XClose

UCL Computer Science

Home
Menu

Distinguished lecture: Back to the future: From IFTTT to XSS, all about the information-flow lattice

09 July 2018, 4:00 pm–5:00 pm

Lujo Bauer from Carnegie Mellon University will be talking about the Bell-LaPadula and Biba models developed in the 1970s and illustrate them through three examples from his group's recent research.

Event Information

Open to

All

Organiser

Emiliano De Cristofaro

Location

1.03
Malet Place Engineering Building
Malet Place
London
WC1E 7JE
United Kingdom

About

The Bell-LaPadula and Biba models developed in the 1970s were considered cornerstones of computer security. These models described how to protect and use potentially sensitive information, e.g., to prevent leaking classified information to the public and to avoid making critical decisions based on inputs of uncertain provenance. In modern computer security research, the Bell-LaPadula and Biba models are rarely discussed. However, they're still surprisingly relevant, which I'll illustrate through three examples from my group's recent research. 

  • I'll show how information-flow lattices in the style of Bell-LaPadula and Biba can help us understand unsafe uses of IFTTT, an end-user-programming service that allows users to write if-then-style rules to connect arbitrary IoT devices to each other and to online services. 
  • I'll describe a technique for detecting JavaScript code injection attacks, which can be seen as enforcing the Biba model. 
  • Finally, I'll describe how an enforcement system based around information-flow lattices can help us build web browsers that can prevent malicious scripts and extensions from stealing our data.

Visitors from outside UCL please email in advance.

About the Speaker

Lujo Bauer

Associate Professor at Carnegie Mellon University

Lujo Bauer is an Associate Professor of Electrical and Computer Engineering, and of Computer Science, at Carnegie Mellon University. He received his B.S. in Computer Science from Yale University in 1997 and his Ph.D., also in Computer Science, from Princeton University in 2003. Dr. Bauer is a member of CyLab, Carnegie Mellon's computer security and privacy research institute, and serves as the director of CyLab's Cyber Autonomy Research Center. Dr. Bauer's research interests span many areas of computer security and privacy, and include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for run-time enforcement of security policies on programs, and generally narrowing the gap between a formal model and a practical, usable system. His recent work focuses on developing tools and guidance to help users stay safer online and in examining how advances in machine learning can lead to a more secure future. Dr. Bauer served as the program chair for the flagship computer security conferences of the IEEE (S&P 2015) and the Internet Society (NDSS 2014) and is an associate editor of ACM Transactions on Privacy and Security.