SafeWeb: A Middleware for Securing Ruby-Based Web Applications

Abstract : Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties. Currently, software bugs may lead to irreversible disclosure of confidential data in multi-tier web applications. An open challenge is how developers can guarantee these web applications only ever release sensitive data to authorised users without costly, recurring security audits.Our solution is to provide a trusted middleware that acts as a “safety net” to event-based enterprise web applications by preventing harmful data disclosure before it happens. We describe the design and implementation of SafeWeb, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing. For efficiency, maintainability and ease-of-use, SafeWeb exploits the dynamic features of the Ruby programming language to achieve label propagation and data flow enforcement. We evaluate SafeWeb by reporting our experience of implementing a web-based cancer treatment application and deploying it as part of the UK National Health Service (NHS).
Type de document :
Communication dans un congrès
Fabio Kon; Anne-Marie Kermarrec. 12th International Middleware Conference (MIDDLEWARE), Dec 2011, Lisbon, Portugal. Springer, Lecture Notes in Computer Science, LNCS-7049, pp.491-511, 2011, Middleware 2011. 〈10.1007/978-3-642-25821-3_25〉
Liste complète des métadonnées

Littérature citée [31 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01597759
Contributeur : Hal Ifip <>
Soumis le : jeudi 28 septembre 2017 - 17:11:16
Dernière modification le : jeudi 28 septembre 2017 - 17:16:54

Fichier

978-3-642-25821-3_25_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Petr Hosek, Matteo Migliavacca, Ioannis Papagiannis, David Eyers, David Evans, et al.. SafeWeb: A Middleware for Securing Ruby-Based Web Applications. Fabio Kon; Anne-Marie Kermarrec. 12th International Middleware Conference (MIDDLEWARE), Dec 2011, Lisbon, Portugal. Springer, Lecture Notes in Computer Science, LNCS-7049, pp.491-511, 2011, Middleware 2011. 〈10.1007/978-3-642-25821-3_25〉. 〈hal-01597759〉

Partager

Métriques

Consultations de la notice

9

Téléchargements de fichiers

2