ACE Seminar: Language based Web security

Speaker: Dr Sergio Maffeis

Date/Time: 01-Jan-1970, 00:00 UTC

Venue:

Details

 

 

 

Abstract

Web applications mediate access to some of our most valuable assets, such as bank accounts, personal data and intellectual property. Unfortunately, identity theft, online fraud and the compromise of web applications are still widespread threats to the safety of online users. The prevalent approach to securing web applications consists of monitoring servers and network traffic and intervening once a security violation is detected. This mitigates the effects of security breaches, but does not eradicate them. Language-based security instead devises formal techniques and tools for developing applications that are provably secure, by design. In this talk, I will describe my experience in applying the langauge-based security approach to the web ecosystem. I will describe the trajectory from web technologies, such as PHP, JavaScript, web browsers and web protocols, to formal models (some executable, some amainable to proofs, some both), to the discovery of security flaws in popular web applications.

 

Bio

Dr Sergio Maffeis is a Lecturer in Computer Security in the Department of Computing, Imperial College London.

He received his Ph.D. from Imperial and his MSc from University of Pisa, Italy.

Maffeis' research interests are security, formal methods, and programming languages.

This page was last modified on 27 Mar 2014.