...
Emily Stark <estark@mit.edu>, Meelap Shah <meelap@mit.edu>: We plan to build a tool to convert existing web apps into a form that provides data confidentiality guarantees to clients. Our tool will take as input server side code and partition it into two pieces; one piece will remain on the server and the other will be pushed to the client. Data fields containing sensitive client data will be encrypted on the client so that nothing is revealed to the server. The code will be partitioned so that the piece that remains on the server can operate on ciphertext. This will maintain the application's functionality while providing the confidentiality guarantees we desire.
Isaac Gutekunst <igutek@mit.ed>, Jelle van den Hooff <jelle@mit.edu>: We would like to create an application framework that performs tainting of all data, and allows controlled inter-application communication. The framework may allow the concept of a secure clipboard that allows pasting between certain privileged applications. For example, copying from a list of quiz solutions, and a pasting into a new quiz would be allowed, but copying answers into a quiz would not.