synapse india complaints on secure web applications
Post on 12-Jul-2015
75 Views
Preview:
TRANSCRIPT
Synapse India Complaints on SECURE WEB APPLICATIONS
VIA AUTOMATIC PARTITIONING
Designers of web applicationsWant to push as much as possible application
functionality into the clients Must protect application integrity against
rogue clientsPaper presents a “principled approach” to
building secure web applications“Secure by construction”
Servers can be trustedClients cannot
We cannot update ourselves the balances of our bank accounts
Swift enforces security by controlling information flow
Prevents release of information toless secure consumers
Will not accept information fromless trusted sources
Applications are written in a higher-level programming language that details all security
requirements as annotationsCompiler uses these annotations to decide whether an application and its data can run
on the clientPartitions code and data at the level of individual expressions and object fields
Written in an extension of Jif 3.0 programming language
Jif is itself an extension of Java with specific mechanisms for information flow control and
access controlExpressed in Jif as labels attached to
program variables
Intermediate language with much simpler annotations
S means annotated code/data must be placed on the server
S?C means annotated code/data must be placed on the server but can be replicated on
the client
Second phase produces exact placement and replication of code and data
Satisfying all security requirementsMinimizing costs and avoiding unnecessary
network messages
Fine grain transformationSome statements within a specific method
may run on the client while other statements must remain on the server
top related