Our society relies on the web to support the economic, governmental, and
military infrastructure, making web security critical for Cybersecurity and
Information Security at large. WebSec: Securing Web-driven
Systems sets out to develop a principled security platform for the web.
The project is supported by the
Swedish Foundation for Strategic Research (SSF)
and will result in:
-
Comprehensive framework for detection, mitigation, and prevention of cross-site scripting (XSS) attacks.
-
JavaScript program analysis platform for monitoring and symbolically executing JavaScript.
-
Principled framework for system-wide security, enabling confinement, tainting, and information-flow control mechanisms across web component boundaries.
Press in English
Password change day – how to act
January 20, is the annual Password Change Day set to remind us to review and change login to our Internet accounts. We often hear reports of leaked login information, hijacked accounts and are urged to choose a safe password. So how can we keep our accounts secure online?
Source: Chalmers University of Technology
Andrei Sabelfeld: Securing the web of things
What is the Web of Things? What are the security implications of connecting previously incompatible standards, platforms, and technologies? This, as well as suitable countermeasuers, are discussed in the talk.
Source: Chalmers University of Technology
Building a solid ground for cybersecurity
Substantial tools and methods to counter the most common vulnerabilities on the web. Efforts to develop a secure internet of things for industrial use. Two new, extensive cybersecurity projects are about to start at the Department of Computer Science and Engineering.
Source: Chalmers Computer Science and Engineering
Press in Swedish
Lösenordsbytardagen – detta behöver du veta
Den 20 januari infaller den årliga Lösenordsbytardagen som ska påminna oss om att se över och byta inlogg till våra konton på internet. Regelbundet kommer rapporter om läckta inloggningsuppgifter, kapade konton och uppmaningar att välja ett säkert lösenord. Så hur håller man sina konton säkra på nätet?
Source: Chalmers University of Technology
Tar helhetsgrepp på säkerhet i webbdrivna system
Cybersecurity är den största utmaningen för fortsatt digitalisering, och webbsäkerhet spelar en viktig roll i den strävan. Andrei Sabelfeld, professor vid avdelningen för informationssäkerhet på Chalmers och hans forskargrupp siktar på att bygga in säkerhet i webben redan från början.
Source: Framtidens Forskning
Bygger cybersäkerhet från grunden
Konkreta verktyg och metoder för att motverka de vanligaste sårbarheterna på webben. Insatser för att utveckla ett säkert sakernas internet för industrin. Två nya, omfattande projekt inom cybersäkerhet startar inom kort vid institutionen för data- och informationsteknik.
Source: Chalmers Computer Science and Engineering
Källström möter Andrei Sabelfeld
Med de hot som många ser framför sig i och med digitaliseringens aktiva närvaro i vår vardag ställs frågan: Hur kan vi garantera en säkerhet i cybervärlden?
Source: Sustainability Circle
Publications
SandTrap: Securing JavaScript-driven Trigger-Action Platforms
Mohammad M. Ahmadpanah, Daniel Hedin, Musard Balliu, Lars Eric Olsson, and Andrei Sabelfeld
In
Proceedings of the USENIX Security Symposium, 2021.
Nontransitive Policies Transpiled
Mohammad M. Ahmadpanah, Aslan Askarov, and Andrei Sabelfeld
In
Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P), 2021
Black Widow: Blackbox Data-driven Web Scanning
Benjamin Eriksson, Giancarlo Pellegrino and Andrei Sabelfeld.
In
Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2021
SoK: Chasing Accuracy and Privacy, and Catching Both in Differentially Private Histogram Publication
Boel Nelson, Jenni Reuben
In
Transactions on Data Privacy (TDP), 2020
Monadic Decomposition in Integer Linear Arithmetic
Matthew Hague, Anthony W. Lin, Philipp Rümmer, Zhilin Wu
In
International Joint Conference on Automated Reasoning (IJCAR), 2020
A Decision Procedure for Path Feasibility of String Manipulating Programs with Integer Data Type.
