Run-time Monitoring and Formal Analysis of Information Flows in Chromium

Presented by Limin Jia from Carnegie Mellon University

Tuesday, September 20, 2016
2:00 p.m.
ICSI Lecture Hall

Abstract: Web browsers are a key enabler of a wide range of online services, from shopping and email to banking and health services. Because these services frequently involve handling sensitive data, a wide range of web browser security policies and mechanisms has been implemented or proposed to mitigate the dangers posed by malicious code and sites. In this talk, I will describe our approach for specifying and enforcing flexible information-flow policies on the Chromium web browser. In our approach, which is a coarse-grained, light-weight implementation of taint tracking, entities in the browser are annotated with information-flow labels that specify policy and track information flows. I will also discuss our ongoing research that leverages this framework to classify website behavior.

Bio: Dr. Jia is an Assistant Research Professor in the ECE Department at Carnegie Mellon University. Dr. Jia received her PhD in Computer Science from Princeton University. She received her BE in Computer Science and Engineering from the University of Science and Technology in China. Dr. Jia's research interests are in formal aspects of software security, in particular, applying formal logic to constructing software systems with known security guarantees.