{"681200":{"#nid":"681200","#data":{"type":"event","title":"Ph.D. Dissertation Defense - Zheng Yang","body":[{"value":"\u003Cp\u003E\u003Cstrong\u003ETitle\u003C\/strong\u003E\u003Cem\u003E:\u0026nbsp; Reducing Web Attack Surface: Mitigating Social Engineering and Code Injection Threats\u003C\/em\u003E\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003ECommittee:\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003EDr. Wenke Lee, CoC, Chair, Advisor\u003C\/p\u003E\u003Cp\u003EDr. Brendan Saltaformaggio, ECE, Co-Advisor\u003C\/p\u003E\u003Cp\u003EDr. Roberto Perdisci, UGA\u003C\/p\u003E\u003Cp\u003EDr. Frank Li, ECE\u003C\/p\u003E\u003Cp\u003EDr. Cormac Herley, Microsoft\u003C\/p\u003E\u003Cp\u003EDr. Saman Zonouz, ECE\u003C\/p\u003E","summary":"","format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003EThe increasing complexity and interconnectivity of web applications have made them prime targets for cyber threats. Social engineering attacks exploit human psychology to deceive users, while code injection attacks leverage technical vulnerabilities to execute malicious code. The convergence of these two attack vectors has led to a rise in hybrid threats that simultaneously exploit both technical weaknesses and user trust. Despite advancements in security mechanisms, existing defenses often focus solely on either technical hardening or user education, leaving a critical gap in mitigating hybrid threats. This thesis addresses this challenge by proposing a multi-layered defense strategy aimed at reducing the attack surface for web application users through customized browser engines and security frameworks. To achieve this, we introduce three key technologies: TRIDENT, SAFECODE, and COINDX. TRIDENT detects and blocks large-scale social engineering attacks propagated through low-tier ad networks by analyzing the behaviors of ad scripts. SAFECODE secures Electron applications against code injection by enforcing execution policies that validate code integrity at the structural and contextual levels. COINDX conducts root cause analysis of code injection attacks in JavaScript applications, aiding developers in vulnerability remediation through iterative symbolic analysis. Together, these solutions significantly reduce the attack surface by proactively preventing, detecting, and analyzing hybrid cyber threats. This research contributes to bridging the gap between psychological and technical exploit mitigation, offering a comprehensive security approach for the modern web ecosystem.\u003C\/p\u003E","format":"limited_html"}],"field_summary_sentence":[{"value":"Reducing Web Attack Surface: Mitigating Social Engineering and Code Injection Threats "}],"uid":"28475","created_gmt":"2025-03-18 15:24:29","changed_gmt":"2025-03-18 15:25:34","author":"Daniela Staiculescu","boilerplate_text":"","field_publication":"","field_article_url":"","field_event_time":{"event_time_start":"2025-03-24T11:00:00-04:00","event_time_end":"2025-03-24T13:00:00-04:00","event_time_end_last":"2025-03-24T13:00:00-04:00","gmt_time_start":"2025-03-24 15:00:00","gmt_time_end":"2025-03-24 17:00:00","gmt_time_end_last":"2025-03-24 17:00:00","rrule":null,"timezone":"America\/New_York"},"location":"Online","extras":[],"related_links":[{"url":"https:\/\/gatech.zoom.us\/j\/4715163519?pwd=bzNaS3dGWndXeWhPdUdOTkxVN2JtUT09","title":"Zoom link"}],"groups":[{"id":"434381","name":"ECE Ph.D. Dissertation Defenses"}],"categories":[],"keywords":[{"id":"100811","name":"Phd Defense"},{"id":"1808","name":"graduate students"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[{"id":"1788","name":"Other\/Miscellaneous"}],"invited_audience":[{"id":"78771","name":"Public"}],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[],"email":[],"slides":[],"orientation":[],"userdata":""}}}