| dc.contributor.advisor | Nickolai Zeldovich. | en_US |
| dc.contributor.author | Stark, Emily (Emily Margarete) | en_US |
| dc.contributor.other | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. | en_US |
| dc.date.accessioned | 2013-11-18T19:16:15Z | |
| dc.date.available | 2013-11-18T19:16:15Z | |
| dc.date.copyright | 2013 | en_US |
| dc.date.issued | 2013 | en_US |
| dc.identifier.uri | http://hdl.handle.net/1721.1/82382 | |
| dc.description | Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2013. | en_US |
| dc.description | Cataloged from PDF version of thesis. | en_US |
| dc.description | Includes bibliographical references (p. 53-55). | en_US |
| dc.description.abstract | This thesis presents an approach for designing secure web applications that use client-side encryption to keep user data private in the face of arbitrary web server compromises, as well as a set of tools, called CryptFrame, that makes it easier to build such applications. Crypt- Frame allows developers to encrypt and decrypt confidential data in the user's browser. To ensure an adversary cannot gain access to the decryption keys or plaintext data, CryptFrame provides a browser extension that stores the keys and allows only sensitive regions in the web page to access them. CryptFrame performs templatized verification of sensitive regions to grant small amounts of trusted client-side code access to plaintext data in the browser. Finally, CryptFrame provides a principal graph to help users safely change permissions on shared data in the presence of active adversaries. We use CryptFrame to modify several existing Django-based applications, requiring few source code modifications and incurring moderate performance overhead. | en_US |
| dc.description.statementofresponsibility | by Emily Stark. | en_US |
| dc.format.extent | 55 p. | en_US |
| dc.language.iso | eng | en_US |
| dc.publisher | Massachusetts Institute of Technology | en_US |
| dc.rights | M.I.T. theses are protected by
copyright. They may be viewed from this source for any purpose, but
reproduction or distribution in any format is prohibited without written
permission. See provided URL for inquiries about permission. | en_US |
| dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | en_US |
| dc.subject | Electrical Engineering and Computer Science. | en_US |
| dc.title | From client-side encryption to secure web applications | en_US |
| dc.type | Thesis | en_US |
| dc.description.degree | S.M. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | |
| dc.identifier.oclc | 862075374 | en_US |
