Platinum Sponsors
Leonardo DRS
Gold Sponsors
Modern Technology Solutions, Inc.
University of Dayton
Department of
Computer Science
Gluware
Social Media
Our LinkedIn Group: OISF at LinkedIn
Tweets by @oisf
Meeting Agenda - October 14th, 2021
14th October 2021Registration
The monthly meeting will be held both in-person and online via Google Meet.
Pre-registration via Eventbrite is encouraged to help plan for food and drink (as well as for keeping within capacity limitations).
(You're still welcome to register at the door.)
When you register for the conference, you will be asked if you would like a CPE certificate to support certification requirements.
6:30pm (In-Person):
Food and drinks served, doors open.
6:50pm (Online via Google Meet):
On-line part of meeting opens for participants to join.
7:00pm (Both)
Introduction
A brief overview of the Ohio Information Security Forum.
Presentation
Toward a User-Centric and Code-Origin Policy Specification and Enforcement for Web-based Systems
By: Dr. Phu H. Phung, University of Dayton
Abstract
Security and privacy are significant challenges and risks today for Internet users, mostly due to the presence of code from multiple parties within a single web-based application. Standard web security mechanisms such as the same-origin policy or Content- Security Policy could not prevent potential privacy risks nor allow users to control their privacy settings. In this talk, we present our recent works that introduce a novel approach to monitoring code execution in web-based systems that can detect and prevent potential privacy leakage channels. The detected leakage is either automatically prevented by our context-aware policies or decided by the user if needed. Our method advances the conventional same-origin policy standard of the Web by enforcing different policies for each source of the code. We report our practical evaluations to demonstrate the effectiveness of our approach, including a prototype in hybrid mobile applications and a browser extension. Our experimental results evidence that the proposed method can detect and prevent data leakage channels not captured by the leading tools such as Ghostery and uBlock Origin and allow the user to control their levels of privacy protection.