Andrei Sabelfeld

Professor of computer security at Chalmers

Securing the Web of Things


The web is a key enabler for today’s ever more digital world. New paradigms, like the Internet of Things, incorporate web components and rely on web protocols for interoperability. Billions of devices from printers to smart TVs routinely run web servers and clients, forming a heterogeneous Web of Things. In the automotive domain, HTML5/JavaScript standards enable web connectivity through in-vehicle infotainment systems and vehicle data access protocols. At the same time, the web is regularly hit by a multitude of attacks, like the exfiltration of the browsing histories of millions of users by malicious browser extensions (discovered in July 2019). Many classes of vulnerabilities persist even on popular websites, like the XSS vulnerability on Google Search page visited by billions of users daily (discovered in February 2019). This talk will address challenges in web application security, focusing on how to secure modern web applications as well as Web of Things applications like IoT and in-vehicle apps.


Andrei Sabelfeld is a Professor in the Department of Computer Science and Engineering at Chalmers University of Technology in Gothenburg, Sweden. Before joining Chalmers as faculty, he was a Research Associate at Cornell University in Ithaca, NY, USA. Andrei Sabelfeld’s research ranges from foundations to practice of software security and privacy. Today, he leads a team of researchers at Chalmers engaged in a number of internationally visible projects on software security, web security, IoT security, and location privacy.