Towards a Secure and Privacy-Respecting Web

Location: TU Wien, FAV Hörsaal 1 Helmut Veith (Favoritenstraße 9-11, Erdgeschoß) (HEEG02)
Date/Time: 2024-12-20 11:00 ‒ 12:00

Abstract: The Hypertext Transfer Protocol, generally displayed as http in a browsers address-bar, is the fundamental protocol through which web browsers and websites communicate. However, data transferred by the regular http protocol is unprotected and transferred in cleartext, such that attackers are able to view, steal, or even tamper with the transmitted data. Carrying http over the Transport Layer Security (TLS) protocol, generally displayed as https in the address-bar of a browser, fixes this security shortcoming by creating a secure and encrypted connection between the browser and the website.

Over the past few years we have witnessed tremendous progress towards migrating the web to rely on https instead of the outdated and insecure http protocol. Within this talk we will highlight initiatives from browser vendors as well as community efforts to accelerate the migration from http to https and explore additional privacy mechanisms within a web browser which eventually will provide a browsing experience we want: secure and privacy-respecting!

Bio: Dr. Christoph Kerschbaumer has over two decades of experience in software engineering and computer security. His work ranges from designing secure systems with fail-safe defaults to fighting cross-site scripting to preventing man-in-the-middle attacks. Currently he is managing the Firefox Security Engineering team at Mozilla and is mentoring software engineers around the world to reach their full potential.
He received his PhD in Computer Science from the University of California, Irvine, where he focused his research on information flow tracking techniques within web browsers. Prior to being a graduate research scholar, he received a M.Sc. and B.Sc. in Computer Science from the Technical University Graz, Austria.