synapse india complaints on secure web applications
TRANSCRIPT
![Page 1: Synapse india complaints on secure web applications](https://reader036.vdocuments.us/reader036/viewer/2022083004/55a1a25a1a28abe43f8b45ae/html5/thumbnails/1.jpg)
Synapse India Complaints on SECURE WEB APPLICATIONS
VIA AUTOMATIC PARTITIONING
![Page 2: Synapse india complaints on secure web applications](https://reader036.vdocuments.us/reader036/viewer/2022083004/55a1a25a1a28abe43f8b45ae/html5/thumbnails/2.jpg)
Designers of web applicationsWant to push as much as possible application
functionality into the clients Must protect application integrity against
rogue clientsPaper presents a “principled approach” to
building secure web applications“Secure by construction”
![Page 3: Synapse india complaints on secure web applications](https://reader036.vdocuments.us/reader036/viewer/2022083004/55a1a25a1a28abe43f8b45ae/html5/thumbnails/3.jpg)
Servers can be trustedClients cannot
We cannot update ourselves the balances of our bank accounts
![Page 4: Synapse india complaints on secure web applications](https://reader036.vdocuments.us/reader036/viewer/2022083004/55a1a25a1a28abe43f8b45ae/html5/thumbnails/4.jpg)
Swift enforces security by controlling information flow
Prevents release of information toless secure consumers
Will not accept information fromless trusted sources
![Page 5: Synapse india complaints on secure web applications](https://reader036.vdocuments.us/reader036/viewer/2022083004/55a1a25a1a28abe43f8b45ae/html5/thumbnails/5.jpg)
Applications are written in a higher-level programming language that details all security
requirements as annotationsCompiler uses these annotations to decide whether an application and its data can run
on the clientPartitions code and data at the level of individual expressions and object fields
![Page 6: Synapse india complaints on secure web applications](https://reader036.vdocuments.us/reader036/viewer/2022083004/55a1a25a1a28abe43f8b45ae/html5/thumbnails/6.jpg)
![Page 7: Synapse india complaints on secure web applications](https://reader036.vdocuments.us/reader036/viewer/2022083004/55a1a25a1a28abe43f8b45ae/html5/thumbnails/7.jpg)
Written in an extension of Jif 3.0 programming language
Jif is itself an extension of Java with specific mechanisms for information flow control and
access controlExpressed in Jif as labels attached to
program variables
![Page 8: Synapse india complaints on secure web applications](https://reader036.vdocuments.us/reader036/viewer/2022083004/55a1a25a1a28abe43f8b45ae/html5/thumbnails/8.jpg)
Intermediate language with much simpler annotations
S means annotated code/data must be placed on the server
S?C means annotated code/data must be placed on the server but can be replicated on
the client
![Page 9: Synapse india complaints on secure web applications](https://reader036.vdocuments.us/reader036/viewer/2022083004/55a1a25a1a28abe43f8b45ae/html5/thumbnails/9.jpg)
Second phase produces exact placement and replication of code and data
Satisfying all security requirementsMinimizing costs and avoiding unnecessary
network messages
![Page 10: Synapse india complaints on secure web applications](https://reader036.vdocuments.us/reader036/viewer/2022083004/55a1a25a1a28abe43f8b45ae/html5/thumbnails/10.jpg)
Fine grain transformationSome statements within a specific method
may run on the client while other statements must remain on the server