Docent lecture: Securing applications in the new era of emerging technologies
Docent lecture by Assistant Professor Musard Balliu, division of Theoretical Computer Science, school of EECS.
Time: Tue 2021-04-13 10.00
Participating: Assistant Professor Musard Balliu
The rapidly evolving digital technologies makes the world a fascinating place to live. Innovative automated systems break conventional paradigms to connect otherwise unconnected services and devices. Our society is increasingly dependent on systems like the IoT (Internet of Things) and the Web, relying on a wide variety of applications and connected “things” from heart pacemakers, baby monitors, surveillance cameras to cars, industrial and military robots, and to large-scale systems like smart cities. The complexity and heterogeneity of these systems along with the critical reliance on the Web and IoT by our society, pose a number of questions pertaining to security and privacy. Unfortunately, the power of Web and IoT applications can be abused by malicious actors.
In this talk, we discuss how popular Web and IoT app platforms are susceptible to several novel classes of attacks that violate user confidentiality, integrity, and availability resulting in massive exfiltration and modification of sensitive information. We consider the role and the potential of methods and techniques from computer security, programming languages, and formal methods to discover and fix these vulnerabilities. We suggest short- and long-term countermeasures based on fine-grained access control and present long-term countermeasures based on tracking the flow of information in Web and IoT applications.