Indiana University Bloomington

PL Colloquium Series

Our weekly meeting and talk series, known affectionately as “PL-wonks”, is open to everyone interested in discussing programming languages research happening here at IU. Our talks include original research, experience reports, and tutorials. We also sometimes present papers from the literature that we're interested in.

Fall 2014 Schedule

Unless otherwise noted, PL talks happen every Friday at 4:15pm in Lindley Hall Room 101.

All are welcome to attend.

We have a tradition of baking cookies and other treats for our meetings (though we avoid peanuts due to allergies).

Date Speaker Title Food Notes
SEP 5 Joe Near Derailer: Interactive Security Analysis for Web Applications Rob Zinkov ICFP
SEP 12 Ambrose BS Andre Kuhlenschmidt
SEP 19 Chris Wailes Peter Fogg
SEP 26 Ed Amsden Praveen
OCT 03 Matteo Cimini Jason Hemann
OCT 10 Eric Holk Ambrose BS
OCT 17 Mike Vitousek Cameron Swords
OCT 24 Andre Kuhlenschmidt Edward Amsden OOPSLA
OCT 31 Spenser Bauman Jaime Guerrero
NOV 07 Aaron Hsu Johanna Hsu
NOV 14 Andrew Kent Eric Holk
NOV 21 Tim Zakian Mike Vollmer
NOV 28 Thanksgiving
DEC 05 Jeremy Siek Andrew Kent
DEC 12 Praveen / Mike Vollmer Mike Vitousek
DEC 19 Finals Week

Talk Abstracts

Sep 17: Derailer: Interactive Security Analysis for Web Applications

Speaker: Joe Near

Abstract:

Derailer is an interactive tool for finding security bugs in web applications. Using symbolic execution, it enumerates the ways in which application data might be exposed. The user is asked to examine these exposures and classify the conditions under which they occur as security-related or not; in so doing, the user effectively constructs a specification of the application’s security policy. The tool then highlights exposures missing security checks, which tend to be security bugs.

We have tested Derailer’s scalability on several large open-source Ruby on Rails applications. We have also applied it to a large number of student projects (designed with different security policies in mind), exposing a variety of security bugs that eluded human reviewers.

Archive

For older talks, please refer to the announcements in the pl-wonks-l archives (accessible to list subscribers).

 
talks.txt · Last modified: 2014/09/18 01:56 by projanen
Valid XHTML 1.0 Transitional