Securing the mashed up web
Doctoral thesis, 2013

The Internet is no longer a web of linked pages, but a flourishing swarm of connected sites sharing resources and data. Modern web sites are increasingly interconnected, and a majority rely on content maintained by a third party. Web mashups are at the very extreme of this evolution, built almost entirely around external content. In that sense the web is becoming mashed up. This decentralized setting implies complex trust relationships among involved parties, since each party must trust all others not to compromise data. This poses a question: How can we secure the mashed up web? From a language-based perspective, this thesis approaches the question from two directions: attacking and securing the languages of the web. The first perspective explores new challenging scenarios and weaknesses in the modern web, identifying novel attack vectors, such as polyglot and mutation-based attacks, and their mitigations. The second perspective investigates new methods for tracking information in the browser, providing frameworks for expressing and enforcing decentralized information-flow policies using dynamic run-time monitors, as well as architectures for deploying such monitors.

HA4
Opponent: Ben Livshits, Microsoft Research

Author

Jonas Magazinius

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

Safe Wrappers and Sane Policies for Self Protecting JavaScript

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 7127(2012)p. 239-255

Paper in proceedings

A lattice-based approach to mashup security

5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010; Beijing; 13 April 2010 through 16 April 2010,; (2010)p. 15-23

Paper in proceedings

On-The-Fly Inlining Of Dynamic Security Monitors

Computers and Security,; Vol. 31(2012)p. 827-843

Journal article

Decentralized Delimited Release

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 7078(2011)p. 220-237

Paper in proceedings

Areas of Advance

Information and Communication Technology

Subject Categories

Software Engineering

Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie

HA4

Opponent: Ben Livshits, Microsoft Research

More information

Created

10/8/2017