[Colloq] Talk - Alexandros Kapravelos - Tuesday Feb. 24th Noon 108 WVH - Attacking the Browser

[Biron, Jessica]

Alexandros Kapravelos

Tuesday, February 24th
Noon 108 WVH

Abstract:
The browser has evolved from a simple program that displays static web pages to a continuously changing platform that has become our portal to the Internet. The fierce competition among the browser vendors has led to a remarkable introduction of features in past few years. The rapid changes and the high popularity of browsers have attracted attackers, which pose new threats to the unsuspecting Internet surfers. In this talk, I will focus on two different attacks related to browsers. First, I will present my work on defenses against drive-by downloads. These are attacks that take control of the users' machines by just visiting malicious URLs, have troubled the research community for years and are still affecting the users. Then, I will focus on a new emerging threat, malicious browser extensions. To cope with this new problem I'm going to present Hulk, a dynamic analysis system that detects malicious behavior in browser extensions by monitoring their execution and corresponding network activity.

Bio:
Alexandros Kapravelos is a PhD candidate in the Department of Computer Science at UC Santa Barbara. His research interests lie in the area of computer security with a focus on web security and attacks against the browser. He is the lead developer of Wepawet, a publicly available system that detects drive-by downloads with the use of an emulated browser, Revolver, a system that detects evasive drive-by download attempts, and Hulk, a browser extension analysis system. He is interested in internet-wide attacks that compromise users' security, building scalable systems to protect users, and improving privacy on the web.