Skip to main content

Web Application Security Policies and Enforcement

Objective

We are all increasingly dependent on information systems and thus affected by how those systems are implemented in terms of their security, reliability, and protection of our privacy. In the future, interactive, high-functionality Web applications are likely to be one of the foundations on which services are provisioned and accessed in society at large. There is a great, current opportunity for the principled consideration of the security of these Web applications, and a re-thinking of previous assumptions. This grant project will perform such a reconsideration of the fundamentals of Web application security, giving special considerations to the three current developments known as Web 2.0. These are a new generation of richer Web content, such as interactive video, the aggregation of Web functionality from many services, and, finally, the migration of Web application functionality to the client Web browsers, in the form of scripts and other executable content. Concretely, the project will develop a new model of threats and attacks and security policies that apply to Web applications, including policies for service availability, data integrity, information secrecy and end-user privacy. In particular, the project will consider application-specific security policies, including commercial security policies, such those that apply to pricing in Web commerce, and take a new view of Web client responsibilities. A project goal is to enable the automatic derivation of such policies through static or dynamic analysis of the Web application and its manner of composition. The project will also develop flexible enforcement mechanisms for Web application security policies, including mechanisms based on inlined reference monitors and dynamic tracking of information flow. These mechanisms will rely on the inherently dynamic and fluid software distribution of Web Applications, which allows security-related changes such as monitoring code to be pushed to the end user.

Field of science

  • /social sciences/economics and business/business and management/commerce
  • /social sciences/sociology/social problems/migration
  • /natural sciences/computer and information sciences/software
  • /social sciences/sociology/governance/public services
  • /natural sciences/computer and information sciences/internet/web development

Call for proposal

FP7-PEOPLE-2007-4-3-IRG
See other projects for this call

Funding Scheme

MC-IRG - International Re-integration Grants (IRG)

Coordinator

HASKOLINN I REYKJAVIK EHF
Address
Menntavegur 1
101 Reykjavik
Iceland
Activity type
Higher or Secondary Education Establishments
EU contribution
€ 100 000
Administrative Contact
Ari Jónsson (Dr.)