{"474291":{"#nid":"474291","#data":{"type":"event","title":"PhD Defense by Yogesh Mundada","body":[{"value":"\u003Cp\u003E\u003Cstrong\u003ETitle: Building Data-Centric Security Mechanisms for Web Applications\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EYogesh Mundada\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003ESchool of Computer Science\u003C\/p\u003E\u003Cp\u003ECollege of Computing\u003C\/p\u003E\u003Cp\u003EGeorgia Institute of Technology\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EDate: Tuesday, Dec 8th, 2015\u003C\/p\u003E\u003Cp\u003ETime: 9:30 AM - 11:30 AM\u003C\/p\u003E\u003Cp\u003ELocation: Klaus Room 3100\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003ECommittee:\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003E----------\u003C\/p\u003E\u003Cp\u003EProf. Nick Feamster, (Advisor, School of Computer Science, Georgia Tech and Department of Computer Science, Princeton University) Prof. Mostafa Ammar, (School of Computer Science, Georgia Tech) Prof. Mustaque Ahamad, (School of Computer Science, Georgia Tech) Prof. Wenke Lee, (School of Computer Science, Georgia Tech) Prof. Arvind Narayanan, (Department of Computer Science, Princeton University)\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EAbstract:\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003E---------\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EData loss from web applications at different points of compromise has become a major liability in recent years. Existing security guidelines, policies, and tools fail often, ostensibly for reasons stemming from blatant disregard of common practice to subtle exploits originating from complex interactions between components.\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003ECurrent security mechanisms focus on \u0022how to stop illicit data transfer\u0022(i.e., the \u0022syntax\u0022), and many tools achieve that goal in principle. Yet, the practice of securing data additionally depends on allowing administrators to clearly specify \u0022what data should be secured\u0022 (i.e., the \u0022semantics\u0022). Currently, translation from \u0022security semantics\u0022 to \u0022security syntax\u0022 is manual, time-consuming, and ad hoc. Even a slight oversight in the translation process could render the entire system insecure. Security semantics frequently need modifications due to changes in various external factors such as policy changes, user reclassification, and even code refactoring.\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EThis dissertation hypothesizes that adaptation to such changes would be faster and less error prone if the tools also focused on automating translation from semantics to syntax, in addition to simply executing the syntax. With this approach, we build following low-maintenance security tools that prevent unauthorized sensitive data transfer at various vantage points in the World Wide Web ecosystem. We show how the security tools can take advantage of inherent properties of the sensitive information in each case, making the translation process automatic and faster:\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E- Appu, a tool that automatically finds personal\u003C\/p\u003E\u003Cp\u003Einformation(semantics) spread across web services, and suggests\u003C\/p\u003E\u003Cp\u003Eactions(syntax) to minimize data loss risks.\u003C\/p\u003E\u003Cp\u003E- Newton, a tool that formalizes the access control model using web cookies. Using this formal approach, it improves the security of the existing session management techniques by detecting(semantics) and\u003C\/p\u003E\u003Cp\u003Eprotecting(syntax) privileged cookies without requiring input from the site administrator.\u003C\/p\u003E\u003Cp\u003E- SilverLine, a system for cloud-based web services that automatically derives data exfiltration rules(syntax) from the information about sensitive database tables \u0026amp; inter-table relationships(semantics).\u003C\/p\u003E\u003Cp\u003EThen, it executes these rules using information flow control mechanism.\u003C\/p\u003E\u003Cp\u003E \u003C\/p\u003E","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"Building Data-Centric Security Mechanisms for Web Applications"}],"uid":"27707","created_gmt":"2015-12-01 08:52:26","changed_gmt":"2016-10-08 02:15:01","author":"Tatianna Richardson","boilerplate_text":"","field_publication":"","field_article_url":"","field_event_time":{"event_time_start":"2015-12-08T13:30:00-05:00","event_time_end":"2015-12-09T15:30:00-05:00","event_time_end_last":"2015-12-09T15:30:00-05:00","gmt_time_start":"2015-12-08 18:30:00","gmt_time_end":"2015-12-09 20:30:00","gmt_time_end_last":"2015-12-09 20:30:00","rrule":null,"timezone":"America\/New_York"},"extras":[],"groups":[{"id":"221981","name":"Graduate Studies"}],"categories":[],"keywords":[{"id":"100811","name":"Phd Defense"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[{"id":"1788","name":"Other\/Miscellaneous"}],"invited_audience":[{"id":"78771","name":"Public"}],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[],"email":[],"slides":[],"orientation":[],"userdata":""}}}