YoVDO

STORM - Refinement Types for Secure Web Applications

Offered By: USENIX via YouTube

Tags

OSDI (Operating Systems Design and Implementation) Courses Web Development Courses Formal Verification Courses Security Policies Courses

Course Description

Overview

Explore a conference talk on STORM, a web framework that enables developers to build MVC applications with compile-time enforcement of centrally specified data-dependent security policies. Learn how STORM utilizes a Security Typed ORM to refine abstractions in each layer of the MVC API, ensuring security through logical assertions. Discover the framework's ability to specify diverse policies while centralizing trusted code to less than 1% of the application, and how it statically enforces security with minimal type annotation overhead and no runtime cost. Gain insights into the formally verified reference implementation using the Labeled IO (LIO) IFC framework, and examine case studies and end-to-end applications demonstrating STORM's effectiveness in web application security.

Syllabus

OSDI '21 - STORM: Refinement Types for Secure Web Applications


Taught by

USENIX

Related Courses

Software as a Service
University of California, Berkeley via Coursera Intro to Computer Science
University of Virginia via Udacity Web Development
Udacity Software Engineering for SaaS
University of California, Berkeley via Coursera CS50's Introduction to Computer Science
Harvard University via edX