eCommons

 

Secure web applications via automatic partitioning

Other Titles

Abstract

Web applications are now critical infrastructure. To improve the user interface, some application functionality is typically implemented as client-side JavaScript code. Currently there are no good methods for deciding when it is secure to move code and data to the client side. Swift is a new, principled approach to building web applications that are secure by construction. Application code is written as Java-like code annotated with information flow policies. This code is automatically partitioned between JavaScript code running in the browser, and Java code running on the server. Code and data are placed on the client side where possible. Security-critical code is placed on the server and user interface code is placed on the client. Code placement is constrained by high-level, declarative information flow policies that strongly enforce the confidentiality and integrity of server-side information. Web applications are hard to build because code and data needs to be partitioned to make them responsive. They are also hard to build because code and data need to be partitioned for security. Because of the connection (and tension) between the two problems, Swift addresses both at once, automatically partitioning application code while also providing assurance that the resulting placement is secure and efficient.

Journal / Series

Volume & Issue

Description

Sponsorship

Date Issued

2007-03-28

Publisher

Cornell University

Keywords

computer science; technical report

Location

Effective Date

Expiration Date

Sector

Employer

Union

Union Local

NAICS

Number of Workers

Committee Chair

Committee Co-Chair

Committee Member

Degree Discipline

Degree Name

Degree Level

Related Version

Related DOI

Related To

Related Part

Based on Related Item

Has Other Format(s)

Part of Related Item

Related To

Related Publication(s)

Link(s) to Related Publication(s)

References

Link(s) to Reference(s)

Previously Published As

http://techreports.library.cornell.edu:8081/Dienst/UI/1.0/Display/cul.cis/TR2007-2078

Government Document

ISBN

ISMN

ISSN

Other Identifiers

Rights

Rights URI

Types

technical report

Accessibility Feature

Accessibility Hazard

Accessibility Summary

Link(s) to Catalog Record