JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The Coign automatic distributed partitioning system
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Programming Ruby: the pragmatic programmer's guide
Programming Ruby: the pragmatic programmer's guide
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
ACM Transactions on Computer Systems (TOCS)
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
JavaServer Pages, 3rd Edition
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
HOP: achieving efficient anonymity in MANETs by combining HIP, OLSR, and pseudonyms
Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications
JavaScript: The Definitive Guide
JavaScript: The Definitive Guide
A unified platform for data driven web applications with automatic client-server partitioning
Proceedings of the 16th international conference on World Wide Web
Hand-held computers can be better smart cards
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Secure web applications via automatic partitioning
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Polyglot: an extensible compiler framework for Java
CC'03 Proceedings of the 12th international conference on Compiler construction
Links: web programming without tiers
FMCO'06 Proceedings of the 5th international conference on Formal methods for components and objects
Towards reasoning for web applications: an operational semantics for Hop
APLWACA '10 Proceedings of the 2010 Workshop on Analysis and Programming Languages for Web Applications and Cloud Applications
Compiling information-flow security to minimal trusted computing bases
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
SAFE extensibility of data-driven web applications
Proceedings of the 21st international conference on World Wide Web
Automated code injection prevention for web applications
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Reasoning about Web Applications: An Operational Semantics for HOP
ACM Transactions on Programming Languages and Systems (TOPLAS)
A multi-tier semantics for Hop
Higher-Order and Symbolic Computation
Proceedings of the 2013 international workshop on Hot topics in cloud services
GlassTube: a lightweight approach to web application integrity
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Hi-index | 0.00 |
Swift is a new, principled approach to building Web applications that are secure by construction. Modern Web applications typically implement some functionality as client-side JavaScript code, for improved interactivity. Moving code and data to the client can create security vulnerabilities, but currently there are no good methods for deciding when it is secure to do so. Swift automatically partitions application code while providing assurance that the resulting placement is secure and efficient. Application code is written as Java-like code annotated with information flow policies that specify the confidentiality and integrity of Web application information. The compiler uses these policies to automatically partition the program into JavaScript code running in the client browser and Java code running on the server. To improve interactive performance, code and data are placed on the client. However, security-critical code and data are always placed on the server. The compiler may also automatically replicate code across the client and server, to obtain both security and performance.