Logo of the University of Passau
Information for... Faculties & facilities
Support Login
Chair of IT Security
Chair of IT Security

WEBSAND

Server-driven Outbound Web-application Sandboxing

Logo Websand

Since its birth in 1990, the Web has evolved from a simple, stateless delivery mechanism for static hypertext documents to a fully-edged run-time environment for distributed, multi-party applications. Security becomes increasingly important in this context, but is typically only an afterthought in this process. The next wave, the Future Internet, will continue to rely on the same web application technology, while adopting more p2p and mashup-style approaches. Today's server-centric solutions will give way to a rich and stateful client-centric paradigm with even less manageable security and even more severe threats to the web-based economy of the Future Internet. Data and services from multiple heterogeneous domains, aggregated both on the server-side and on an end-user's client, demand for a novel, comprehensive security solution that increases the user's trust into the technological infrastructure.

WebSand tackles this demand by departing from the observation that security should be server-driven. Even though security preferences from end-users at the client-side have to be taken into account, only the service developers at the server-side have the necessary expertise and context information to define the policies to be enforced. Moreover, server-driven security can be deployed relatively easily, since much can be achieved without updating the client-side platform.

Main WebSand Objectives

In the course of WebSand, a framework is developed that consists of four major building blocks:

  1. a secure interaction model, that allows explicit and fine-grained control concerning incoming Web communication,
  2. methods for secure end-to-end information flow control, to enforce confidentiality and integrity properties,
  3. behavioral sandbox environments for secure client-side and server-side composition of multi-origin components, and
  4. a declarative and expressive policy description mechanism that ties the individual components together into a unified security architecture spanning client and server.

Role of Uni Passau in WebSand

Our chair

  • leads the work package on secure interaction models (WP2),
  • contributes to the requirements of the WebSand policy language,
  • leads the activities concerning integrity requirements of intended control flow and the development of the central enforcement mechanism,
  • participates in the enforcement of information-flow policies, with particular focus on synergy between server-side and client-side enforcement,
  • explores code rewriting techniques, and
  • hosts and maintains the the central integration lab.

Project Members

Contact

itsec-office@uni-passau.de

Partners

SAP AG
Katholieke Universiteit Leuven
Chalmers Tekniska Högskola
Siemens AG.

Last updated: | Page ID: 19642
Share page
Print page
I agree that a connection to the Vimeo server will be established when the video is played and that personal data (e.g. your IP address) will be transmitted.
I agree that a connection to the YouTube server will be established when the video is played and that personal data (e.g. your IP address) will be transmitted.
Show video