A survey on Information Flow Control mechanisms in web applications | IEEE Conference Publication | IEEE Xplore

A survey on Information Flow Control mechanisms in web applications


Abstract:

Web applications are nowadays ubiquitous channels that provide access to valuable information. However, web application security remains problematic, with Information Lea...Show More

Abstract:

Web applications are nowadays ubiquitous channels that provide access to valuable information. However, web application security remains problematic, with Information Leakage, Cross-Site Scripting and SQL-Injection vulnerabilities - which all present threats to information - standing among the most common ones. On the other hand, Information Flow Control is a mature and well-studied area, providing techniques to ensure the confidentiality and integrity of information. Thus, numerous works were made proposing the use of these techniques to improve web application security. This paper provides a survey on some of these works that propose server-side only mechanisms, which operate in association with standard browsers. It also provides a brief overview of the information flow control techniques themselves. At the end, we draw a comparative scenario between the surveyed works, highlighting the environments for which they were designed and the security guarantees they provide, also suggesting directions in which they may evolve.
Date of Conference: 20-24 July 2015
Date Added to IEEE Xplore: 03 September 2015
ISBN Information:
Conference Location: Amsterdam, Netherlands

References

References is not available for this document.