BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Memento EPFL//
BEGIN:VEVENT
SUMMARY:IC Colloquium : Principled and Practical Web Application Security
DTSTART:20150323T101500
DTEND:20150323T113000
DTSTAMP:20260410T150404Z
UID:bf34ec86ec6858b55ee99400a431effd76908f5bb063501372040edb
CATEGORIES:Conferences - Seminars
DESCRIPTION:By : Deian Stefan - Stanford University\nIC Faculty candidateA
 bstract :\nLarge-scale private user data theft has become a common occurre
 nce on the web.  A huge factor in these privacy breaches we hear so much 
 about is that developers specify and enforce data security policies by str
 ewing checks throughout their application code.  Overlooking even a singl
 e check can lead to vulnerabilities.\nIn this talk\, I will describe a new
  approach to protecting sensitive data even when application code is buggy
  or malicious.  The key ideas behind my approach are to separate the secu
 rity and privacy concerns of an application from its functionality\, and t
 o use language-level information flow control (IFC) to enforce policies th
 roughout the code.  The main challenge of this approach is at once to des
 ign practical systems that can be easily adopted by average developers\, a
 nd simultaneously to leverage formal semantics that rule out large classes
  of design error.  The talk will cover a server-side web framework (Hails
 )\, a language-level IFC system (LIO)\, and a browser security architectur
 e (COWL)\, which\, together\, provide end-to-end security against the priv
 acy leaks that plague today's web applications.Bio :\nDeian Stefan is a Ph
 D student in Computer Science at Stanford.  His research interests inters
 ect systems\, programming languages\, and security.  As part of his PhD w
 ork\, Deian focused on web application security\; he built practical syste
 ms with formal underpinnings that enable average developers to build secur
 e web applications. Deian is a recipient of a NDSEG Fellowship and a Mozil
 la Research Grant for his work on web security.  He is a co-founder and t
 he CTO of GitStar Inc.\, a company that provides security-as-a-service to 
 web developers.  He is a member of the W3C Web Application Security Group
 \, where he serves as editor of the COWL spec.  He received his BE and ME
  in Electrical Engineering from Cooper Union.More information
LOCATION:BC 420 https://plan.epfl.ch/?room==BC%20420
STATUS:CONFIRMED
END:VEVENT
END:VCALENDAR