Tools and Techniques to Improve the Granularity and Usability of Web Application Debloating
Sponsor: Office of Naval Research (ONR)
Award Number: AWD00035884
PI: Adam Doupe
Co-Is/Co-PIs: Manuel Egele, Nick Nikiforakis, Alexandros Kapravelos
Abstract:Modern web applications are the cornerstone of much of our online life. Unfortunately, web applications are a complex mix of different technology stacks (e.g., HTML, JavaScript, and PHP), and this complexity breeds security vulnerabilities that allow an adversary to launch successful attacks. Thus, we require new approaches and techniques to tame the complexity that seems inherent to web applications. Building on the success and impact of our existing XS-SHREDDER efforts, the project proposed herein will research and develop novel, complementary, and synergistic capabilities that will improve the result and applicability of debloating to all layers of the web-application stack. These results will be demonstrated with proof-of-concept prototypes that we will quantitatively evaluate based on the reduction of code and known vulnerabilities. At the same time these prototypes should facilitate easy transition to customers within the Navy and beyond