Thumbnail
Access Restriction
Subscribed

Author Chong, Stephen ♦ Vikram, K. ♦ Qi, Xin ♦ Liu, Jed ♦ Zheng, Xin ♦ Zheng, Lantian ♦ Myers, Andrew C.
Source ACM Digital Library
Content type Text
Publisher Association for Computing Machinery (ACM)
File Format PDF
Language English
Abstract Swift is a new, principled approach to building Web applications that are secure by construction. Modern Web applications typically implement some functionality as client-side JavaScript code, for improved interactivity. Moving code and data to the client can create security vulnerabilities, but currently there are no good methods for deciding when it is secure to do so. Swift automatically partitions application code while providing assurance that the resulting placement is secure and efficient. Application code is written as Java-like code annotated with information flow policies that specify the confidentiality and integrity of Web application information. The compiler uses these policies to automatically partition the program into JavaScript code running in the client browser and Java code running on the server. To improve interactive performance, code and data are placed on the client. However, security-critical code and data are always placed on the server. The compiler may also automatically replicate code across the client and server, to obtain both security and performance.
Description Affiliation: Cornell University (Chong, Stephen; Liu, Jed; Myers, Andrew C.; Qi, Xin; Vikram, K.; Zheng, Lantian; Zheng, Xin)
Age Range 18 to 22 years ♦ above 22 year
Educational Use Research
Education Level UG and PG
Learning Resource Type Article
Publisher Date 2005-08-01
Publisher Place New York
Journal Communications of the ACM (CACM)
Volume Number 52
Issue Number 2
Page Count 9
Starting Page 79
Ending Page 87


Open content in new tab

   Open content in new tab
Source: ACM Digital Library