WEBLOG: a declarative language for secure web development

Authors:
Timothy L. Hinrichs;Daniele Rossetti;Gabriele Petronella;V. N. Venkatakrishnan;A. Prasad Sistla;Lenore D. Zuck
Affiliations:
University of Illinois at Chicago, Chicago, IL, USA;University of Illinois at Chicago, Chicago, IL, USA;University of Illinois at Chicago, Chicago, IL, USA;University of Illinois at Chicago, Chicago, IL, USA;University of Illinois at Chicago, Chicago, IL, USA;University of Illinois at Chicago, Chicago, IL, USA
Venue:
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Year:
2013

Citing 17
Cited 0

A relational model of data for large shared data banks

Communications of the ACM
Foundations of Databases: The Logical Level

Foundations of Databases: The Logical Level
Declarative specification of Web sites with S

The VLDB Journal — The International Journal on Very Large Data Bases
Hilda: A High-Level Language for Data-DrivenWeb Applications

ICDE '06 Proceedings of the 22nd International Conference on Data Engineering
Secure web applications via automatic partitioning

Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
SIF: enforcing confidentiality and integrity in web applications

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Cross-tier, label-based security enforcement for web applications

Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
Improving application security with data flow assertions

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Fine-grained privilege separation for web applications

Proceedings of the 19th international conference on World wide web
Dartmouth internet security testbed (DIST: building a campus-wide wireless testbed

CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
SVC: selector-based view composition for web frameworks

WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications

Proceedings of the 17th ACM conference on Computer and communications security
Static checking of dynamically-varying security policies in database-backed applications

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction

Proceedings of the 18th ACM conference on Computer and communications security
Context-sensitive auto-sanitization in web templating languages using type qualifiers

Proceedings of the 18th ACM conference on Computer and communications security
An ER-based framework for declarative web programming

PADL'10 Proceedings of the 12th international conference on Practical Aspects of Declarative Languages
SAFE extensibility of data-driven web applications

Proceedings of the 21st international conference on World Wide Web

Quantified Score

Hi-index	0.00

Visualization

Abstract

WEBLOG is a declarative language for web application development designed to automatically eliminate several security vulnerabilities common to today's web applications. In this paper, we introduce Weblog, detail the security vulnerabilities it eliminates, and discuss how those vulnerabilities are eliminated. We then evaluate Weblog's ability to build and secure real-world applications by comparing traditional implementations of 3 existing small- to medium-size web applications to Weblog implementations.