Full Program »
Web applications are vulnerable to server-side data leaks, and securing sensitive data from Web applications without impos- ing unreasonable performance overheads or rewriting existing applications is challenging. We present the design and implementation of SilverLine, a system that prevents data leaks from compromised Web applications. SilverLine associates a user to each Web session and taints to each file and database record; it then applies information-flow tracking to the data associated with each session to ensure that application data is released only to sessions of authorized users. We have implemented Silver- Line on Linux; our implementation demonstrates that SilverLine can protect a PHP-based Web application from many of the most common server-side Web application attacks, with only minor modifications and reasonable performance cost.
Author(s):
Yogesh Mundada
Georgia Tech
United States
Anirudh Ramachandran
Nouvou
United States
Nick Feamster
Georgia Tech
United States