Abstract
Swift is a new, principled approach to building Web applications that are
secure by construction.
Modern Web applications typically implement some functionality as client-side JavaScript code, for improved interactivity. Moving code and data to the client can create security vulnerabilities, but currently there are no good methods for deciding when it is secure to do so.
Swift automatically partitions application code while providing assurance that the resulting placement is secure and efficient. Application code is written as Java-like code annotated with information flow policies that specify the confidentiality and integrity of Web application information. The compiler uses these policies to automatically partition the program into JavaScript code running in the client browser and Java code running on the server. To improve interactive performance, code and data are placed on the client. However, security-critical code and data are always placed on the server. The compiler may also automatically replicate code across the client and server, to obtain both security and performance.
Funder
National Science Foundation
Air Force Office of Scientific Research
Publisher
Association for Computing Machinery (ACM)
Reference26 articles.
1. Bergsten H. JavaServer Pages 3rd edition. O'Reilly & Associates 2003. Bergsten H. JavaServer Pages 3rd edition. O'Reilly & Associates 2003.
2. Secure web application via automatic partitioning
3. Decentralized Robustness
Cited by
15 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献