One group of MIT researchers believes the entire approach to securing online data should be overhauled. So, it has introduced Mylar, a platform for building secure Web applications, which redesigns encrypting and storing confidential user data by shoring up the weak link: servers.

The current mode of securing Web application data relies on servers for storing and processing, yet any intruder who infiltrates the server can access the unencrypted data. Applications and services built using Mylar keep information secure by never storing unencrypted data on servers. Mylar keeps server data encrypted at all times, only decrypting the data in the user’s browser.

(Related: White hat hacker breaks into HealthCare.gov)

MIT Computer Science and Artificial Intelligence Laboratory researcher Raluca Ada Popa and her team designed Mylar to integrate with Meteor, an open-source JavaScript Web development platform. She previously worked on CryptoDB, a database encryption system since adopted by Google and SAP.

Using the Meteor framework to simplify code porting, the researchers claimed that a Mylar prototype was able to secure six applications by changing only 35 lines of code.  

Reducing server vulnerability only solves one part of the equation, though. Common forms of encryption have proved vulnerable to brute-force hacking and other decryption methods, so Mylar also builds other encryption mechanisms into applications while data is stored on the server.

About Rob Marvin

Rob Marvin has been covering the software development and technology industry as Online & Social Media Editor at SD Times since July 2013. He is a 2013 graduate of the S.I. Newhouse School of Public Communications at Syracuse University with dual degrees in Magazine Journalism and Psychology. Rob enjoys writing about anything and everything, from features, entertainment, news and culture to his current work covering the software development industry.