1887

Abstract

Abstract

In 2009, Carnegie Mellon Qatar, Qatar University, Texas A&M Qatar and IBM launched a joint research project on cloud computing. Cloud computing is a computing paradigm in which the computing resources, the software and the data are made available to the users as a service through the internet. In this paradigm, the software is no longer a standalone application installed on the user's platform, but resides on one or several servers. For instance, Google Docs is an office suite (word processor, spreadsheet and presentation) that can be used through a web browser. This new kind of application is a radical shift in the way we design, implement and deploy software. In this context, ensuring security becomes critical since a vulnerability in a cloud-based application may exposed data of all users using the service. Yet, developing secure cloud applications is complex because programmers are required to reason about distributed computation and to write code using heterogeneous languages, often not originally designed with distributed computing in mind. Testing is the common way to catch bugs and vulnerabilities as current technologies provide limited support. There are doubts this can scale up to meet the expectations of more sophisticated cloud-based applications. In this project, we have designed a type-safe programming language called “Qwesst”. We used it to express interaction patterns commonly found in distributed applications that go beyond current technologies. This language prevents the programmer from writing unsafe code that can lead to a cross site scripting attack, also called XSS attacks. An XSS attack enables an attacker to inject JavaScript code into a webpage. This is a severe vulnerability that has become the most widespread security breach in web-based applications. In the future, we plan to extend the language with new security features that will allow the programmer to control data dissemination and information flow.

Loading

Article metrics loading...

/content/papers/10.5339/qfarf.2010.CSO6
2010-12-13
2024-03-28
Loading full text...

Full text loading...

References

  1. T. Sans, I. Cervesato, Designing a new programming language for building secure cloud computing-based applications, QFARF Proceedings, 2010, CSO6.
    [Google Scholar]
http://instance.metastore.ingenta.com/content/papers/10.5339/qfarf.2010.CSO6
Loading
This is a required field
Please enter a valid email address
Approval was a Success
Invalid data
An Error Occurred
Approval was partially successful, following selected items could not be processed due to error