IMDEA initiative

Home > Events > Software Seminar Series (S3)

Software Seminar Series (S3)

Avinash Sudhodanan

Tuesday, January 23, 2018

10:45am Lecture hall 1, level B

Avinash Sudhodanan, Post-doctoral Researcher, IMDEA Software Institute

Analysis and Detection of Authentication Cross-Site Request Forgeries

Abstract:

Cross-Site Request Forgery (CSRF) attacks are one of the critical threats to web applications. In a CSRF attack, an attacker forces the victim's web browser to send HTTP requests which benefits the attacker (and/or harms the victim) in some way. In this talk I will be focusing on CSRF attacks targeting web sites' authentication and identity management functionalities (also known as Authentication CSRF). The possible impacts of Authentication CSRF attacks include account hijack, personal information theft and cross-site scripting. I will present different variants of Authentication CSRF attacks, detection strategies and the available countermeasures. I will also discuss the findings of the experiments conducted by my former colleagues and myself on the Alexa top 1500 web sites. For instance, out of the 265 web sites we tested, 70% of them were vulnerable (including the web sites of Microsoft, Google, eBay, Instagram etc.). We also responsibly disclosed our findings to the affected vendors and received bounties and/or honorable mentions.


Time and place:
10:45am Lecture hall 1, level B
IMDEA Software Institute, Campus de Montegancedo
28223-Pozuelo de Alarcón, Madrid, Spain


Pedro Valero

Tuesday, January 16, 2018

10:45am Lecture hall 1, level B

Pedro Valero, PhD Student, IMDEA Software Institute

Zearch: Regular Expression Matching on Compressed Text

Abstract:

Facebook, Google, Amazon and many other large companies produce huge amounts of data that they need to store and process. From the need for storing the generated information surges the development of compression algorithms such as brotli and zstd. Similarly, the need for processing the stored data results in the development of regular expression (regex) engines such as Hyperscan or RE2 since regex matching is a key operation for handling text files. To this day very efficient solutions have been found these two problems by considering them independently. However, when facing the need to search with a regular expression in a compressed file, the state of the art approach goes through decompressing it and, in parallel, searching on the original text as it is recovered by the decompresser. ZEARCH challenges this standard practice by searching directly on the compressed file while being competitive with the state of the art technologies, even though the current implementation is purely sequential.


Time and place:
10:45am Lecture hall 1, level B
IMDEA Software Institute, Campus de Montegancedo
28223-Pozuelo de Alarcón, Madrid, Spain


Software Seminar Series (S3) - Fall 2017