Annual Computer Security Applications Conference (ACSAC) 2013

Full Program »

SilverLine: Preventing Data Leaks from Compromised Web Applications

Web applications are vulnerable to server-side data leaks, and securing sensitive data from Web applications without impos- ing unreasonable performance overheads or rewriting existing applications is challenging. We present the design and implementation of SilverLine, a system that prevents data leaks from compromised Web applications. SilverLine associates a user to each Web session and taints to each file and database record; it then applies information-flow tracking to the data associated with each session to ensure that application data is released only to sessions of authorized users. We have implemented Silver- Line on Linux; our implementation demonstrates that SilverLine can protect a PHP-based Web application from many of the most common server-side Web application attacks, with only minor modifications and reasonable performance cost.

Author(s):

Yogesh Mundada    
Georgia Tech
United States

Anirudh Ramachandran    
Nouvou
United States

Nick Feamster    
Georgia Tech
United States

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC