Our society relies on the web to support the economic, governmental, and
military infrastructure, making web security critical for Cybersecurity and
Information Security at large. WebSec: Securing Web-driven
Systems sets out to develop a principled security platform for the web.
The project is supported by the
Swedish Foundation for Strategic Research (SSF)
and will result in:
-
Comprehensive framework for detection, mitigation, and prevention of cross-site scripting (XSS) attacks.
-
JavaScript program analysis platform for monitoring and symbolically executing JavaScript.
-
Principled framework for system-wide security, enabling confinement, tainting, and information-flow control mechanisms across web component boundaries.
Press in English
Andrei Sabelfeld: Securing the web of things
What is the Web of Things? What are the security implications of connecting previously incompatible standards, platforms, and technologies? This, as well as suitable countermeasuers, are discussed in the talk.
Source: Chalmers University of Technology
Building a solid ground for cybersecurity
Substantial tools and methods to counter the most common vulnerabilities on the web. Efforts to develop a secure internet of things for industrial use. Two new, extensive cybersecurity projects are about to start at the Department of Computer Science and Engineering.
Source: Chalmers Computer Science and Engineering
Press in Swedish
Tar helhetsgrepp på säkerhet i webbdrivna system
Cybersecurity är den största utmaningen för fortsatt digitalisering, och webbsäkerhet spelar en viktig roll i den strävan. Andrei Sabelfeld, professor vid avdelningen för informationssäkerhet på Chalmers och hans forskargrupp siktar på att bygga in säkerhet i webben redan från början.
Source: Framtidens Forskning
Bygger cybersäkerhet från grunden
Konkreta verktyg och metoder för att motverka de vanligaste sårbarheterna på webben. Insatser för att utveckla ett säkert sakernas internet för industrin. Två nya, omfattande projekt inom cybersäkerhet startar inom kort vid institutionen för data- och informationsteknik.
Source: Chalmers Computer Science and Engineering
Källström möter Andrei Sabelfeld
Med de hot som många ser framför sig i och med digitaliseringens aktiva närvaro i vår vardag ställs frågan: Hur kan vi garantera en säkerhet i cybervärlden?
Source: Sustainability Circle
Publications
Decision Procedures for Path Feasibility of String-Manipulating Programs with Complex Operations
Taolue Chen, Matthew Hague, Anthony W. Lin, Philipp Ruemmer, Zhilin Wu.
POPL 2019.
Raising the Bar: Evaluating Origin-wide Security Manifests
Steven Van Acker, Daniel Hausknecht and Andrei Sabelfeld.
In
Proceedings of the Annual Computer Security
Applications Conference (ACSAC)
,
San Juan, Puerto Rico, December 2018.
Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps
Iulia Bastys, Frank Piessens and Andrei Sabelfeld.
In
Nordic Conference on Secure Systems (NordSec)
,
Oslo, Norway, November 2018.
If This Then What? Controlling Flows in IoT Apps
Iulia Bastys, Musard Balliu and Andrei Sabelfeld.
In
Proceedings of the ACM Conference on Computer and Communications Security (CCS)
,
Toronto, Canada, October 2018.
Prudent Design Principles for Information Flow Control
Iulia Bastys, Frank Piessens and Andrei Sabelfeld.
In
Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS)
,
Toronto, Canada, October 2018.
Information Flow Tracking for Side-effectful Libraries
Alexander Sjösten, Daniel Hedin and Andrei Sabelfeld.
In
Proceedings of the International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE)
,
Madrid, Spain, June 2018.
Trau: SMT solver for string constraints
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Bui Phi Diep, Lukas Holik, Ahmed Rezine and Philipp Ruemmer.
FMCAD 2018.
Bit-Vector Interpolation and Quantifier Elimination by Lazy Reduction
Peter Backeman, Philipp Ruemmer and Aleksandar Zeljic
FMCAD 2018.
A Better Facet of Dynamic Information Flow Control
Minh Ngo, Nataliia Bielova, Cormac Flanagan, Tamara Rezk, Alejandro Russo, and Thomas Schmitz
In
Proceedings WWW '18 Companion Proceedings of the The Web Conference 2018
