Swift, un experimento sobre seguridad en Web

Lambda The Ultimate comenta un ensayo en curso que parece muy interesante: Swift, un sistema que basa la construcción de aplicaciones web en la utilización de una extensión de Java que aplica políticas de seguridad, y en tiempo de compilación divide el código entre JavaScript en el cliente, y Java en el servidor. Para seguir, tenga éxito o no. Presentación en Lambda...:

Swift: making web applications secure by construction

Swift is a language-based approach to building web applications that are secure by construction. Swift applications are written in the Jif language, a Java-based language that incorporates "security-typing" to manage the flow of information within an application. The Swift compiler automatically partitions the application code into a client-side JavaScript application and a server-side Java application, with code placement constrained by declarative information flow policies that strongly enforce the confidentiality and integrity of server-side information.

Swift was recently featured in the "Research Highlights" section of the Communications of the ACM, as a condensed version of an earlier conference paper. The original conference paper is Stephen Chong, Jed Liu, Andrew C. Myers, Xin Qi, K. Vikram, Lantian Zheng, and Xin Zheng, Secure web applications via automatic partitioning, Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP'07), pages 31–44, October 2007.

Jif has been mentioned previously on LtU here and here.

La presentación en el sitio de Swift:

Swift is a new, principled approach to building web applications that are secure by construction. Web applications are hard to build because code and data need to be partitioned to make them responsive. They are also hard to build because code and data need to be partitioned for security. Currently there are no good methods for deciding when it is secure to move code and data to the client side.

Because of the connection (and tension) between the problems of security and interactive performance, Swift addresses both at once, automatically partitioning application code while providing assurance that the resulting placement is secure and efficient.

In the Swift approach, application code is written in the Jif language, a Java-based language that includes information security policies. The source code is automatically partitioned into JavaScript code running in the browser, and Java code running on the server. For interactive performance, code and data are placed on the client side where possible. Security-critical code is placed on the server and user interface code is placed on the client. Code placement is constrained by high-level, declarative information flow policies that strongly enforce the confidentiality and integrity of server-side information. The Swift compiler may also choose to replicate code and data across the client and server, with benefits for both security and performance.

En la base del sistema está Jif, que es descripto así en su sitio:

Jif is a security-typed programming language that extends Java with support for information flow control and access control, enforced at both compile time and run time. The source code for the Jif compiler and run-time system is now available for download. Jif is written in Java and is built using the Polyglot extensible Java compiler framework.
Static information flow control can protect the confidentiality and integrity of information manipulated by computing systems. The compiler tracks the correspondence between information the policies that restrict its use, enforcing security properties end-to-end within the system. After checking information flow within Jif programs, the Jif compiler translates them to Java programs and uses an ordinary Java compiler to produce secure executable programs.

Jif extends Java by adding labels that express restrictions on how information may be used. For example, the following variable declaration declares not only that the variable x is an int, but also that the information in x is governed by a security policy:

    int {Alice→Bob} x;

In this case, the security policy says that the information in x is controlled by the principal Alice, and that Alice permits this information to be seen by the principal Bob. The policy {Alice←Bob} means that information is owned by Alice, and that Alice permits it to be affected by Bob. Based on label annotations like these, the Jif compiler analyzes information flows within programs, to determines whether they enforce the confidentiality and integrity of information.

¿Podría agregarse una capa más, para crear el código que luego se compilará?. Para investigar, en la hora 25 del día...