TC: Small: Runtime and Static Analysis for Web Application Security
University Of California-Davis, Davis CA
Investigators
Abstract
Web applications are prevalent and enable much of today's online business including banking, shopping, university admissions, and various governmental activities. However, the quality of such applications is usually low, and they are increasingly popular targets for attack. This project aims at developing practical testing and analysis mechanisms and tools to secure web applications. In particular, it focuses on developing novel, principled techniques to address the following research issues: (1) how to formalize security threats in web applications; (2) how to provide runtime security for deployed applications via dynamic monitoring; and (3) how to provide static security enforcement during application development and testing. The project is interdisciplinary, touching upon a number of requisite areas including computer security, software engineering, and programming languages. It has the potential to advance knowledge in each of these disciplines with novel formulations of security requirements, systems concepts, and advanced testing and analysis techniques. The project also has the potential for significant industrial and societal impact. Through the proposed research, education, and outreach activities, the project will empower web application developers with the knowledge, methodologies, and development tools to build secure web applications. Testing and analysis tools developed in the project will also be distributed to other institutions and the industry for teaching, research, and experimental evaluation.
View original record on NSF Award Search →