Loading…
Loading grant details…
| Funder | Swedish Research Council |
|---|---|
| Recipient Organization | Kth, Royal Institute of Technology |
| Country | Sweden |
| Start Date | Jan 01, 2023 |
| End Date | Dec 31, 2026 |
| Duration | 1,460 days |
| Number of Grantees | 1 |
| Roles | Principal Investigator |
| Data Source | Swedish Research Council |
| Grant ID | 2022-04102_VR |
It is no surprise that web applications are a key enabler for IT infrastructures andaverage users´ daily tasks, ranging from online banking to healthcare.
These applications have access to a wealth of sensitive information, making them a target for attacks.The last decade has seen a proliferation of code reuse attacks in the context of web applications.
These attacks stem from injection vulnerabolities enabling attacker-controlled data to abuse legitimate code within an application´s codebase to execute code chains that perform malicious computations, notably remote code execution, on the attacker´s behalf.
Two prime examples of code reuse attacks are insecure deserialization and prototype pollution, affecting languages server-side languages like Java and .NET,and client-side languages like JavaScript.
While there is anecdotal evidence that the attackslead to remote code execution, current research only scratchs the surface of this improtant securityproblem.
This is unsatisfactory because high-profile attacks such as Equifax and SolarWinds are rooted invulnerabilities pertaining to code reuse attacks.WebInspector sets out to study the challenge of code reuse attacks in its entirety, from the formal securityfoundations to real-world large-scale experiments.
WebInspector has the ambition to enable principled in-depth studies of code reuse vulnerabilities and development of effective methods and tool support for developers to identify, visualize, and explore these attacks.
Kth, Royal Institute of Technology
Complete our application form to express your interest and we'll guide you through the process.
Apply for This Grant