UTCS Colloquia - Venkat Venkatakrishnan, University of Illinois at Chicago, "Web Parameter Tampering : Vulnerability Analysis, Attack Detection and Prevention"
Talk Audience: UTCS Faculty and Graduate Students
Host: Vitaly Shmatikov
Talk Abstract: Web applications rely heavily on client-side computation to examine and validate form inputs that are supplied by a user (e.g., “credit card expiration date must be valid”). This is typically done for two reasons: to reduce burden on the server and to avoid latencies in communicating with the server. However, when a server fails to replicate the validation performed on the client, it is potentially vulnerable to attack. In the first part of this talk, we present an approach for identifying vulnerabilities of this kind in web sites and in open source web applications through program analysis. Our approach has been employed to discover several previously unknown vulnerabilities in a number of open-source web applications and live web sites. The second part of this talk presents an approach to detect these attacks in an existing (legacy) web applications in an server-agnostic fashion. Finally, we discuss a principled approach to prevent these flaws in the context of the Rails web application framework using automated code synthesis.
Speaker Bio: V.N. (Venkat) Venkatakrishnan's (http://www.cs.uic.edu/~venkat) broad research interests are in computer security and privacy. He is particularly interested in the the security of software systems, in vulnerability analysis and automated approaches to preventing large scale attacks on computer systems. His research work derives from techniques rooted in programming languages and compilers, operating systems, software engineering and formal methods to address practical problems in computer security. He received his Ph.D. and M.S. degrees in computer science from Stony Brook University in 2004 and M.Sc and B.E. degrees from Birla Institute of Technology and Science (BITS), Pilani, India, in 1997. He is currently Associate Professor of Computer Science at the University of Illinois at Chicago (UIC), and directs UIC's Center for Research and Instruction in Technologies in Electronic Security (RITES). He is recipient of the National Science Foundation CAREER award in 2009, several best paper awards and multiple UIC campus level awards for research as well as his teaching. His research is supported by the National Science Foundation, U.S. Department of Homeland Security, Defense Advanced Research Projects Agency and the Air Force Office of Scientific Research. He is the Lead Principal Investigator and Director of a new PhD program on Electronic Security and Privacy (http://securityigert.uic.edu) that is funded by $3.2M NSF IGERT grant.
- Awards & Honors
- About Us
- Student Engagement and Support
- Masters Program
- Ph.D. Program
- Financial Information
- Prospective Students
- Incoming Students
- Current Students
- Portfolio Program in Robotics
- Curricular Practical Training
- Grad Student Talks
- UTCS Direct