Peeking into the daily job of Googlers: Site Reliability Engineering, Globally consistent authorization with Zanzibar, and Web client-side security

Massimo Maggi
Michele Spagnuolo
DEIB - Conference Room "E. Gatti" (Bldg 20)
November 24th, 2022
from 2.00 to 5.00 pm
Contacts:
Alessandro Barenghi
Research Line:
System architectures
Michele Spagnuolo
DEIB - Conference Room "E. Gatti" (Bldg 20)
November 24th, 2022
from 2.00 to 5.00 pm
Contacts:
Alessandro Barenghi
Research Line:
System architectures
Sommario
On November 24th, 2022 starting at 2.00 pm will take place two talks about "Peeking into the daily job of Googlers: Site Reliability Engineering, Globally consistent authorization with Zanzibar, and Web client-side security" by Massimo Maggi and Michele Spagnuolo in DEIB Conference Room.
1. Google SRE (Site Reliability Engineer, the people responsible for running most Google services) will give a high-level, intuitive overview of how to scale systems to millions of users. Then will present a real SRE-supported internal Google service, Zanzibar the consistent, global authorization system which powers YouTube, Drive, Maps and many other Google services.
2. Web applications have historically been plagued by vulnerabilities which allow attackers to compromise the session of a logged-in user: XSS, CSRF, clickjacking and related issues are common problems that most developers learn about – often the hard way! Google, together with W3C members, developed new security mechanisms in web browsers (CSP3, Trusted Types, CORP/COOP/COEP) that webdevelopers can use to protect their applications. In this talk, you'll learn how to use them most effectively and how those are deployed across Alphabet.
1. Google SRE (Site Reliability Engineer, the people responsible for running most Google services) will give a high-level, intuitive overview of how to scale systems to millions of users. Then will present a real SRE-supported internal Google service, Zanzibar the consistent, global authorization system which powers YouTube, Drive, Maps and many other Google services.
2. Web applications have historically been plagued by vulnerabilities which allow attackers to compromise the session of a logged-in user: XSS, CSRF, clickjacking and related issues are common problems that most developers learn about – often the hard way! Google, together with W3C members, developed new security mechanisms in web browsers (CSP3, Trusted Types, CORP/COOP/COEP) that webdevelopers can use to protect their applications. In this talk, you'll learn how to use them most effectively and how those are deployed across Alphabet.
Biografia
Massimo Maggi started being interested in computer programming when he was a child, and this led him to become a PoliMi's student in 2008. After 5 years of studying and working in a small company, in 2013 he joined Google, working as an SRE.
Michele Spagnuolo currently works as a Staff Information Security Engineer at Google Zürich, leading the Web Security Infrastructure and Tooling area in the Information Security team. Born in Novara, studied computer engineering at Politecnico di Milano & UIC.
Michele Spagnuolo currently works as a Staff Information Security Engineer at Google Zürich, leading the Web Security Infrastructure and Tooling area in the Information Security team. Born in Novara, studied computer engineering at Politecnico di Milano & UIC.