자료유형  

 학위논문

Control Number  

0017164180

International Standard Book Number  

9798346759294

Dewey Decimal Classification Number  

004

Main Entry-Personal Name  

Tan, Yue.

Publication, Distribution, etc. (Imprint  

[S.l.] : Princeton University., 2024

Publication, Distribution, etc. (Imprint  

Ann Arbor : ProQuest Dissertations & Theses, 2024

Physical Description  

95 p.

General Note  

Source: Dissertations Abstracts International, Volume: 86-06, Section: B.

General Note  

Advisor: Levy, Amit.

Dissertation Note  

Thesis (Ph.D.)--Princeton University, 2024.

Summary, Etc.  

요약Modern web applications have evolved into intricate networks of micro-applications, posing challenges in securing user data and preserving privacy. In the current approach, developers scatter authorization checks throughout the code, relying on them to secure all data paths that may emerge during runtime, often without real guarantees. This method imposes a heavy burden on developers to write secure code and poses significant risks on privacy, especially when development priorities focus on application features and user experience.To address these issues, this dissertation advocates for a different architecture where no code is trusted to be secure, and the underlying system enforces end-to-end, high-level policies for individual data objects.We designed Faasten, an architecture and implementation for securing cloud-based web applications. Faasten includes a decentralized information flow control (DIFC) model and a Function-as-a-Service-inspired system interface that implements this model. The design offers developers built-in noninterference and only requires them to configure policies for individual data objects and privileges for individual cloud functions. For privilege configuration, the design also facilitates easy privilege separation and promotes the principle of least privilege. Faasten is language-agnostic and can secure legacy code, such as image processing libraries commonly used in web applications. We provide an informal proof demonstrating that the interface ensures noninterference and showcase the benefits of Faasten through three representative cloud applications. Additionally, we show that Faasten introduces negligible latencies in doing information flow control and minimal policy storage costs.

Subject Added Entry-Topical Term  

Computer science.

Subject Added Entry-Topical Term  

Computer engineering.

Index Term-Uncontrolled  

Cloud computing

Index Term-Uncontrolled  

Information flow control

Index Term-Uncontrolled  

Systems security

Added Entry-Corporate Name  

Princeton University Computer Science

Host Item Entry  

Dissertations Abstracts International. 86-06B.

Electronic Location and Access  

로그인을 한후 보실 수 있는 자료입니다.

Control Number  

joongbu:658599