TC: Medium: Collaborative Research: Next-Generation Infrastructure for Trustworthy Web Applications

TC：媒介：协作研究：值得信赖的 Web 应用程序的下一代基础设施

• 批准号: 0905650
• 负责人: Cormac Flanagan
• 金额: $ 30万
• 依托单位: University of California-Santa Cruz
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-01 至 2012-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0905650&HistoricalAwards=false
• 关键词: TC; Medium; Collaborative; Research; Next

Many services traditionally performed by stand-alone programs running on desktop computers are being migrated to ?Web 2.0? applications, remote services that reside ?in the cloud? and are that accessed through a browser. This migration process offers a unique opportunity to re-engineer the way that software is constructed, adding some extra capabilities that reduce the vulnerability of the global information infrastructure to problems such as viruses, cyber-attacks, loss of privacy, and integrity violations. With this goal in mind, this project designs and implements a next-generation infrastructure for trustworthy web applications. It evolves the existing Web 2.0 technologies into a more trustworthy ?Web 2.Sec? version by introducing information-labeling and strong information-flow controls pervasively at the service provider, at the user?s end, and on all paths in between. A key feature of the new Web 2.Sec architecture is that all application programs are executed on top of a virtual machine (VM) rather than directly on physical hardware. Hence the VM retains full control over the data at all times, allowing it to enforce information-flow policies that guarantee confidentiality and integrity. Even a malicious or faulty program running on top of the Web 2.Sec VM cannot cause any action that would violate these policies. A strong educational component involving both graduate and undergraduate students rounds off the project.

许多传统上由运行在台式计算机上的独立程序执行的服务正在迁移到？Web 2.0？应用程序、远程服务驻留？在云？并且通过浏览器访问。这一迁移过程提供了一个独特的机会，可以重新设计软件的构建方式，增加一些额外的功能，减少全球信息基础设施对病毒、网络攻击、隐私丢失和完整性侵犯等问题的脆弱性。考虑到这一目标，该项目设计和实现了一个下一代的基础设施，值得信赖的Web应用程序。它将现有的Web 2.0技术演变成一个更值得信赖的？Web 2.Sec？版本通过引入信息标签和强大的信息流控制普遍在服务提供商，在用户？的结束，并在所有路径之间。新的Web 2.Sec架构的一个关键特性是，所有应用程序都在虚拟机（VM）上执行，而不是直接在物理硬件上执行。因此，虚拟机始终保持对数据的完全控制，允许它实施信息流策略，以保证一致性和完整性。即使是在Web 2.Sec VM上运行的恶意或错误程序也无法导致任何违反这些策略的操作。一个强大的教育组成部分，涉及研究生和本科生圆满结束了该项目。