Download presentation
Presentation is loading. Please wait.
Published byWesley French Modified over 9 years ago
1
Secure Web Applications via Automatic Partitioning Stephen Chong, Jed Liu, Andrew C. Meyers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng. Cornell University
2
Outline Introduction Swift Architecture Writing Swift Applications WebIL Swift Runtime Evaluation Conclusion
3
Introduction Web applications are a critical part of today’s infrastructure
4
Introduction Web applications account for 69% of internet vulnerabilities Developer dilemma Performance vs security
5
Introduction Guess a number game Confidentiality requirement Client cannot see number Integrity requirement Client cannot affect number of guesses Only server can decide if guess is correct Client side only implementation Best performance Client can cheat
6
Swift Building web applications that are secure by construction Automatic partitioning of code and data Security critical code/data placed on server side only Code/data placed on client side for performance
7
Swift Architecture Jif Source Code WebIL WebIL Optimization Splitting Code JavaScript and Java Output Partitioning and Replication
8
Swift Architecture
9
Writing Swift Applications Extensions of Jif programming language Security policies expressed using labels Confidentiality and Integrity policies Labels refer to principals *(server) and client principals Compiler statically checks that information flow is consistent with policies Trust model Un trusted client Trusted server
10
Sample Policies
11
Guess a number Application
12
WebIL Concerned with placement of code and data Replace Jif labels with placement annotations Placements chosen to optimize responsiveness without sacrificing security Partitioning solved as Integer programming problem
13
Placement Annotations 9 placement annotations
14
Guess-a-Number in WebIL
15
Partitioning Algorithm Represent control flow as weighted directed graph Graph nodes are statements Edge weights are exec. frequencies Integer programming problem Reduce to instance of max flow problem Solution is placements of code/data
16
Partioning of Guess-a-Number
17
Swift Runtime Controls synchronization and communication JavaScript runs on Client Java code runs on server Asymmetric trust model Execution blocks Closures Activation Records
18
Execution Block Methods divided into execution blocks Single entry Multiple exits Unique ids Control transfer message Branch to block executing on different host
19
Execution Blocks of Guess-a-Number
20
Activation Records Execution blocks run in context of activation records Client/server have different views of same activation record Activation record updates forwarding between hosts Security restrictions of forwarding
21
Closures Next execution block id and activation record id Stack of closures Correct simulation of method calls/exceptions Integrity of control flow Clients invoke high integrity closures in controlled way
22
Evaluation Swift Compiler Jif compiler + 20K LOC Runtime system = 2.6K LOC Six web applications implemented
23
Generated code size
24
Network messages
25
Conclusion Constructing secure web applications Automatic partitioning of functionality Enforcement of information security policies Programmer effort to add annotations
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.