{"id":182612,"date":"2008-04-01T00:00:00","date_gmt":"2009-10-31T09:49:02","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/msr-research-item\/candidate-talk-end-to-end-security-for-web-applications-a-language-based-approach\/"},"modified":"2016-09-09T10:00:43","modified_gmt":"2016-09-09T17:00:43","slug":"candidate-talk-end-to-end-security-for-web-applications-a-language-based-approach","status":"publish","type":"msr-video","link":"https:\/\/www.microsoft.com\/en-us\/research\/video\/candidate-talk-end-to-end-security-for-web-applications-a-language-based-approach\/","title":{"rendered":"Candidate Talk: End-to-end Security for Web Applications : A Language-based Approach"},"content":{"rendered":"
\n

Most large organizations must maintain a substantial information
\npresence on the world wide web in order to share information with
\ntheir partners and customers. For instance, the United States military
\nhas begun using Intellipedia, a wiki-based online document management
\nsystem, in order to promote information sharing between the sixteen
\nagencies that comprise the U.S. intelligence community. Among other
\nsecurity requirements, such an application should only allow
\nauthorized users to access sensitive portions of a document, it should
\ntrack the provenance of data in each document and it should ensure
\nthat information releases follow a specific downgrading
\nprotocol. Web-specific threats, like script injection attacks, must
\nalso be thwarted if critical data like authentication tokens are to be
\nprotected. A framework that ensures that such a wide range of security
\nconcerns is correctly addressed is highly desirable but, to date, no
\nsuch framework exists.<\/p>\n

In this talk, I present SELinks, an extension of the Links programming
\nlanguage in which web applications can be shown to correctly enforce a
\nwide variety of security policies end to end. In SELinks, a programmer
\nspecifies a custom security policy by associating security labels with
\nsensitive operations and data. SELinks prevents a policy from being
\ncircumvented by allowing labeled terms to be manipulated only within a
\nseparate part of the program called the enforcement policy;
\napplication code must treat labeled values abstractly. SELinks is also
\nequipped with support for policies that protect users running a
\nspecially modified browser from script injection attacks. We have used
\nSELinks to build two substantial applications, including a secure
\nonline document management system. Our initial experience indicates
\nthat it is relatively easy to correctly enforce many common policies
\nin SELinks and, using a formal model, to prove that correct
\nenforcement entails the fulfillment of high-level security objectives.<\/p>\n<\/div>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Most large organizations must maintain a substantial information presence on the world wide web in order to share information with their partners and customers. For instance, the United States military has begun using Intellipedia, a wiki-based online document management system, in order to promote information sharing between the sixteen agencies that comprise the U.S. intelligence […]<\/p>\n","protected":false},"featured_media":194706,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","msr_hide_image_in_river":0,"footnotes":""},"research-area":[],"msr-video-type":[],"msr-locale":[268875],"msr-post-option":[],"msr-session-type":[],"msr-impact-theme":[],"msr-pillar":[],"msr-episode":[],"msr-research-theme":[],"class_list":["post-182612","msr-video","type-msr-video","status-publish","has-post-thumbnail","hentry","msr-locale-en_us"],"msr_download_urls":"","msr_external_url":"https:\/\/youtu.be\/WTrK_-IzfgA","msr_secondary_video_url":"","msr_video_file":"","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video\/182612","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-video"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video\/182612\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media\/194706"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=182612"}],"wp:term":[{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=182612"},{"taxonomy":"msr-video-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video-type?post=182612"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=182612"},{"taxonomy":"msr-post-option","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-post-option?post=182612"},{"taxonomy":"msr-session-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-session-type?post=182612"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=182612"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=182612"},{"taxonomy":"msr-episode","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-episode?post=182612"},{"taxonomy":"msr-research-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-theme?post=182612"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}