CSC News

XS-Shredder Project Receives $300k Award for Removing Code Bloat in Web Applications

Alexandros Kapravelos, Assistant Professor in the Department of Computer Science at NC State, has been awarded $300,000 by Arizona State University via Office of Naval Research.  This award, which runs from August 1, 2017 to June 30, 2019, will support his research proposal entitled “XS-Shredder: A Cross-Layer Framework for Removing Code Bloat in Web Applications”.

The total amount funded for this project is $1,230,547.  It is a collaboration between Kapravelos and Adam Doupe (Arizona State University), Manuel Egele (Boston University), and Nick Nikiforakis (Stony Brook University).  The research will help to reduce attack surface in today’s modern day web applications so that web developers can write their applications at a much faster pace.

Abstract:  Modern web applications are incredibly complex pieces of software, with frameworks and libraries that assist web developers to write their applications quickly. However, these frameworks and libraries increase the attack surface of the web application. In this proposal, we present the design of a framework, called XS-Shredder, which is able to debloat all layers of the web application software stack: client-side code, server-side code, database, and operating system. This framework will perform analysis inter- and intra-layer, ultimately resulting in a web application that is semantically identically, yet with a significantly reduced attack surface.

~scanlon~