Titanium Sponsors


Inquest

Inquest

Platinum Sponsors


Leonardo DRS

Leonardo DRS

Gold Sponsors


Modern Technology Solutions, Inc.

Modern Technology Solutions, Inc.


University of Dayton
Department of
Computer Science

University of Dayton - Department of Computer Science


Gluware

Gluware

Social Media

Our LinkedIn Group: OISF at LinkedIn


OISF on YouTube: OISF on YouTube


Meeting Agenda - October 14th, 2021

14th October 2021

Registration

The monthly meeting will be held both in-person and online via Google Meet.
Pre-registration via Eventbrite is encouraged to help plan for food and drink (as well as for keeping within capacity limitations).

Registration Link

(You're still welcome to register at the door.)

When you register for the conference, you will be asked if you would like a CPE certificate to support certification requirements.

6:30pm (In-Person):
Food and drinks served, doors open.

6:50pm (Online via Google Meet):
On-line part of meeting opens for participants to join.

7:00pm (Both)

Introduction

A brief overview of the Ohio Information Security Forum.

Presentation

Toward a User-Centric and Code-Origin Policy Specification and Enforcement for Web-based Systems

By: Dr. Phu H. Phung, University of Dayton

Abstract

Security and privacy are significant challenges and risks today for Internet users, mostly due to the presence of code from multiple parties within a single web-based application. Standard web security mechanisms such as the same-origin policy or Content- Security Policy could not prevent potential privacy risks nor allow users to control their privacy settings. In this talk, we present our recent works that introduce a novel approach to monitoring code execution in web-based systems that can detect and prevent potential privacy leakage channels. The detected leakage is either automatically prevented by our context-aware policies or decided by the user if needed. Our method advances the conventional same-origin policy standard of the Web by enforcing different policies for each source of the code. We report our practical evaluations to demonstrate the effectiveness of our approach, including a prototype in hybrid mobile applications and a browser extension. Our experimental results evidence that the proposed method can detect and prevent data leakage channels not captured by the leading tools such as Ghostery and uBlock Origin and allow the user to control their levels of privacy protection.