• Login
    View Item 
    •   Home
    • Research Publications
    • Engineering & Technology
    • Department of Electronics, Computing & Maths
    • View Item
    •   Home
    • Research Publications
    • Engineering & Technology
    • Department of Electronics, Computing & Maths
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Browse

    All of UDORACommunitiesTitleAuthorsIssue DateSubmit DateSubjectsThis CollectionTitleAuthorsIssue DateSubmit DateSubjects

    My Account

    LoginRegister

    About and further information

    AboutOpen Access WebpagesOpen Access PolicyTake Down Policy University Privacy NoticeUniversity NewsTools for ResearchersLibraryUDo

    Statistics

    Display statistics

    SafeWeb: a Middleware for securing Ruby-based web applications

    • CSV
    • RefMan
    • EndNote
    • BibTex
    • RefWorks
    Thumbnail
    Name:
    mw11-safeweb.pdf
    Size:
    517.0Kb
    Format:
    PDF
    Description:
    Post-print
    Download
    Authors
    Hosek, Petr
    Migliavacca, Matteo
    Papagiannis, Ioannis
    Eyers, David M.
    Evans, David
    Shand, Brian
    Bacon, Jean
    Pietzuch, Peter
    Affiliation
    Imperial College London
    University of Cambridge
    ECRIC, National Health Service
    University of Otago
    Issue Date
    2011-12-12
    
    Metadata
    Show full item record
    Abstract
    Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties. Currently, software bugs may lead to irreversible disclosure of confidential data in multi-tier web applications. An open challenge is how developers can guarantee these web applications only ever release sensitive data to authorised users without costly, recurring security audits. Our solution is to provide a trusted middleware that acts as a “safety net” to event-based enterprise web applications by preventing harmful data disclosure before it happens. We describe the design and implementation of SafeWeb, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing. For efficiency, maintainability and ease-of-use, SafeWeb exploits the dynamic features of the Ruby programming lan- guage to achieve label propagation and data flow enforcement. We evaluate SafeWeb by reporting our experience of implementing a web-based cancer treatment application and deploying it as part of the UK National Health Service (NHS).
    Citation
    Petr Hosek, Matteo Migliavacca, Ioannis Papagiannis, David M. Eyers, David Evans, Brian Shand, Jean Bacon, and Peter Pietzuch. 2011. SafeWeb: a middleware for securing ruby-based web applications. In Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware (Middleware'11), Fabio Kon and Anne-Marie Kermarrec (Eds.). Springer-Verlag, Berlin, Heidelberg, 491-511. DOI=10.1007/978-3-642-25821-3_25 http://dx.doi.org/10.1007/978-3-642-25821-3_25
    Publisher
    Springer
    Journal
    ACM/IFIP/USENIX 12th International Middleware Conference, Lisbon, Portugal, December 12-16, 2011. Proceedings
    URI
    http://hdl.handle.net/10545/304942
    DOI
    10.1007/978-3-642-25821-3_25
    Type
    Article
    Language
    en
    ae974a485f413a2113503eed53cd6c53
    10.1007/978-3-642-25821-3_25
    Scopus Count
    Collections
    Department of Electronics, Computing & Maths

    entitlement

     
    DSpace software (copyright © 2002 - 2021)  DuraSpace
    Quick Guide | Contact Us
    Open Repository is a service operated by 
    Atmire NV
     

    Export search results

    The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

    By default, clicking on the export buttons will result in a download of the allowed maximum amount of items.

    To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

    After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.