From Badware to Malware: Taming the Malicious Web
Giovanni Vigna (University of California, Santa Barbara)
CSE 520 Colloquium
Thursday, April 22, 2010, 3:30pm
EEB-105
Abstract
Today's Web is the ubiquitous cyber-world where everything happens: we work, we play, we live our lives. Unfortunately, very early criminals realized the potential of the World-Wide Web as a platform for hosting, delivering, and managing large malware installations, whose goal is the creation of revenue by stealing and abusing the very information made accessible by the Web.
One of the latest trends in web-based malware is the leveraging of legitimate web sites for the delivery of attacks that target vulnerabilities in client-side software. Therefore, badly developed software and overtly malicious code both contribute to the overall threat.
This talk presents recent research on addressing the two facets of this problem: How can we make Web applications more secure? How can we detect and block attacks against the components of the World-Wide Web?
Bio:
Giovanni Vigna is a Professor in the Department of Computer Science at the University of California in Santa Barbara. His current research interests include malware analysis, web security, vulnerability assessment, and intrusion detection. He has been the Program Chair of the International Symposium on Recent Advances in Intrusion Detection (RAID 2003), of the ISOC Symposium on Network and Distributed Systems Security (NDSS 2009), and of the IEEE Symposium on Security and Privacy in 2010. He is known for organizing and running an inter-university Capture The Flag hacking contest, called iCTF, which every year involves dozens of educational institutions around the world.