Securing Applications by Information Flow Tracking
Speaker: Musard Balliu, Ass. Prof at KTH
Title: Securing Applications by Information Flow Tracking
Society increasingly relies on applications that handle sensitive information: private individuals and businesses all use software applications that manipulate confidential or untrusted data. My research makes it easier to build applications that handle sensitive data securely and uncover vulnerabilities in existing applications. To achieve this, I use programming language concepts and methods to develop tools and techniques that allow programmers to express application-specific security policies and enforce those policies efficiently, ultimately providing security guarantees that rely on solid foundations. In this talk I will give an overview of my research interests with special focus on web application security. I will present some recent work on how to achieve end-to-end web application security, by tracking information flows through the client, the server, and the database. Afterwards, I will discuss a combination of formal and empirical methods to find vulnerabilities in existing web applications. Finally, I will conclude with a few highlights on my future research directions in the areas of security and privacy. The talk is self-contained and, for the most part, no prior knowledge is required.
Bio Musard Balliu is an Assistant Professor at the School of Electrical Engineering and Computer Science at KTH Royal Institute of Technology in Stockholm, Sweden. His research interests lie at the intersection of computer security, programming languages, formal methods and software engineering. From 2014 to 2017, Musard was a postdoctoral researcher at the Information Security division at Chalmers University of Technology, hosted by Andrei Sabelfeld. Before then, he did his PhD at KTH Royal Institute of Technology, advised by Mads Dam.