Our society relies on the web to support the economic, governmental, and military infrastructure, making web security critical for Cybersecurity and Information Security at large. WebSec: Securing Web-driven Systems sets out to develop a principled security platform for the web. The project is supported by the Swedish Foundation for Strategic Research (SSF) and will result in:

  • Comprehensive framework for detection, mitigation, and prevention of cross-site scripting (XSS) attacks.

  • JavaScript program analysis platform for monitoring and symbolically executing JavaScript.

  • Principled framework for system-wide security, enabling confinement, tainting, and information-flow control mechanisms across web component boundaries.

Read more

Press in English

Andrei Sabelfeld: Securing the web of things

What is the Web of Things? What are the security implications of connecting previously incompatible standards, platforms, and technologies? This, as well as suitable countermeasuers, are discussed in the talk.

Source: Chalmers University of Technology

Building a solid ground for cybersecurity

Substantial tools and methods to counter the most common vulnerabilities on the web. Efforts to develop a secure internet of things for industrial use. Two new, extensive cybersecurity projects are about to start at the Department of Computer Science and Engineering.

Source: Chalmers Computer Science and Engineering


Press in Swedish

Tar helhetsgrepp på säkerhet i webbdrivna system

Cybersecurity är den största utmaningen för fortsatt digitalisering, och webbsäkerhet spelar en viktig roll i den strävan. Andrei Sabelfeld, professor vid avdelningen för informationssäkerhet på Chalmers och hans forskargrupp siktar på att bygga in säkerhet i webben redan från början.

Source: Framtidens Forskning

Bygger cybersäkerhet från grunden

Konkreta verktyg och metoder för att motverka de vanligaste sårbarheterna på webben. Insatser för att utveckla ett säkert sakernas internet för industrin. Två nya, omfattande projekt inom cybersäkerhet startar inom kort vid institutionen för data- och informationsteknik.

Source: Chalmers Computer Science and Engineering

Källström möter Andrei Sabelfeld

Med de hot som många ser framför sig i och med digitaliseringens aktiva närvaro i vår vardag ställs frågan: Hur kan vi garantera en säkerhet i cybervärlden?

Source: Sustainability Circle


Publications

Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks
Alexander Sjösten, Steven Van Acker, Pablo Picazo-Sanchez and Andrei Sabelfeld.
NDSS 2019.

Information-Flow Control for Database-backed Applications
Marco Guarnieri, Musard Balliu, Daniel Schoepe, David Basin, and Andrei Sabelfeld.
NDSS 2019.

Probabilistic Bisimulation for Parameterized Systems (with applications to verifying anonymous protocols)
Chih-Duo Hong, Anthony W. Lin, Rupak Majumdar and Philipp Ruemmer.
CAV 2019.

Decision Procedures for Path Feasibility of String-Manipulating Programs with Complex Operations
Taolue Chen, Matthew Hague, Anthony W. Lin, Philipp Ruemmer, Zhilin Wu.
POPL 2019.

Raising the Bar: Evaluating Origin-wide Security Manifests
Steven Van Acker, Daniel Hausknecht and Andrei Sabelfeld.
In Proceedings of the Annual Computer Security Applications Conference (ACSAC) , San Juan, Puerto Rico, December 2018.

Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps
Iulia Bastys, Frank Piessens and Andrei Sabelfeld.
In Nordic Conference on Secure Systems (NordSec) , Oslo, Norway, November 2018.

If This Then What? Controlling Flows in IoT Apps
Iulia Bastys, Musard Balliu and Andrei Sabelfeld.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) , Toronto, Canada, October 2018.

Prudent Design Principles for Information Flow Control
Iulia Bastys, Frank Piessens and Andrei Sabelfeld.
In Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS) , Toronto, Canada, October 2018.

Information Flow Tracking for Side-effectful Libraries
Alexander Sjösten, Daniel Hedin and Andrei Sabelfeld.
In Proceedings of the International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE) , Madrid, Spain, June 2018.

Trau: SMT solver for string constraints
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Bui Phi Diep, Lukas Holik, Ahmed Rezine and Philipp Ruemmer.
FMCAD 2018.

Bit-Vector Interpolation and Quantifier Elimination by Lazy Reduction
Peter Backeman, Philipp Ruemmer and Aleksandar Zeljic
FMCAD 2018.

A Better Facet of Dynamic Information Flow Control
Minh Ngo, Nataliia Bielova, Cormac Flanagan, Tamara Rezk, Alejandro Russo, and Thomas Schmitz
In Proceedings WWW '18 Companion Proceedings of the The Web Conference 2018


People


Andrei Sabelfeld

Project Leader

Chalmers University of Technology

Daniel Hedin

Chalmers University of Technology
Mälardalen University

Alejandro Russo


Chalmers University of Technology

Philipp Rümmer


Uppsala University

David Sands


Chalmers University of Technology

Iulia Bastys


Chalmers University of Technology

Benjamin Eriksson


Chalmers University of Technology

Matthías P. Gissurarson


Chalmers University of Technology

Daniel Schoepe


Chalmers University of Technology

Alexander Sjösten


Chalmers University of Technology