Threat Models in JavaScript Applications

In the modern world people want fast access to the right data at the right time. The facilitator of this data transmission and interconnection is the internet. People are sending and receiving data through their different devices. In this so called ubiquitous era service providers are moving from in shop servers to cloud environments and from “multiple implementations for different devices” to a “one application fit all devices” paradigm. These paradigm shifts while attractive, opens systems to previously unknown security risks. The previous man in the middle or black box security model is not sufficient and software security designers should also consider man at the end or white box attacks. In our research we attempt to address software security vulnerabilities, in particular client side code executed in these untrustworthy environments. To this end we will create a novel threat modeling methodology with a focus on web applications consisting of client side code written in JavaScript and HTML5.

Faculty Supervisor:

Dr. Tom Dean


Mohammad Hassan Nourijelyani


Irdeto Canada


Engineering - computer / electrical


Information and communications technologies


Queen's University



Current openings

Find the perfect opportunity to put your academic skills and knowledge into practice!

Find Projects