E-Locus - Institutional Repository of the University of Crete - Practical Information Flow for Legacy Web Applications

Home Practical Information Flow for Legacy Web Applications

Results - Details

[Add to Basket]

Identifier

000376965

Title

Practical Information Flow for Legacy Web Applications

Alternative Title

Μέθοδος για την εφαρμογή ροών πληροφορίας σε υπάρχουσες διαδυκτιακές εφαρμογές

Author

Χήνης, Γεώργιος Δημήτριος

Thesis advisor

Ιωαννίδης, Σωτήρης
Πρατικάκης, Πολύβιος
Αθανασόπουλος, Ηλίας

Abstract

The popularity of web applications, coupled with the data they operate on, makes them prime targets for miscreants that want to misuse them. To make matters worse, a lot of these applications, have not been implemented with security in mind, while refactoring an existing, large web application to implement a security or privacy policy is prohibitively difficult. This thesis presents LabelFlow, an extension of PHP that simplifies implementation of security policies in web applications. To enforce a policy, LabelFlow tracks the propagation of information throughout the application, transparently and efficiently, both in the PHP runtime and through persistent storage. We provide strong theoretical guarantees for the policy enforcement in LabelFlow; we define its semantics for a simple calculus and prove that it protects against information leaks. LabelFlow is applicable to real-world large scale web applications. We used LabelFlow to add and enforce access control policies in three popular web application MediaWiki, WordPress and OpenCart with small execution overhead and code changes.

Language

English

Subject

Information Flow

Internet

Security

Ασφάλεια

Διαδύκτιο

Ροές πληροφορίας

Issue date

2012-11-16

Collection