This thesis' primary contribution is that of a new architecture for web application platforms and their extensions, entitled "The Virtual Faraday Cage". This new architecture addresses some of the privacy and security related problems associated with third-party extensions running within web application platforms. A proof-of-concept showing how the Virtual Faraday Cage could be implemented is described.
This new architecture aims to help solve some of the key security and privacy concerns for end-users in web applications by creating a mechanism by which a third-party could create an extension that works with end-user data, but which could never leak such information back to the third-party. To facilitate this, the thesis also incorporates a basic privacy-aware access control mechanism. This architecture could be used for centralized web application platforms (such as Facebook) as well as decentralized platforms. Ideally, the Virtual Faraday Cage should be incorporated into the development of new web application platforms, but could also be implemented via wrappers around existing application platform Application Programming Interfaces with minimal changes to existing platform code or workflows.