Introduction to algorithms
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Programming Ruby: the pragmatic programmer's guide
Programming Ruby: the pragmatic programmer's guide
Certification of programs for secure information flow
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Javaserver Pages
ACM Transactions on Computer Systems (TOCS)
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
Definitional interpreters for higher-order programming languages
ACM '72 Proceedings of the ACM annual conference - Volume 2
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Rabbit: A Compiler for Scheme
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Hilda: A High-Level Language for Data-DrivenWeb Applications
ICDE '06 Proceedings of the 22nd International Conference on Data Engineering
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
HOP: achieving efficient anonymity in MANETs by combining HIP, OLSR, and pseudonyms
Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications
JavaScript instrumentation for browser security
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JavaScript: The Definitive Guide
JavaScript: The Definitive Guide
A unified platform for data driven web applications with automatic client-server partitioning
Proceedings of the 16th international conference on World Wide Web
Fairplay—a secure two-party computation system
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Polyglot: an extensible compiler framework for Java
CC'03 Proceedings of the 12th international conference on Compiler construction
Links: web programming without tiers
FMCO'06 Proceedings of the 5th international conference on Formal methods for components and objects
The design and implementation of microdrivers
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Understanding and visualizing full systems with data flow tomography
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Manageable fine-grained information flow
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Privilege separation made easy: trusting small libraries not big processes
Proceedings of the 1st European Workshop on System Security
Securing nonintrusive web encryption through information flow
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
NOYB: privacy in online social networks
Proceedings of the first workshop on Online social networks
Flexible security configuration for virtual machines
Proceedings of the 2nd ACM workshop on Computer security architectures
Building secure web applications with automatic partitioning
Communications of the ACM - Inspiring Women in Computing
Secure compilation of a multi-tier web language
Proceedings of the 4th international workshop on Types in language design and implementation
Virtual machines jailed: virtualization in systems with small trusted computing bases
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
Privacy-preserving browser-side scripting with BFlow
Proceedings of the 4th ACM European conference on Computer systems
Using static analysis for Ajax intrusion detection
Proceedings of the 18th international conference on World wide web
HTML templates that fly: a template engine approach to automated offloading from server to client
Proceedings of the 18th international conference on World wide web
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Cross-tier, label-based security enforcement for web applications
Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
Api hyperlinking via structural overlap
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Remote Batch Invocation for Compositional Object Services
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
Improving application security with data flow assertions
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Fabric: a platform for secure distributed computation and storage
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Ripley: automatically securing web 2.0 applications through replicated execution
Proceedings of the 16th ACM conference on Computer and communications security
Privacy-preserving genomic computation through program specialization
Proceedings of the 16th ACM conference on Computer and communications security
ACM SIGOPS Operating Systems Review
Neon: system support for derived data management
Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Proceedings of the Fifth Workshop on Programming Languages and Operating Systems
Sync kit: a persistent client-side database caching toolkit for data intensive websites
Proceedings of the 19th international conference on World wide web
Type-safe distributed programming with ML5
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Dynamic updates for web and cloud applications
APLWACA '10 Proceedings of the 2010 Workshop on Analysis and Programming Languages for Web Applications and Cloud Applications
DynXML: safely programming the dynamic web
APLWACA '10 Proceedings of the 2010 Workshop on Analysis and Programming Languages for Web Applications and Cloud Applications
Dynamically partitioning applications between weak devices and clouds
Proceedings of the 1st ACM Workshop on Mobile Cloud Computing & Services: Social Networks and Beyond
Tracking information flow in dynamic tree structures
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
A more precise security type system for dynamic security tests
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
xBook: redesigning privacy control in social networking platforms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Managing state for Ajax-driven web components
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
DIFC programs by automatic instrumentation
Proceedings of the 17th ACM conference on Computer and communications security
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications
Proceedings of the 17th ACM conference on Computer and communications security
Language-based replay via data flow cut
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Static checking of dynamically-varying security policies in database-backed applications
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Unifying facets of information integrity
ICISS'10 Proceedings of the 6th international conference on Information systems security
Plato: a compiler for interactive web forms
PADL'11 Proceedings of the 13th international conference on Practical aspects of declarative languages
Designing and Implementing the OP and OP2 Web Browsers
ACM Transactions on the Web (TWEB)
CloneCloud: elastic execution between mobile device and cloud
Proceedings of the sixth conference on Computer systems
Partitioning web applications between the server and the client
Journal of Web Engineering
Silverline: toward data confidentiality in storage-intensive cloud applications
Proceedings of the 2nd ACM Symposium on Cloud Computing
A systematic analysis of XSS sanitization in web application frameworks
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Server-side verification of client behavior in online games
ACM Transactions on Information and System Security (TISSEC)
Sedic: privacy-aware data intensive computing on hybrid clouds
Proceedings of the 18th ACM conference on Computer and communications security
WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction
Proceedings of the 18th ACM conference on Computer and communications security
Efficient incremental information flow control with nested control regions
Proceedings of the 1st ACM SIGPLAN international workshop on Programming language and systems technologies for internet clients
Dataflow Tomography: Information Flow Tracking For Understanding and Visualizing Full Systems
ACM Transactions on Architecture and Code Optimization (TACO)
The HybrEx model for confidentiality and privacy in cloud computing
HotCloud'11 Proceedings of the 3rd USENIX conference on Hot topics in cloud computing
A semantic framework for declassification and endorsement
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Trusted language runtime (TLR): enabling trusted applications on smartphones
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
G2C: cryptographic protocols from goal-driven specifications
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Automated code injection prevention for web applications
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Secure multi-execution in haskell
PSI'11 Proceedings of the 8th international conference on Perspectives of System Informatics
Automatic partitioning of database applications
Proceedings of the VLDB Endowment
Hails: protecting data privacy in untrusted web applications
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Partitioning applications for hybrid and federated clouds
CASCON '12 Proceedings of the 2012 Conference of the Center for Advanced Studies on Collaborative Research
Efficient protection of kernel data structures via object partitioning
Proceedings of the 28th Annual Computer Security Applications Conference
How languages can save distributed computing
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
TamperProof: a server-agnostic defense for parameter tampering attacks on web applications
Proceedings of the third ACM conference on Data and application security and privacy
Fine-grained fault tolerance using device checkpoints
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
WEBLOG: a declarative language for secure web development
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Managing the network with Merlin
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
Using ARM trustzone to build a trusted language runtime for mobile applications
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Automated detection of parameter tampering opportunities and vulnerabilities in web applications
Journal of Computer Security
Hi-index | 0.00 |
Swift is a new, principled approach to building web applications that are secure by construction. In modern web applications, some application functionality is usually implemented as client-side code written in JavaScript. Moving code and data to the client can create security vulnerabilities, but currently there are no good methods for deciding when it is secure to do so. Swift automatically partitions application code while providing assurance that the resulting placement is secure and efficient. Application code is written as Java-like code annotated with information flow policies that specify the confidentiality and integrity of web application information. The compiler uses these policies to automatically partition the program into JavaScript code running in the browser, and Java code running on the server. To improve interactive performance, code and data are placed on the client side. However, security-critical code and data are always placed on the server. Code and data can also be replicated across the client and server, to obtain both security and performance. A max-flow algorithm is used to place code and data in a way that minimizes client-server communication.