[e-lang] New paper: Fine-Grained Privilege Separation for Web Applications
daw at cs.berkeley.edu
Mon Feb 15 12:27:07 PST 2010
I thought I'd let you all know about a new paper from Akshay
Krishnamurthy, Adrian Mettler, and I:
Akshay Krishnamurthy, Adrian Mettler, and David Wagner.
"Fine-Grained Privilege Separation for Web Applications".
To appear at WWW 2010, April 26-30, 2010.
The paper looks at how to build web applications with a
privilege-separated architecture, following the principle of least
privilege. In particular, the paper is an application of object
capabilities to this problem. We look at an approach based on building
web applications in Joe-E, using a framework that is designed to support
least-privilege application architectures and to support reasoning about
the security of the webapp. Let us know what you think!
Abstract: We present a programming model for building web applications
with security properties that can be confidently verified during a
security review. In our model, applications are divided into isolated,
privilege-separated components, enabling rich security policies to
be enforced in a way that can be checked by reviewers. In our model,
the web framework enforces privilege separation and isolation of web
applications by requiring the use of an object-capability language and
providing interfaces that expose limited, explicitly-specified privileges
to application components. This approach restricts what each component
of the application can do and quarantines buggy or compromised code.
It also provides a way to more safely integrate third-party, less-trusted
code into a web application. We have implemented a prototype of this
model based upon the Java Servlet framework and used it to build a webmail
application. Our experience with this example suggests that the approach
is viable and helpful at establishing reviewable application-specific
More information about the e-lang