Periodic Report Summary - WEBAPPSEC (Web Application Security Policies and Enforcement)
The focus of the project was to develop the theoretical knowledge and practical mechanisms needed to address security concerns in web applications. Web applications entail software, scripts and other executable components running on the user's computer, without the user having specifically installed the software. This has many benefits in terms of providing users access to interactive content and even full software functionality through the web, but it also creates new security issues. This project was addressing core issues involved in modeling security threats and security mechanisms in that context. Three specific elements were off to a good start within the project. The analysis of programming languages as an element in providing security is a notion different from the traditional emphasis on the operating system. Another was the development of control-flow integrity principles to prevent the possibility of malicious subversion of application machine code. The third was the development of secure distributed aggregation functionality, which addresses some of the issues that arise in collaboration between applications in different systems.