Skip to main content
Browse by:
GROUP

Until further notice, in-person public events have been canceled. This includes recruitment events, tours, student programs, reunions, performances, conferences and social events.
Event listings include how to access online content. Contact event sponsor with questions.
Please note that all visitors to campus must comply with Duke’s community safety measures, which include wearing a mask,
check https://returnto.duke.edu/campus-visitors/ before coming to campus, and follow direction provided by campus personnel.

Securing the Web through Dynamic Program Monitoring

Event Image
Icon calendar
Thursday, February 27, 2020
Icon time
12:00 pm - 1:00 pm
Icon speaker
Wei Meng, Assistant Professor, Department of Computer Science and Engineering, Chinese University of Hong Kong

The World Wide Web is the primary platform that billions of people use to interact over the Internet on a daily basis. Because of their increasing importance, the applications and their huge number of users on the web have become the primary targets of cyber attacks and abuses. However, the dynamic and open nature of modern web applications makes the detection and mitigation of those attacks and abuses, especially by using static analysis approaches, very challenging.

In this talk, I will share my experience on detecting and mitigating web attacks and abuses through dynamic program monitoring, which allows us to better analyze the runtime behavior of both client-side and server-side application code. Specifically, I will focus on two works that address two emerging threats against the end users and the service providers, respectively. First, I will present Observer, a browser-based analysis framework that monitors JavaScript's interaction with web content for systematically investigating click interception on the web. Second, I will introduce Rampart, a runtime defense mechanism that protects the server end of web applications from CPU-exhaustion DoS attacks with context-sensitive function-level program profiling. Finally, I will discuss about the other challenges and opportunities for making the web a more secure platform.

Contact: Ellen Currin