Key Research Highlights > Cybersecurity > Web Security
Jin Song DONG Zhenkai LIANG Prateek SAXENA |
Web Security
Objective To address multiple security issues in Web applications. Results We have satisfied this project’s objective in two ways. First, we have developed new security primitives in the web platform to enforce mandatory security properties. This solution provides strong and flexible confinement techniques to isolate JavScript-based advertisements. Second, we have developed several large-scale analysis tools to analyse Web applications in an end-to-end manner, covering both client side and server side. This analysis tools have been used to analyse dynamic information flow properties in PHP and Microsoft .NET Web applications. Additionally, we have developed analysis tools based on taint-tracking and symbolic execution on client-side JavaScript code. Using our tools we have successfully identified DOM-based cross-site scripting and sanitisation failures in Web applications. |