Write a Blog >>
ICST 2020
Sat 24 - Wed 28 October 2020 Porto, Portugal

This program is tentative and subject to change.

Tue 27 Oct 2020 10:30 - 11:00 at Farfetch (D. Maria) - IT3 - Safety & Security Chair(s): Rui Abreu
Tue 27 Oct 2020 21:30 - 22:00 at Farfetch (D. Maria) - IT3 - Safety & Security Chair(s): Rui Abreu

Most modern cloud and web services are programmatically accessed through REST APIs. This paper discusses how an attacker might compromise a service by exploiting vulnerabilities in its REST API. We introduce four security rules that capture desirable properties of REST APIs and services. We then show how a stateful REST API fuzzer can be extended with active property checkers that automatically test and detect violations of these rules. We discuss how to implement such checkers in a modular and efficient way. Using these checkers, we found new bugs in several deployed production Azure and Office365 cloud services, and we discuss their security implications. All these bugs have been fixed.

This program is tentative and subject to change.

Tue 27 Oct
Times are displayed in time zone: (GMT+01:00) Greenwich Mean Time : Lisbon change

10:00 - 11:00: IT3 - Safety & SecurityIndustry Track at Farfetch (D. Maria) +11h
Chair(s): Rui AbreuFaculty of Engineering, University of Porto, Portugal
10:00 - 10:30
Talk
Industry Track
Alessandro CalòTechnical University of Munich, Paolo ArcainiNational Institute of Informatics , Shaukat AliSimula Research Laboratory, Florian HauerTechnical University of Munich, Fuyuki IshikawaNational Institute of Informatics
Link to publication DOI
10:30 - 11:00
Talk
Industry Track
Vaggelis AtlidakisColumbia University, Patrice GodefroidMicrosoft Research, USA, Marina PolishchukMicrosoft Research, USA
Link to publication DOI
21:00 - 22:00: IT3 - Safety & SecurityIndustry Track at Farfetch (D. Maria)
Chair(s): Rui AbreuFaculty of Engineering, University of Porto, Portugal
21:00 - 21:30
Talk
Industry Track
Alessandro CalòTechnical University of Munich, Paolo ArcainiNational Institute of Informatics , Shaukat AliSimula Research Laboratory, Florian HauerTechnical University of Munich, Fuyuki IshikawaNational Institute of Informatics
Link to publication DOI
21:30 - 22:00
Talk
Industry Track
Vaggelis AtlidakisColumbia University, Patrice GodefroidMicrosoft Research, USA, Marina PolishchukMicrosoft Research, USA
Link to publication DOI