정보보호대학원에서는 12월 6일 오후 4시에 아래와 같이 콜로퀴움을 개최하고자 합니다. 많은 참석 부탁드립니다.

o 일 시: 22. 12. 06(화) 16:00~
o 주 제: Attacking web browsers through bypassing security isolation boundaries
o 강 사: 이병영 (서울대학교, 교수)
o 장 소: 카이스트 본원 N1 건물 102호

※ 세미나 시작시간 5분전에 준비하여 주세요.
ㅡㅡㅡ

♣ Title

Attacking web browsers through bypassing security isolation boundaries

♣ Abstract

Web browsers are attractive attacking targets. In response to attacks, browser vendors employ the principle of least privilege, attempting to minimize the security damage if compromised. 
The representative isolation techniques to practice the principle of least privilege is the multi-process architecture and the site isolation.

In this talk, we will showcase how these isolation techniques can be bypassed, allowing the attackers to violate the principle of least privilege. 
Specifically, we introduce two different approaches: i) automatically identifying UXSS vulnerabilities in the browser, which bypasses the site isolation; and ii) analyzing and identifying the
security limitations of extensions, which allows the attacker to perform the privilege escalation attacks.

♣ Bio

Byoungyoung Lee is Associate Professor at Seoul National University. His research focus is in systems security, particularly
focusing on building practical privacy-preserving applications with confidential computing. 
He received the Internet Defense Prize by Facebook and USENIX (2015) and Google ASPIRE Award (2019).