Securing the mashed up web
Doktorsavhandling, 2013

The Internet is no longer a web of linked pages, but a flourishing swarm of connected sites sharing resources and data. Modern web sites are increasingly interconnected, and a majority rely on content maintained by a third party. Web mashups are at the very extreme of this evolution, built almost entirely around external content. In that sense the web is becoming mashed up. This decentralized setting implies complex trust relationships among involved parties, since each party must trust all others not to compromise data. This poses a question: How can we secure the mashed up web? From a language-based perspective, this thesis approaches the question from two directions: attacking and securing the languages of the web. The first perspective explores new challenging scenarios and weaknesses in the modern web, identifying novel attack vectors, such as polyglot and mutation-based attacks, and their mitigations. The second perspective investigates new methods for tracking information in the browser, providing frameworks for expressing and enforcing decentralized information-flow policies using dynamic run-time monitors, as well as architectures for deploying such monitors.

HA4
Opponent: Ben Livshits, Microsoft Research

Författare

Jonas Magazinius

Chalmers, Data- och informationsteknik, Programvaruteknik

Safe Wrappers and Sane Policies for Self Protecting JavaScript

Lecture Notes in Computer Science,; Vol. 7127(2010)p. 239-255

Paper i proceeding

A lattice-based approach to mashup security

5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010; Beijing; 13 April 2010 through 16 April 2010,; (2010)p. 15-23

Paper i proceeding

On-The-Fly Inlining Of Dynamic Security Monitors

Computers and Security,; Vol. 31(2012)p. 827-843

Artikel i vetenskaplig tidskrift

Decentralized Delimited Release

Lecture Notes in Computer Science,; Vol. 7078(2011)p. 220-237

Paper i proceeding

Styrkeområden

Informations- och kommunikationsteknik

Ämneskategorier

Programvaruteknik

Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie

HA4

Opponent: Ben Livshits, Microsoft Research