Taolue Chen, Matthew Hague, Jinlong He, Denghang Hu, Anthony Widjaja Lin, Philipp Rümmer, Zhilin Wu
In
Automated Technology for Verification and Analysis (ATVA), 2020
HMAC and "Secure Preferences": Revisiting Chromium-based Browsers Security,
Pablo Picazo-Sanchez, Gerardo Schneider and Andrei Sabelfeld
In
Proceedings of the International Conference on Cryptology And Network Security (CANS), 2020
AutoNav: Evaluation and Automatization of Web Navigation Policies
Benjamin Eriksson and Andrei Sabelfeld.
In
Proceedings of the Web Conference (WWW), 2020
On Strings in Software Model Checking
Hossein Hojjat, Philipp Ruemmer, and Ali Shamakhi.
In
Proceedings of the Asian Symposium on Programming Languages and Systems (APLAS), 2019
An Empirical Study of Information Flows in Real-World JavaScript
Cristian-Alexandru Staicu, Daniel Schoepe, Musard Balliu, Michael Pradel and Andrei Sabelfeld
In
Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS), 2019
Securing IoT Apps
Musard Balliu, Iulia Bastys and Andrei Sabelfeld
In
IEEE Security and Privacy Magazine, Special Issue on the Internet of Things (IoT), 2019
Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks
Alexander Sjösten, Steven Van Acker, Pablo Picazo-Sanchez and Andrei Sabelfeld.
In
Proceedings of Network and Distributed System Security Symposium (NDSS), 2019
Information-Flow Control for Database-backed Applications
Marco Guarnieri, Musard Balliu, Daniel Schoepe, David Basin, and Andrei Sabelfeld.
In
Proceedings of IEEE European Symposium on Security and Privacy (EuroS&P), 2019
Probabilistic Bisimulation for Parameterized Systems (with applications to verifying anonymous protocols)
Chih-Duo Hong, Anthony W. Lin, Rupak Majumdar and Philipp Ruemmer.
In
Proceedings of Computer Aided Verification (CAV), 2019
Decision Procedures for Path Feasibility of String-Manipulating Programs with Complex Operations
Taolue Chen, Matthew Hague, Anthony W. Lin, Philipp Ruemmer, Zhilin Wu.
In
Proceedings of Principles of Programming Languages (POPL), 2019
Raising the Bar: Evaluating Origin-wide Security Manifests
Steven Van Acker, Daniel Hausknecht and Andrei Sabelfeld.
In
Proceedings of the Annual Computer Security
Applications Conference (ACSAC), 2018
Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps
Iulia Bastys, Frank Piessens and Andrei Sabelfeld.
In
Proceedings of the Nordic Conference on Secure Systems (NordSec), 2018
If This Then What? Controlling Flows in IoT Apps
Iulia Bastys, Musard Balliu and Andrei Sabelfeld.
In
Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2018
Prudent Design Principles for Information Flow Control
Iulia Bastys, Frank Piessens and Andrei Sabelfeld.
In
Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS), 2018
Information Flow Tracking for Side-effectful Libraries
Alexander Sjösten, Daniel Hedin and Andrei Sabelfeld.
In
Proceedings of the International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE), 2018
Trau: SMT solver for string constraints
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Bui Phi Diep, Lukas Holik, Ahmed Rezine and Philipp Ruemmer.
In
Proceedings of Formal Methods in Computer-Aided Design (FMCAD), 2018
Bit-Vector Interpolation and Quantifier Elimination by Lazy Reduction
Peter Backeman, Philipp Ruemmer and Aleksandar Zeljic
In
Proceedings of Formal Methods in Computer-Aided Design (FMCAD), 2018
A Better Facet of Dynamic Information Flow Control
Minh Ngo, Nataliia Bielova, Cormac Flanagan, Tamara Rezk, Alejandro Russo, and Thomas Schmitz
In
Proceedings of the Web Conference (WWW), 2018
