Principled and practical web application security
Abstract/Contents
- Abstract
- Large-scale private user data theft has become a common occurrence on the web. A huge factor in these privacy breaches is that developers specify and enforce data security policies by strewing checks throughout their application code. Overlooking even a single check can lead to vulnerabilities. Unfortunately, even if developers manage to get all the checks right, most web applications rely on third-party code; a vulnerable or malicious third-party library, yet again, puts the user's data at risk. This dissertation presents a novel approach to protecting sensitive data even when application code is buggy or malicious. The key ideas of this work are to separate the security and privacy concerns of an application from its functionality, and to use language-level information flow control (IFC) to enforce policies throughout the application codebase. The main challenge of this approach is at once to design practical systems that can be easily adopted by average developers, and simultaneously to leverage formal semantics that rule out large classes of design error. To address this challenge, this dissertation presents two systems—Hails and COWL—which respectively address the security issues web applications face on the server and in the browser. Hails is a server-side web framework that separates the security and privacy concerns of an application from it functionality by following a new paradigm called model—policy—view—controller (MPVC). In the MPVC model, developers specify security policies in a single place, using a declarative policy specification language. Hails then enforces these policies across all application components using language-level IFC. This alleviates the need for application logic code to be intertwined with security checks and ensures that policies are enforced in a mandatory fashion, even across third-party code. Hails has been used by developers with a wide-range of expertise, from a novice high school student to expert web developers to build secure web sites with very small trusted computing bases. Some of these web applications were deployed production. While Hails ensures that server-side code cannot leak or corrupt sensitive user data, COWL extends this security guarantee to the browser, where JavaScript, typically provided by multiple disparate parties, computes on the user's sensitive data. COWL is a JavaScript confinement system that extends the browser security model with IFC, while retaining backwards compatibility with the existing Web. Much like Hails, COWL allows developers to associate policy with sensitive data, such as passwords. Within the confines of the browser, COWL then enforces these policies with IFC, prohibiting code from arbitrarily leaking data. This system has been implemented in both Firefox and Chromium, and is currently being standardized at the W3C as a new web specification. Building practical systems, such as Hails and COWL, using information flow control required new developments in language-level security foundations. This dissertation describes some of the main results which were key to Hails and COWL, including: DC Labels, a simple yet expressive label model based on propositional logic; LIO, a dynamic, language-level IFC system implemented in Haskell; and, IFC-Inside, a generalization of LIO system to arbitrary languages. These foundations explore a new design point in language-level IFC, which addresses many of the shortcomings of previews results, while providing strong security guarantees; this was previously thought to be impractical for purely dynamic IFC enforcement. Taken together, this dissertation presents practical systems that build on newly developed foundations in language-based security to provide end-to-end security to web applications. In addition to providing a solution to securing today's web applications, however, the strong security provided by these systems also opens up the possibility of deploying applications that, because of security concerns, were not previously practical.
Description
| Type of resource | text |
|---|---|
| Form | electronic; electronic resource; remote |
| Extent | 1 online resource. |
| Publication date | 2015 |
| Issuance | monographic |
| Language | English |
Creators/Contributors
| Associated with | Stefan, Deian |
|---|---|
| Associated with | Stanford University, Department of Computer Science. |
| Primary advisor | Mazières, David (David Folkman), 1972- |
| Primary advisor | Mitchell, John |
| Thesis advisor | Mazières, David (David Folkman), 1972- |
| Thesis advisor | Mitchell, John |
| Thesis advisor | Boneh, Dan |
| Advisor | Boneh, Dan |
Subjects
| Genre | Theses |
|---|
Bibliographic information
| Statement of responsibility | Deian Stefan. |
|---|---|
| Note | Submitted to the Department of Computer Science. |
| Thesis | Thesis (Ph.D.)--Stanford University, 2015. |
| Location | electronic resource |
Access conditions
- Copyright
- © 2015 by Deian Stefan
Also listed in
Loading usage metrics...