Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
TLDI
2009
ACM
2009
ACM
Secure compilation of a multi-tier web language
Storing state in the client tier (in forms or cookies, for example) improves the efficiency of a web application, but it also renders the secrecy and integrity of stored data vulnerable to untrustworthy clients. We study this general problem in the context of the LINKS multi-tier web-programming language. Like other systems, LINKS stores unencrypted application data, including web continuations, on the client tier; hence, LINKS is open to attacks that expose secrets, and modify control flow and application data. We characterise these attacks as failures of the general principle that security properties of multi-tier applications should follow simply from review of the source code (as opposed to the detailed study of the files compiled for each tier, for example). We propose a secure compilation strategy, which uses authenticated encryption to eliminate these threats, and we implement it as a simple extension to the LINKS system. We model this compilation strategy as a translation f...
Real-time TrafficCompilation Strategy | Formal Methods | Multi-tier Web-programming Language | Secure Compilation Strategy | TLDI 2009 |
Related Content
| Added | 17 Mar 2010 |
| Updated | 17 Mar 2010 |
| Type | Conference |
| Year | 2009 |
| Where | TLDI |
| Authors | Ioannis G. Baltopoulos, Andrew D. Gordon |
Comments (0)
Researcher Info
|
