Seminars & Colloquia
University of California - Santa Barbara
"Attacking the Browser"
Friday February 27, 2015 11:00 AM
Location: 3211, EBII NCSU Centennial Campus
(Visitor parking instructions)
The browser has evolved from a simple program that displays static web pages to a continuously changing platform that has become our portal to the Internet. The fierce competition among the browser vendors has led to a remarkable introduction of features in past few years. The rapid changes and the high popularity of browsers have attracted attackers, which pose new threats to the unsuspecting Internet surfers. In this talk, I will focus on two different attacks related to browsers. First, I will present my work on defenses against drive-by downloads. These are attacks that take control of the users' machines by just visiting malicious URLs, have troubled the research community for years and are still affecting the users. Then, I will focus on a new emerging threat, malicious browser extensions. To cope with this new problem I'm going to present Hulk, a dynamic analysis system that detects malicious behavior in browser extensions by monitoring their execution and corresponding network activity.
Alexandros Kapravelos is a PhD candidate in the Department of Computer Science at UC Santa Barbara. His research interests lie in the area of computer security with a focus on web security and attacks against the browser. He is the lead developer of Wepawet, a publicly available system that detects drive-by downloads with the use of an emulated browser, Revolver, a system that detects evasive drive-by download attempts, and Hulk, a browser extension analysis system. He is interested in internet-wide attacks that compromise usersâ€™ security, building scalable systems to protect users, and improving privacy on the web.
Host: Dr. William Enck, CSC
No media files available at this time
Host is responsible for requesting video recording by filling out this Web form. For other technical issues, contact us at firstname.lastname@example.org.