Preventing Attacks on Web Applications by Learning and Enforcing Intentions

As the World Wide Web continues to evolve, a number of web-based attacks such as Cross-site Scripting and SQL injection are on the rise. These two forms of attack are launched on web applications through maliciously crafted user input. In this talk, I will present two simple, principled techniques for automatically transforming web applications to render them safe against these attacks. The general theme behind these techniques is to automatically infer intentions of web applications, and enforce these intentions to achieve robust attack prevention. I will also discuss the implementation of two web application transformation tools called CANDID and BluePrint and discuss their effectiveness in several practical scenarios.
Venkat Venkatakrishnan is an Assistant Professor of Computer Science at the University of Illinois at Chicago. He is co-founder and co-director of the Center for Research and Instruction in Technologies for Electronic Security (RITES) at UIC. Venkat's main research expertise is in software security. Specific research areas that he works on are web application security, browser security, and static and dynamic methods for secure information flow. He is also interested in software engineering and formal methods. Venkat is the recipient of the National Science Foundation CAREER award in 2009, and the UIC College of Engineering Teaching Excellence award in 2007. Venkat received his Ph.D. from Stony Brook University in 2004.