Computer science professors (left - right) R. Sekar, Scott Stoller, and I.V. Ramakrishnan
The National Science Foundation (NSF) has awarded over $1 million in funding to R. Sekar, Scott Stoller and IV Ramakrishnan for their project, WebSheets: A New Privacy-Centric Framework for Web Applications. This project will develop a novel formulation of spreadsheets for privacy-centric web applications that are centered around sensitive, tabular data. The key innovation of WebSheets is that each data table is paired with a permission table. Using familiar spreadsheet formulas in permission tables, data owners can associate expressive fine-grained access policies with their data. By automatically filtering out inaccessible rows and columns, WebSheets presents user-customized views that are the hallmark of many web applications.
Web application vulnerabilities have been the dominant cause of data breaches in recent years. As defenses against lower-level vulnerabilities have come to be widely deployed, attackers are targeting higher-level errors in today’s web applications, specifically, missing or incorrectly implemented access policies. WebSheets addresses this problem by having data owners directly express their privacy and security requirements in a user-friendly policy language, automatically generating the correct code for globally enforcing these policies, and using least- privilege evaluation to limit the damage from any remaining vulnerabilities. Effectiveness of WebSheets will be evaluated through user studies. To follow project results that will be disseminated via publications and open-source software, visit http://seclab.cs.stonybrook.edu/