ECE Seminar with Yinzhi Cao

Starts:
4:00 pm on Tuesday, January 28, 2014
Location:
Photonics Center, 8 Saint Mary’s St., Room 339
URL:
http://www.bu.edu/ece/files/2014/01/Cao.pdf
Protecting Client Browsers with a Principal-Based Architecture

With Yinzhi Cao
Ph.D. Candidate
Northwestern University

Faculty Host: Ari Trachtenberg

Refreshments will be served outside Room 339 at 3:45 p.m.

Abstract: Web-based attacks have become very prevalent on the Internet. As conducted by Kaspersky lab, 34.7% of their users were targeted by a web-based attack at least once while browsing the Internet. In this talk, I will discuss three fundamental tasks in building a principal-based browser architecture preventing various web attacks. In the first task, I will introduce how to prevent and detect attacks, such as drive-by download, which penetrate the boundary of a browser principal. In particular, I will present JShield, a vulnerability-based detection engine that is more robust to obfuscated drive-by download attacks, when compared to various anti-virus software and most recent research papers. Then, in the second task, I will introduce configurable origin policy (COP), the access control policy of next generation browsers, which gives websites more freedom to render various contents inside one principal. In the end, I will also briefly introduce the communication between different browser principals.

About the Speaker: Yinzhi Cao is a Ph.D. candidate in computer science at Northwestern University. He earned his B.E. degree in electronics engineering at Tsinghua University in China. His research mainly focuses on web security, especially client-side browser security. However, his broad interest also spans language-based security, smart phone security and security on cyber-physical systems. He has several papers on top-tier security conferences, such as NDSS and DSN, and his JShield system has been adopted by Huawei, the world’s largest telecommunication company. He served as a program committee member for IEEE CNS ’14 and web chair for AsiaCCS SESP ’13. Previously, he also conducted research at SRI International and UC Santa Barbara as a summer intern.