Integrity and confidentiality for web application code execution in untrusted clients
| dc.contributor.author | Fernandez, Asier Rivera | |
| dc.contributor.department | Chalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers) | sv |
| dc.contributor.department | Chalmers University of Technology / Department of Computer Science and Engineering (Chalmers) | en |
| dc.date.accessioned | 2019-07-03T14:38:28Z | |
| dc.date.available | 2019-07-03T14:38:28Z | |
| dc.date.issued | 2017 | |
| dc.description.abstract | The world-wide used web application services are crucial in today’s life style and economics. However, the lack of data and execution monitoring features in web applications lead to a point in which the server can no longer trust the executions done within the client-side device. To avoid risks, developers limit the execution in the client-side devices which increases the work done by the servers. In order to promote a trust relation, we propose a solution based on Intel’s SGX technology that would allow the server to delegate the execution of web application functions in the client-side device with strong security guarantees. In order to do so, we developed a prototype called SecureJS that, first, is able to interact with the web-page submitted by the server to make the delegated code reach the native application that can run a SGX enclave, and second, is able to run the delegated code within the enclave, which offers a secure and isolated execution environment. In addition, the solution also provides remote attestation for both the correctness of the code execution and the input and output data. The results show that the prototype increases the execution time compared to the actual state of art in JavaScript code execution, Google’s V8 engine. On the other hand, the memory usage is reduced in the server side compared to the usage of NodeJS and the delegated execution to the client-side device results in reasonable memory consumption. In conclusion, SecureJS can trigger a new area of possibilities within web application services by increasing the security guarantees and balancing the actual workload state. | |
| dc.identifier.uri | https://hdl.handle.net/20.500.12380/252354 | |
| dc.language.iso | eng | |
| dc.setspec.uppsok | Technology | |
| dc.subject | Data- och informationsvetenskap | |
| dc.subject | Computer and Information Science | |
| dc.title | Integrity and confidentiality for web application code execution in untrusted clients | |
| dc.type.degree | Examensarbete för masterexamen | sv |
| dc.type.degree | Master Thesis | en |
| dc.type.uppsok | H | |
| local.programme | Computer systems and networks (MPCSN), MSc |
Ladda ner
Original bundle
1 - 1 av 1
Hämtar...
- Namn:
- 252354.pdf
- Storlek:
- 6.65 MB
- Format:
- Adobe Portable Document Format
- Beskrivning:
- Fulltext