CyLab Seminar: Giancarlo Pellegrino

October 28, 2024

12:00 p.m. ET

Zoom or CIC room 4105, Panther Hollow

Giancarlo Pellegrino

*Please note: this CyLab seminar is open only to partners and Carnegie Mellon University faculty, students, and staff.

Speaker:
Giancarlo Pellegrino
Tenured Faculty
CISPA Helmholtz Center for Information Security

Talk Title:
Program Analysis for Web Applications at Scale

Abstract:
Web applications are integral to our modern society, serving a wide range of purposes from social sharing to financial transactions and control of critical infrastructure. However, the rapid development of new functionalities has led to increased complexity, which in turn has created significant security vulnerabilities exploited by attackers for unauthorized activities such as data theft, fraud, and illegal transactions. In response, it is crucial to discover, analyze, and learn from software vulnerabilities to enhance the security of web applications. This involves both immediate detection and long-term knowledge building. In this talk, I will highlight the work of my research group in developing methods to detect, study, and learn from vulnerabilities. We will then focus on JAW, an open-source framework for large-scale program analysis of client-side JavaScript. I will show how JAW can study vulnerabilities like client-side request hijacks and DOM clobbering, showcasing JAW's capacity to assess actual risks at scale, evaluate the efficacy of security measures, and contribute to secure development by aggregating code patterns and real-world examples.

Bio:
Giancarlo Pellegrino is a tenured faculty at CISPA Helmholtz Center for Information Security, where he leads the application security research group. Previously, he was a visiting asst professor at Stanford University as the first member of the CISPA-Stanford Center for Cybersecurity. Giancarlo earned his Ph.D. in Computer Science from Eurecom. His research primarily focuses on identifying, analyzing, and addressing vulnerabilities in web applications, both at the application and platform levels. Giancarlo served as a PC member for the major security venues (e.g., IEEE SP, CCS, and USENIX Security), as an area chair (USENIX Security 22-23), and is serving as a PC co-chair for USENIX Security 2025.