SAFE extensibility of data-driven web applications

Reischuk, Raphael M.; Backes, Michael; Gehrke, Johannes

doi:10.1145/2187836.2187944

Cited by 6 publications

(7 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This section recaps the main features of the SAFE framework [1,2] for the development of secure Web applications with automatic state consistency and safe extensibility. SAFE provides a hierarchical programming model which naturally builds upon the hierarchical DOM structure of Web pages.…”

Section: Safementioning

confidence: 99%

DEMO: Secure and customizable web development in the safe activation framework

Reischuk

Schröder

Gehrke

2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

Self Cite

View full text Add to dashboard Cite

We propose a demonstration of SAFE with some of its newest security features. SAFE is a framework for modern Web application development with automated state consistency, enforced security at various levels, and design for Web personalization and extensibility.With the emerging complexity in (extensible) data-driven Web application development, in particular in terms of consistent data management with multiple clients (many Facebook users), ownership preservation (various Facebook user items with individual intellectual property), and data privacy (sensitive Facebook user data), we believe a demo of a comprehensive data-centric and secure Web application framework with declarative specifications for many modern Web features will be of considerable interest to the security community. In particular, we think it is interesting to see a demonstration of how fast and how intuitive the secure customization of a true multi-tier Web application can be.

show abstract

Section: Safementioning

confidence: 99%

DEMO: Secure and customizable web development in the safe activation framework

Reischuk

Schröder

Gehrke

2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

Self Cite

View full text Add to dashboard Cite

show abstract

“…More akin with the OP vision is SAFE [13] an architecture of Web Application extensibility aimed at permitting users to personalize websites. SAFE is based on a hierarchical programming model based on f-units (the component model).…”

Section: Related Workmentioning

confidence: 99%

Opening Personalization to Partners: An Architecture of Participation for Websites

Arellano

Díaz

Iturrioz

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Open innovation and collaborative development are attracting considerable attention as new software construction models. Traditionally, website code is a "wall garden" hidden from partners. In the other extreme, you can move to open source where the entirety of the code is disclosed. A middle way is to expose just those parts where collaboration might report the highest benefits. Personalization can be one of those parts. Partners might be better positioned to foresee new ways to adapt/extend your website based on their own resources and knowledge of their customer base. We coin the term "Open Personalization" to refer to those practises and architectures that permit partners to inject their own personalization rules. We identify four main requirements for OP architectures, namely, resilience (i.e. partner rules should be sheltered from website upgrades, and vice versa), affordability (easy contribution), hot deployment (anytime rule addition), and scalability. The paper shows the approach's feasibility using .NET.

show abstract

“…Today's Web 2.0 users wish to personalize their devices and applications -from minorly invasive customizations (such as changing the visual appearance) to functionality-extending changes that constitute true forms of extensibility. Not only smartphones, tablets, and browsers are in focus of personalization, but also existing RIAs should be customizable -and even extensible -in previously unforeseen directions [3,31,12,34,15,18,22,17].…”

Section: Introductionmentioning

confidence: 99%

“…(C3) Implementation. We have implemented our new extensibility mechanisms in [31], which is a suitable choice for our methodologies since the framework originally laid the foundation for subsequent extensions towards secure extensibility. However, the existing extensibility mechanisms had some architectural drawbacks, e.g., all application data was globally managed by a centralized and trusted entity that enforces access control policies over the data.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Balancing Isolation and Sharing of Data in Third-Party Extensible App Ecosystems

Schröder

Reischuk

Gehrke

2015

Engineering the Web in the Big Data Era

Self Cite

View full text Add to dashboard Cite

In the landscape of application ecosystems, today's cloud users wish to personalize not only their browsers with various extensions or their smartphones with various applications, but also the various extensions and applications themselves. The resulting personalization significantly raises the attractiveness for typical Web 2.0 users, but gives rise to various security risks and privacy concerns, such as unforeseen access to certain critical components, undesired information flow of personal information to untrusted applications, or emerging attack surfaces that were not possible before a personalization has taken place. In this paper, we propose a novel extensibility mechanism to implement personalization of existing cloud applications towards (possibly untrusted) components in a secure and privacy-friendly manner. Our model provides a clean component abstraction, thereby in particular ruling out undesired component accesses and ensuring that no undesired information flow takes place between application components -either trusted from the base application or untrusted from various extensions. We then instantiate our model in the SAFE web application framework (WWW 2012), resulting in a novel methodology that is inspired by traditional access control and specifically designed for the newly emerging needs of extensibility in application ecosystems. We illustrate the convenient usage of our techniques by showing how to securely extend an existing social network application.

show abstract

SAFE extensibility of data-driven web applications

Cited by 6 publications

References 9 publications

DEMO: Secure and customizable web development in the safe activation framework

DEMO: Secure and customizable web development in the safe activation framework

Opening Personalization to Partners: An Architecture of Participation for Websites

Balancing Isolation and Sharing of Data in Third-Party Extensible App Ecosystems

Contact Info

Product

Resources

About