Musard Balliu and Elena Troubitsyna from the CASTOR Research Centre gave talks on June the 19th at Ericsson Research.
Title: Application Security for the Web and IoT Domain
Abstract: Society increasingly relies on applications that handle sensitive information: private individuals and businesses use software applications that manipulate confidential or untrusted data.
My research makes it easier to build applications that handle sensitive data securely and uncover vulnerabilities in existing applications. To achieve this, I use programming language
techniques to develop tools that allow programmers to express application-specific security policies and enforce those policies efficiently, ultimately providing security guarantees
that build on solid foundations.
In this talk, I will give an overview of my research interests with special focus on IoT and Web application security. I will first present some recent work on discovering vulnerabilities in
very popular IoT platforms along with countermeasures for short- and long-term protection. Then, I will show how to achieve end-to-end web application security, by tracking information flows
through the client, the server, and the database. Afterwards, I will discuss a combination of formal and empirical methods to find vulnerabilities in existing web applications.
Finally, I will conclude with a few highlights on my current research directions in the areas of security and privacy. The talk is self-contained and, for the most part, no prior knowledge is required.
Talk by Elena Troubitsyna