XS-Shredder: A Cross-Layer Framework for Removing Code Bloat in Web Applications

Abstract

Modern web applications are incredibly complex pieces of software, with frameworks and libraries that assist webdevelopers to write"" their applications quickly. However, these frameworks and libraries ultimately increase the attacksurface of the web application~a"s any bugs in the frameworks and libraries can be leveraged by an attacker tocompromise the security of the web application. Furthe"rmore, attackers can leverage features of the libraries andframeworks to assist them in their compromise.In this proposal, we pres""ent the design of a framework, called XS-Shredder, which is able to debloat all layers of theweb application software stack: client"#NAME?"y resulting in a web application that is semantically identically, yetwith a significantly reduced attack surface. We believe that" this approach will yield techniques that are applicable toother domains in addition to web applications.

Document Details

Document Type
DoD Grant Award
Publication Date
May 05, 2017
Source ID
N000141712541

Entities

People

  • Adam DoupĂ©

Organizations

  • Arizona State University
  • Office of Naval Research
  • United States Navy

Tags

Fields of Study

  • Computer science

Readers

  • Computer Programming and Software Development.
  • Distributed Systems and Data Platform Development