Platinum Sponsors

Leonardo DRS

Leonardo DRS

Gold Sponsors

Modern Technology Solutions, Inc.

Modern Technology Solutions, Inc.

University of Dayton
Department of
Computer Science

University of Dayton - Department of Computer Science



Social Media

Our LinkedIn Group: OISF at LinkedIn

Meeting Agenda - October 14th, 2021

14th October 2021


The monthly meeting will be held both in-person and online via Google Meet.
Pre-registration via Eventbrite is encouraged to help plan for food and drink (as well as for keeping within capacity limitations).

Registration Link

(You're still welcome to register at the door.)

When you register for the conference, you will be asked if you would like a CPE certificate to support certification requirements.

6:30pm (In-Person):
Food and drinks served, doors open.

6:50pm (Online via Google Meet):
On-line part of meeting opens for participants to join.

7:00pm (Both)


A brief overview of the Ohio Information Security Forum.


Toward a User-Centric and Code-Origin Policy Specification and Enforcement for Web-based Systems

By: Dr. Phu H. Phung, University of Dayton


Security and privacy are significant challenges and risks today for Internet users, mostly due to the presence of code from multiple parties within a single web-based application. Standard web security mechanisms such as the same-origin policy or Content- Security Policy could not prevent potential privacy risks nor allow users to control their privacy settings. In this talk, we present our recent works that introduce a novel approach to monitoring code execution in web-based systems that can detect and prevent potential privacy leakage channels. The detected leakage is either automatically prevented by our context-aware policies or decided by the user if needed. Our method advances the conventional same-origin policy standard of the Web by enforcing different policies for each source of the code. We report our practical evaluations to demonstrate the effectiveness of our approach, including a prototype in hybrid mobile applications and a browser extension. Our experimental results evidence that the proposed method can detect and prevent data leakage channels not captured by the leading tools such as Ghostery and uBlock Origin and allow the user to control their levels of privacy protection.