Christian Hammer - Purdue University

Apr 14, 2010

Size: 448.0MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

"Security of JavaScript in a Browser Environment"

Abstract

The power of modern websites emerges to a large extent from the ability to combine content from different sources. As an example, a site may include a Google map next to business information a user had been searching for. Combining content from possibly untrusted sites gives rise to all sorts of security concerns, as JavaScript has no concept of separating scripts from different sources. This has lead to several recent attacks like the Samy or Yamanner worms. This talk presents the state of the art in securing JavaScript for such settings and proposes a sandboxing facility for in-browser script separation.

About the Speaker

Christian Hammer is a post-doctoral researcher at Purdue University working in the Secure Software Systems lab with Prof. Jan Vitek. His research interests include static and dynamic program analyses, in particular security, program slicing, information flow, concurrency, and programming languages. He received the Doctor of Engineering (Dr.-Ing.) from Karlsruhe Institute of Technology, Germany in 2009, and a Diplom (equiv. M.Sc.) in Computer Science from University of Passau, Germany. As a graduate student, he spent two semester breaks at the IBM T. J. Watson Research Center in Hawthorn, NY.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...

Coming Up!

Our annual security symposium will take place on April 7 & 8, 2020.
Purdue University, West Lafayette, IN

More Information