CORDIS
EU research results

CORDIS

English EN

Foundations and Tools for Client-Side Web Security

Project information

Grant agreement ID: 771527

Status

Ongoing project

  • Start date

    1 June 2018

  • End date

    31 May 2023

Funded under:

H2020-EU.1.1.

  • Overall budget:

    € 1 990 000

  • EU contribution

    € 1 990 000

Hosted by:

TECHNISCHE UNIVERSITAET WIEN

Austria

Objective

The constantly increasing number of attacks on web applications shows how their rapid development has not been accompanied by adequate security foundations and demonstrates the lack of solid security enforcement tools. Indeed, web applications expose a gigantic attack surface, which hinders a rigorous understanding and enforcement of security properties. Hence, despite the worthwhile efforts to design secure web applications, users for a while will be confronted with vulnerable, or maliciously crafted, code. Unfortunately, end users have no way at present to reliably protect themselves from malicious applications.

BROWSEC will develop a holistic approach to client-side web security, laying its theoretical foundations and developing innovative security enforcement technologies. In particular, BROWSEC will deliver the first client-side tool to secure web applications that is practical, in that it is implemented as an extension and can thus be easily deployed at large, and also provably sound, i.e., backed up by machine-checked proofs that the tool provides end users with the required security guarantees. At the core of the proposal lies a novel monitoring technique, which treats the browser as a blackbox and intercepts its inputs and outputs in order to prevent dangerous information flows. With this lightweight monitoring approach, we aim at enforcing strong security properties without requiring any expensive and, given the dynamic nature of web applications, statically infeasible program analysis.

BROWSEC is thus a multidisciplinary research effort, promising practical impact and delivering breakthrough advancements in various disciplines, such as web security, JavaScript semantics, software engineering, and program verification.
Leaflet | Map data © OpenStreetMap contributors, Credit: EC-GISCO, © EuroGeographics for the administrative boundaries

Host institution

TECHNISCHE UNIVERSITAET WIEN

Address

Karlsplatz 13
1040 Wien

Austria

Activity type

Higher or Secondary Education Establishments

EU Contribution

€ 1 990 000

Beneficiaries (1)

TECHNISCHE UNIVERSITAET WIEN

Austria

EU Contribution

€ 1 990 000

Project information

Grant agreement ID: 771527

Status

Ongoing project

  • Start date

    1 June 2018

  • End date

    31 May 2023

Funded under:

H2020-EU.1.1.

  • Overall budget:

    € 1 990 000

  • EU contribution

    € 1 990 000

Hosted by:

TECHNISCHE UNIVERSITAET WIEN

Austria