Skip to main content


eCommons@Cornell >
Faculty of Computing and Information Science >
Computing and Information Science >
Computing and Information Science Technical Reports >

Please use this identifier to cite or link to this item:
Title: Secure web applications via automatic partitioning
Authors: Chong, Stephen
Liu, Jed
Myers, Andrew C.
Qi, Xin
Vikram, K.
Zheng, Lantian
Zheng, Xin
Keywords: computer science
technical report
Issue Date: 28-Mar-2007
Publisher: Cornell University
Abstract: Web applications are now critical infrastructure. To improve the user interface, some application functionality is typically implemented as client-side JavaScript code. Currently there are no good methods for deciding when it is secure to move code and data to the client side. Swift is a new, principled approach to building web applications that are secure by construction. Application code is written as Java-like code annotated with information flow policies. This code is automatically partitioned between JavaScript code running in the browser, and Java code running on the server. Code and data are placed on the client side where possible. Security-critical code is placed on the server and user interface code is placed on the client. Code placement is constrained by high-level, declarative information flow policies that strongly enforce the confidentiality and integrity of server-side information. Web applications are hard to build because code and data needs to be partitioned to make them responsive. They are also hard to build because code and data need to be partitioned for security. Because of the connection (and tension) between the two problems, Swift addresses both at once, automatically partitioning application code while also providing assurance that the resulting placement is secure and efficient.
Appears in Collections:Computing and Information Science Technical Reports

Files in This Item:

File Description SizeFormat
TR2007-2078.pdf281.92 kBAdobe PDFView/Open

Refworks Export

Items in eCommons are protected by copyright, with all rights reserved, unless otherwise indicated.


© 2014 Cornell University Library Contact Us