Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Stanford Platform Lab Seminar on Tue 12/1 @ 4:30pm, Deian Stefan (UCSD/GitStar)

Yosem Companys companys at stanford.edu
Mon Nov 30 09:30:08 PST 2015


From: Chris Hartung <hartung at stanford.edu>

Speaker: Deian Stefan, UCSD/GitStar
When: *4:30pm - 5:30pm*, Tuesday, December 1, 2015
Where: Gates 415

*Snacks/Refreshments at 4:00pm*

*About the talk*:

Large-scale private user data theft has become a common occurrence on the 
web.  A huge factor in these privacy breaches we hear so much about is that 
developers specify and enforce data security policies by strewing checks 
throughout their application code. Overlooking even a single check can lead 
to vulnerabilities.

In this talk, Deian will describe a new approach to protecting 
sensitive data even when application code is buggy or malicious.  The key 
ideas behind my approach are to separate the security and privacy concerns 
of an application from its functionality, and to use 
language-level information flow control (IFC) to enforce policies 
throughout the code.  The main challenge of this approach is at once to 
design practical systems that can be easily adopted by average developers, 
and simultaneously to leverage formal semantics that rule out large 
classes of design error.  The talk will cover a server-side web 
framework (Hails), a language-level IFC system (LIO), and a browser 
security architecture (COWL), which, together, provide end-to-end 
security against the privacy leaks that plague today's web applications.

*About the speaker*:

Deian Stefan is an Assistant Professor at UC San Diego, starting in 
Fall 2016. He is also a co-founder and the Chief Scientist at GitStar, 
a startup focusing on web security. His research interests intersect
systems, programming languages, and security.  As part of his PhD work at 
Stanford, Deian focused on web application security; he built practical 
systems with formal underpinnings that enable average
developers to build secure web applications. He is a also member of the W3C 
Web Application Security Group, where he serves as editor of the COWL spec.


_____________________
Chris Hartung
*Program Manager*
Stanford University
Electrical Engineering
353 Serra Mall
Gates Building, Rm 353
Stanford, CA  94305
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20151130/0161f87e/attachment.html>


More information about the liberationtech mailing list