Abstract
I will present the WebBlaze project, aiming at designing
and developing new techniques and tools to improve web
security. WebBlaze's new technologies cover a broad range including
new architectural solutions for defending against cross-site scripting
attacks, tools for detecting and defending against cross-origin
JavaScript capability leaks which lead to universal cross-site
scripting attacks,
and new approaches for secure browser extensions and web advertisements.
I will also give an overview of the BitBlaze project, describing how
we build a unified binary program analysis platform and use it to
provide novel solutions to computer security problems including
automatic vulnerability discovery, automatic generation of
vulnerability signatures for defense, and automatic extraction of
security models for analysis and verification. I will also describe
some ongoing efforts in mobile security. More information about
WebBlaze and BitBlaze is available at http://webblaze.cs.berkeley.edu
and http://bitblaze.cs.berkeley.edu.
Short bio
Dawn Song is Associate Professor of Computer Science at UC Berkeley.
Prior to joining UC Berkeley, she was an Assistant Professor at
Carnegie Mellon University from 2002 to 2007. Her research interest
lies in security and privacy issues in computer systems and networks,
including areas ranging from software security, networking security,
database security, distributed systems security, to applied
cryptography. She is the recipient of various awards including the
MacArthur Fellowship, the Guggenheim Fellowship, the NSF CAREER Award,
the Alfred P. Sloan Research Fellowship, the MIT Technology Review
TR-35 Award, the IBM Faculty Award, the George Tallman Ladd Research
Award, the Okawa Foundation Research Award, and the Li Ka Shing
Foundation Women in Science Distinguished Lecture Series Award. She is
also the author of multiple award papers in top security conferences,
including the best paper award at the USENIX Security Symposium and
the highest ranked paper at the IEEE Symposium on Security and
Privacy.
Resources
This will be shown to users with no Flash or Javascript.
|