Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Encryption Privacy Security The Internet

MIT Researchers Create Platform To Build Secure Web Apps That Never Leak Data 90

Posted by Soulskill
from the what-about-when-leak-exists-between-keyboard-and-chair dept.
rjmarvin writes: "Researchers in the MIT Computer Science and Artificial Intelligence Laboratory have developed a platform for building secure web applications and services that never decrypt or leak data. MIT researcher Raluca Ada Popa, who previously worked on the Google and SAP-adopted CryptoDB, and her team, have put a longstanding philosophy into practice: to never store unencrypted data on servers. They've redesigned the entire approach to securing online data by creating Mylar, which builds and updates applications to keep data secure from server breaches with constant encryption during storage, only decrypting the data in the user's browser. Integrated with the open-source Meteor framework, a Mylar prototype has already secured six applications by changing only 35 lines of code."
This discussion has been archived. No new comments can be posted.

MIT Researchers Create Platform To Build Secure Web Apps That Never Leak Data

Comments Filter:
  • by xombo (628858) on Wednesday March 26, 2014 @02:42AM (#46581779)

    I've implemented a similar solution for one of my web apps.
    It encrypts the data in the client with a password that they provide before it gets sent to the server. The client also decrypts the value when it receives it from the server.
    The password is kept in LocalStorage (a feature of HTML5) so that it is never transmitted to the server.
    Assuming the client application is not compromised, this is a great way to keep data secret even from the service operator.

    Unfortunately, you won't see this scheme implemented in many apps because almost everyone's business model these days is all about scraping your data for use by advertisers.

  • by thegarbz (1787294) on Wednesday March 26, 2014 @03:34AM (#46581943)

    There's another side to this too. You won't see this scheme implemented because encrypted data can not be de-duplicated, and can not be compressed. Effectively your solution increases the cost of doing business, both in terms of bandwidth and in infrastructure.

All great ideas are controversial, or have been at one time.