Server-driven Outbound Web-application Sandboxing (WebSand)
The Web has evolved from a simple, stateless delivery mechanism for static hypertext documents to a fully-edged run-time environment for distributed, multi-party applications. The next wave of Web applications will adopt even more p2p and mashup-style approaches. Today's server-centric solutions will give way to a rich and stateful client-centric paradigm. The result will be even less manageable security and even more severe threats to the web-based economy of the Future Internet. Data and services from multiple heterogeneous domains, aggregated both on the server-side and on an end-user's client, demand a novel, comprehensive security solution, addressing the fundamental security requirements of the Future Internet, and thereby increasing the user's trust into the technological infrastructure.
WebSand addresses this problem by shifting focus from work on low-level vulnerabilities towards tackling security at a higher level of abstraction. WebSand starts from the observation that security should be server-driven. Even though security preferences from end-users at the client-side have to be taken into account, only the service developers at the server-side have the necessary expertise and context information to dene the policies to be enforced. Moreover, server-driven security can be deployed relatively easily, since much can be achieved without updating the client-side platform. The WebSand framework consists of four major building blocks that aim at increasing the ICT infrastructure's trustworthiness:
(1) a secure interaction model, that allows explicit and fine-grained control concerning incoming Web communication,
(2) methods for secure end-to-end information ow control, to enforce condentiality and integrity properties,
(3) behavioral sandbox environments for secure client-side and server-side composition of multi-origin components, and
(4) a declarative and expressive policy description mechanism that ties the individual components together into a unied security architecture spanning client and server.
WebSand outcomes are envisioned to be taken up first by the project's industrial partners and made available to their global user base. In a second step, this stir will move the competition, realising a wider uptake beyond the project's set up. Other dissemination channels encompass scientic and standardisation bodies.