Tools and Techniques to Improve the Granularity and Usability of Web Application Debloating

Abstract

Modern web applications are incredibly complex pieces of software, with frameworks and libraries that assist web developers to write their applications quickly. However, these frameworks and libraries ultimately increase the attack surface of the web applicationas any bugs in the frameworks and libraries can be leveraged by an attacker to compromise the security of the webapplication. Furthermore, attackers can leverage features of the libraries and frameworks to assist them in their compromise. In a prior project, the PIs proposed the XS-Shredder framework to address the problem ofweb application complexity through debloating techniques that they applied to various aspectsof web applications. Throughout this project, the PIs have addressed a number of important problems, including applying debloating to SQL queries in PHP web applications to limit SQL injection vulnerabilities, a platform to quantify the security benefits of debloating web applications,identifying bloat in browser extensions, debloating browser extensions, analyzing real-world JavaScript code to understand JavaScript bloat, and debloating the interface between a PHP web applications and the OS.Building on the success and impact of our existing XS-Shredder efforts, the project proposed herein will research and develop novel, complementary, and synergistic capabilities that will improve the result and applicability of debloating to all layers of the web-application stack. These results will be demonstrated with proof-of-concept prototypes that we will quantitatively evaluate based on the reduction of code and known vulnerabilities. At the same time these prototypes should facilitate easy transition to customers within the Navy and beyond.

Document Details

Document Type

DoD Grant Award

Publication Date

Mar 15, 2021

Source ID

N000142112159

Entities

Tags