Overview
Explore a cutting-edge approach to web application security in this IEEE conference talk. Dive into Verena, an innovative web application platform that provides end-to-end integrity protection against attackers with full access to web and database servers. Learn how Verena enables client-side verification of web page integrity by verifying server-side query results. Discover the platform's strong integrity properties, including freshness, completeness, and correctness for common database queries. Understand the concept of trust contexts and how developers can leverage them to specify and enforce integrity policies efficiently. Examine the implementation of Verena on the Meteor framework and its potential to support real-world applications with minimal overhead. Gain valuable insights into enhancing web application security, particularly for sensitive domains like medical web applications where data integrity is crucial for user safety and decision-making processes.
Syllabus
Verena: End-to-End Integrity Protection for Web Applications
Taught by
IEEE Symposium on Security and Privacy