A team of researchers at MIT, led by Raluca Ada Popa has developed a platform for building secure web applications which is based on ensuring data on servers is always encrypted, which is named as Mylar. In announcing the new platform, the developers noted that Mylar can protect user data from snooping even if a hacker obtains full access to a server.
The regular approach to securing user data on servers is to accept data from a user, then encrypt it before saving to a hard drive on a server. When the user requests the data, the server opens the file, decrypts it and then sends what has been requested. The weakness of this approach is that if a hacker gains control over a server, they can decrypt everything on it. A better approach is to have encryption and decryption occur on the user end, that's the essence of Mylar.
With the Mylar platform, encrypting and decrypting are performed via code in a user's browser, thus users never see it happening, it's seamless. The advantages of such an approach are obvious, hackers can't read data files, and notably, neither could government snooping programs such as PRISM.
