inc.,</span><br><span>a company that provides security-as-a-service to web developers. He</span><br><span>is a member of the W3C Web Application Security Group, where he serves</span><br><span>as editor of the COWL spec. He received his BE and ME in Electrical</span><br><span>Engineering from Cooper Union.</span><br><span>-----BEGIN PGP SIGNATURE-----</span><br><span>Version: GnuPG v2</span><br><span></span><br><span>iEYEARECAAYFAlUSczEACgkQNz6hPDTA3IFWRQCcCkelAPoxC74sVkdEBnQn9YwJ</span><br><span>4S4An2SShd5qP8rjVHiI2mNsGGwuu/Q4</span><br><span>=NajN</span><br><span>-----END PGP SIGNATURE-----</span><br></div></blockquote></body></html>