Skip to main content
Browse by:
GROUP

Effective March 10, 2020, all Duke-sponsored events over 50 people have been cancelled, rescheduled, postponed or virtualized.
Please check with the event contact regarding event status. For more information, please see https://coronavirus.duke.edu/events

Securing the Web through Dynamic Program Monitoring

Event Image
Icon calendar
Thursday, February 27, 2020
Icon time
12:00 pm - 1:00 pm
Icon speaker
Wei Meng, Assistant Professor, Department of Computer Science and Engineering, Chinese University of Hong Kong

The World Wide Web is the primary platform that billions of people use to interact over the Internet on a daily basis. Because of their increasing importance, the applications and their huge number of users on the web have become the primary targets of cyber attacks and abuses. However, the dynamic and open nature of modern web applications makes the detection and mitigation of those attacks and abuses, especially by using static analysis approaches, very challenging.

In this talk, I will share my experience on detecting and mitigating web attacks and abuses through dynamic program monitoring, which allows us to better analyze the runtime behavior of both client-side and server-side application code. Specifically, I will focus on two works that address two emerging threats against the end users and the service providers, respectively. First, I will present Observer, a browser-based analysis framework that monitors JavaScript's interaction with web content for systematically investigating click interception on the web. Second, I will introduce Rampart, a runtime defense mechanism that protects the server end of web applications from CPU-exhaustion DoS attacks with context-sensitive function-level program profiling. Finally, I will discuss about the other challenges and opportunities for making the web a more secure platform.

Contact: Ellen Currin