WebSec

Our society relies on the web to support the economic, governmental, and military infrastructure, making web security critical for Cybersecurity and Information Security at large. WebSec: Securing Web-driven Systems sets out to develop a principled security platform for the web.
WebSec will result in:

  • Comprehensive framework for detection, mitigation, and prevention of cross-site scripting (XSS) attacks.

  • JavaScript program analysis platform for monitoring and symbolically executing JavaScript.

  • Principled framework for system-wide security, enabling confinement, tainting, and information-flow control mechanisms across web component boundaries.

Read more

Press in English

Andrei Sabelfeld: Securing the web of things

What is the Web of Things? What are the security implications of connecting previously incompatible standards, platforms, and technologies? This, as well as suitable countermeasuers, are discussed in the talk.

Source: Chalmers University of Technology

Building a solid ground for cybersecurity

Substantial tools and methods to counter the most common vulnerabilities on the web. Efforts to develop a secure internet of things for industrial use. Two new, extensive cybersecurity projects are about to start at the Department of Computer Science and Engineering.

Source: Chalmers Computer Science and Engineering


Press in Swedish

Tar helhetsgrepp på säkerhet i webbdrivna system

Cybersecurity är den största utmaningen för fortsatt digitalisering, och webbsäkerhet spelar en viktig roll i den strävan. Andrei Sabelfeld, professor vid avdelningen för informationssäkerhet på Chalmers och hans forskargrupp siktar på att bygga in säkerhet i webben redan från början.

Source: Framtidens Forskning

Bygger cybersäkerhet från grunden

Konkreta verktyg och metoder för att motverka de vanligaste sårbarheterna på webben. Insatser för att utveckla ett säkert sakernas internet för industrin. Två nya, omfattande projekt inom cybersäkerhet startar inom kort vid institutionen för data- och informationsteknik.

Source: Chalmers Computer Science and Engineering


Publications

Decision Procedures for Path Feasibility of String-Manipulating Programs with Complex Operations
Taolue Chen, Matthew Hague, Anthony W. Lin, Philipp Ruemmer, Zhilin Wu.
POPL 2019.

Raising the Bar: Evaluating Origin-wide Security Manifests
Steven Van Acker, Daniel Hausknecht and Andrei Sabelfeld.
In Proceedings of the Annual Computer Security Applications Conference (ACSAC) , San Juan, Puerto Rico, December 2018.

Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps
Iulia Bastys, Frank Piessens and Andrei Sabelfeld.
In Nordic Conference on Secure Systems (NordSec) , Oslo, Norway, November 2018.

If This Then What? Controlling Flows in IoT Apps
Iulia Bastys, Musard Balliu and Andrei Sabelfeld.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) , Toronto, Canada, October 2018.

Prudent Design Principles for Information Flow Control
Iulia Bastys, Frank Piessens and Andrei Sabelfeld.
In Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS) , Toronto, Canada, October 2018.

Information Flow Tracking for Side-effectful Libraries
Alexander Sjösten, Daniel Hedin and Andrei Sabelfeld.
In Proceedings of the International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE) , Madrid, Spain, June 2018.

Trau: SMT solver for string constraints
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Bui Phi Diep, Lukas Holik, Ahmed Rezine and Philipp Ruemmer.
FMCAD 2018.

Bit-Vector Interpolation and Quantifier Elimination by Lazy Reduction
Peter Backeman, Philipp Ruemmer and Aleksandar Zeljic
FMCAD 2018.

A Better Facet of Dynamic Information Flow Control
Minh Ngo, Nataliia Bielova, Cormac Flanagan, Tamara Rezk, Alejandro Russo, and Thomas Schmitz
In Proceedings WWW '18 Companion Proceedings of the The Web Conference 2018


People


Andrei Sabelfeld

Project Leader

Chalmers University of Technology

Daniel Hedin

Chalmers University of Technology
Mälardalen University

Alejandro Russo


Chalmers University of Technology

Philipp Rümmer


Uppsala University

David Sands


Chalmers University of Technology

Iulia Bastys


Chalmers University of Technology

Benjamin Eriksson


Chalmers University of Technology

Daniel Schoepe


Chalmers University of Technology

Alexander Sjösten


Chalmers University of Technology