Securing the Web through Dynamic Program Monitoring

The World Wide Web is the primary platform that billions of people use to interact over the Internet on a daily basis. Because of their increasing importance, the applications and their huge number of users on the web have become the primary targets of cyber attacks and abuses. However, the dynamic and open nature of modern web applications makes the detection and mitigation of those attacks and abuses, especially by using static analysis approaches, very challenging.

In this talk, I will share my experience on detecting and mitigating web attacks and abuses through dynamic program monitoring, which allows us to better analyze the runtime behavior of both client-side and server-side application code. Specifically, I will focus on two works that address two emerging threats against the end users and the service providers, respectively. First, I will present Observer, a browser-based analysis framework that monitors JavaScript's interaction with web content for systematically investigating click interception on the web. Second, I will introduce Rampart, a runtime defense mechanism that protects the server end of web applications from CPU-exhaustion DoS attacks with context-sensitive function-level program profiling. Finally, I will discuss about the other challenges and opportunities for making the web a more secure platform.