FlowShield: Securing Web Applications by Information Flow Tracking
Forskningsprojekt, 2018
– 2020
In today’s technology-centric world, web applications are a key enabler for many day-to-day activities ranging from online banking to in-vehicle infotainment. These applications have access to a wealth of sensitive information. Unauthorized disclosure and corruption of this information may result in financial damage, privacy violations, and loss of human lives. At the heart of modern web applications lies the *JavaScript* language. When a user visits a web page, JavaScript code from different sources is downloaded into the user’s browser and run *with the same privileges* as if the code came from the web page itself. This implies that to attack a web page, it is sufficient to compromise a third-party code component. Drawing on the technology of *information flow tracking* developed by the PI’s ERC project, FlowShield will provide *an innovative platform for security testing and secure integration* of JavaScript code from different providers. This will enable ICT companies to benefit from the tremendous business opportunities created by third-party services, while providing secure products to their customers. With banking and automotive industries as prime targets, FlowShield will confirm the potential of our security solution by investigating market trends, competitors, Intellectual Property Rights (IPR) and business models, while seeking strategic alliances with industrial and innovation actors. The goal is to identify concrete market applications and business models for securing web applications by utilizing the information flow tracking technology. FlowShield will allow ICT companies to benefit from the tremendous business opportunities created by third-party services, while providing secure products to their customers.
Deltagare
Andrei Sabelfeld (kontakt)
Chalmers, Data- och informationsteknik, Informationssäkerhet
Finansiering
Europeiska forskningsrådet (ERC)
Projekt-id: EC/H2020/811187
Finansierar Chalmers deltagande under 2018–2020
Relaterade styrkeområden och infrastruktur
Informations- och kommunikationsteknik
Styrkeområden