Integrity and confidentiality for web application code execution in untrusted clients

Examensarbete för masterexamen

Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.12380/252354
Download file(s):
File Description SizeFormat 
252354.pdfFulltext6.81 MBAdobe PDFView/Open
Type: Examensarbete för masterexamen
Master Thesis
Title: Integrity and confidentiality for web application code execution in untrusted clients
Authors: Fernandez, Asier Rivera
Abstract: The world-wide used web application services are crucial in today’s life style and economics. However, the lack of data and execution monitoring features in web applications lead to a point in which the server can no longer trust the executions done within the client-side device. To avoid risks, developers limit the execution in the client-side devices which increases the work done by the servers. In order to promote a trust relation, we propose a solution based on Intel’s SGX technology that would allow the server to delegate the execution of web application functions in the client-side device with strong security guarantees. In order to do so, we developed a prototype called SecureJS that, first, is able to interact with the web-page submitted by the server to make the delegated code reach the native application that can run a SGX enclave, and second, is able to run the delegated code within the enclave, which offers a secure and isolated execution environment. In addition, the solution also provides remote attestation for both the correctness of the code execution and the input and output data. The results show that the prototype increases the execution time compared to the actual state of art in JavaScript code execution, Google’s V8 engine. On the other hand, the memory usage is reduced in the server side compared to the usage of NodeJS and the delegated execution to the client-side device results in reasonable memory consumption. In conclusion, SecureJS can trigger a new area of possibilities within web application services by increasing the security guarantees and balancing the actual workload state.
Keywords: Data- och informationsvetenskap;Computer and Information Science
Issue Date: 2017
Publisher: Chalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)
Chalmers University of Technology / Department of Computer Science and Engineering (Chalmers)
URI: https://hdl.handle.net/20.500.12380/252354
Collection:Examensarbeten för masterexamen // Master Theses



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.