Presentation: "Adding features and blocking attacks using Web security instead of client-server security"

Time: Thursday 14:05 - 15:05

Location: Concordia Room

Abstract: Most Web applications use cookies to implement a security model familiar from client-server computing, in which clients communicate with a single server and never directly communicate with each other. But the Web's not a client-server system: the browser communicates with many servers at a time and users directly exchange links amongst themselves. Consequently, the client-server security model breaks down when applied to the Web, resulting in attacks like CSRF and clickjacking and preventing legitimate sharing amongst users. This talk explains how to use web-keys, a security model designed for the Web, to block common attacks and enable rich sharing among users.

Tyler Close, Works on Web Application security at Google

 Tyler  Close
Tyler Close works on Web Application security at Google, after spending 5 years at Hewlett-Packard Labs as a security researcher. Much of his work focuses on finding easier ways to implement and use applications that have useful security properties.
 
He has published papers at the Financial Cryptography conference,  WWW conference, NDSS, BlackHat, and others.