YoVDO

STORM - Refinement Types for Secure Web Applications

Offered By: USENIX via YouTube

Tags

OSDI (Operating Systems Design and Implementation) Courses Web Development Courses Formal Verification Courses Security Policies Courses

Course Description

Overview

Explore a conference talk on STORM, a web framework that enables developers to build MVC applications with compile-time enforcement of centrally specified data-dependent security policies. Learn how STORM utilizes a Security Typed ORM to refine abstractions in each layer of the MVC API, ensuring security through logical assertions. Discover the framework's ability to specify diverse policies while centralizing trusted code to less than 1% of the application, and how it statically enforces security with minimal type annotation overhead and no runtime cost. Gain insights into the formally verified reference implementation using the Labeled IO (LIO) IFC framework, and examine case studies and end-to-end applications demonstrating STORM's effectiveness in web application security.

Syllabus

OSDI '21 - STORM: Refinement Types for Secure Web Applications


Taught by

USENIX

Related Courses

Secure Networked System with Firewall and IDS
University of Colorado System via Coursera Introduction to Cyber Security
Uttarakhand Open University, Haldwani via Swayam Preparing for the Google Cloud Professional Data Engineer Exam 日本語版
Google Cloud via Coursera Jump Start: Maestro Hyperscale Network Security
Checkpoint via edX Information Security - Introduction to Information Security
New York University (NYU) via edX