Securing Web Applications by Information Flow Tracking

Objective

In today’s technology-centric world, web applications are a key
enabler for many day-to-day activities ranging from online banking to
in-vehicle infotainment. These applications have access to a wealth of
sensitive information. Unauthorized disclosure and corruption of this
information may result in financial damage, privacy violations, and
loss of human lives.

At the heart of modern web applications lies the *JavaScript*
language. When a user visits a web page, JavaScript code from
different sources is downloaded into the user’s browser and run *with
the same privileges* as if the code came from the web page
itself. This implies that to attack a web page, it is sufficient to
compromise a third-party code component.

Drawing on the technology of *information flow tracking* developed by
the PI’s ERC project, FlowShield will provide *an innovative platform
for security testing and secure integration* of JavaScript code from
different providers. This will enable ICT companies to benefit from
the tremendous business opportunities created by third-party services,
while providing secure products to their customers.

With banking and automotive industries as prime targets, FlowShield
will confirm the potential of our security solution by investigating
market trends, competitors, Intellectual Property Rights (IPR) and
business models, while seeking strategic alliances with industrial and
innovation actors. The goal is to identify concrete market
applications and business models for securing web applications by
utilizing the information flow tracking technology. FlowShield will
allow ICT companies to benefit from the tremendous business
opportunities created by third-party services, while providing secure
products to their customers.