[2018-12-19] Dr. Limin Jia, Carnegie Mellon University, "From IFTTT to XSS, it's all about the information-flow lattice"

Title: From IFTTT to XSS, it's all about the information-flow lattice
Date: 2018-12-19 2:00pm-3:00pm
Location: R210, CSIE
Speaker: Dr. Limin Jia, Carnegie Mellon University
Hosted by: Prof. Hsu-Chun Hsiao


The Bell-LaPadula and Biba models developed in the 1970s were considered cornerstones of computer security. These models described how to protect and use potentially sensitive information, e.g., to prevent leaking classified information to the public and to avoid making critical decisions based on inputs of uncertain provenance. I will illustrate through examples from our recent research that the Bell-LaPadula and Biba models are still surprisingly relevant to modern day computer security. I'll show how information-flow lattices in the style of Bell-LaPadula and Biba can help us understand unsafe uses of IFTTT, an end-user-programming service that allows users to write if-then-style rules to connect arbitrary IoT devices to each other and to online services. Then I'll describe a technique for detecting JavaScript code injection attacks, which can be seen as enforcing the Biba model.
Dr. Jia is an Associate Research Professor in the ECE Department at Carnegie Mellon University. Dr. Jia received her PhD in Computer Science from Princeton University. She received her BE in Computer Science and Engineering from the University of Science and Technology in China. Dr. Jia's research interests are in formal aspects of software security, including applying formal logic to constructing software systems with known security guarantees and to analyzing security properties of systems.
最後修改時間:2018-12-11 AM 10:09

cron web_use_log