{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:34:34Z","timestamp":1750307674915,"version":"3.41.0"},"reference-count":26,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2009,2,1]],"date-time":"2009-02-01T00:00:00Z","timestamp":1233446400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["4.30E+12","424422"],"award-info":[{"award-number":["4.30E+12","424422"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000181","name":"Air Force Office of Scientific Research","doi-asserted-by":"publisher","award":["FA9550-06-1-0244"],"award-info":[{"award-number":["FA9550-06-1-0244"]}],"id":[{"id":"10.13039\/100000181","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2009,2]]},"abstract":"\n Swift is a new, principled approach to building Web applications that are\n secure by construction.<\/jats:italic>\n Modern Web applications typically implement some functionality as client-side JavaScript code, for improved interactivity. Moving code and data to the client can create security vulnerabilities, but currently there are no good methods for deciding when it is secure to do so.\n <\/jats:p>\n Swift automatically partitions application code while providing assurance that the resulting placement is secure and efficient. Application code is written as Java-like code annotated with information flow policies that specify the confidentiality and integrity of Web application information. The compiler uses these policies to automatically partition the program into JavaScript code running in the client browser and Java code running on the server. To improve interactive performance, code and data are placed on the client. However, security-critical code and data are always placed on the server. The compiler may also automatically replicate code across the client and server, to obtain both security and performance.<\/jats:p>","DOI":"10.1145\/1461928.1461949","type":"journal-article","created":{"date-parts":[[2009,1,20]],"date-time":"2009-01-20T14:41:13Z","timestamp":1232462473000},"page":"79-87","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":20,"title":["Building secure web applications with automatic partitioning"],"prefix":"10.1145","volume":"52","author":[{"given":"Stephen","family":"Chong","sequence":"first","affiliation":[{"name":"Cornell University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jed","family":"Liu","sequence":"additional","affiliation":[{"name":"Cornell University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrew C.","family":"Myers","sequence":"additional","affiliation":[{"name":"Cornell University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xin","family":"Qi","sequence":"additional","affiliation":[{"name":"Cornell University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"K.","family":"Vikram","sequence":"additional","affiliation":[{"name":"Cornell University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lantian","family":"Zheng","sequence":"additional","affiliation":[{"name":"Cornell University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xin","family":"Zheng","sequence":"additional","affiliation":[{"name":"Cornell University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2009,2]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Proceedings of the 8th USENIX Security Symposium (August","author":"Balfanz D.","year":"1999","unstructured":"Balfanz , D. , Felten , E. Hand-held computers can be better smart cards . In Proceedings of the 8th USENIX Security Symposium (August 1999 ). Balfanz, D., Felten, E. Hand-held computers can be better smart cards. In Proceedings of the 8th USENIX Security Symposium (August 1999)."},{"key":"e_1_2_1_2_1","volume-title":"JavaServer Pages","author":"Bergsten H.","year":"2003","unstructured":"Bergsten , H. JavaServer Pages , 3 rd edition. O'Reilly & amp; Associates, 2003 . Bergsten, H. JavaServer Pages, 3rd edition. O'Reilly & Associates, 2003.","edition":"3"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294265"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.2006.11"},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the 5th International Symposium on Formal Methods for Components and Objects (November","author":"Cooper E.","year":"2006","unstructured":"Cooper , E. , Lindley , S. , Wadler , P. , Yallop , J. Links : Web programming without tiers . In Proceedings of the 5th International Symposium on Formal Methods for Components and Objects (November 2006 ). Cooper, E., Lindley, S., Wadler, P., Yallop, J. Links: Web programming without tiers. In Proceedings of the 5th International Symposium on Formal Methods for Components and Objects (November 2006)."},{"key":"e_1_2_1_6_1","volume-title":"JavaScript: The Definitive Guide","author":"Flanagan D.","year":"2002","unstructured":"Flanagan , D. JavaScript: The Definitive Guide , 4 th edition. O'Reilly , 2002 . Flanagan, D. JavaScript: The Definitive Guide, 4th edition. O'Reilly, 2002.","edition":"4"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1328438.1328478"},{"key":"e_1_2_1_8_1","unstructured":"Google Web Toolkit. http:\/\/code.google.com\/webtoolkit\/. Google Web Toolkit. http:\/\/code.google.com\/webtoolkit\/."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1101908.1101935"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988679"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.5555\/296806.296826"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/292540.292561"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/363516.363526"},{"key":"e_1_2_1_15_1","unstructured":"Myers A.C. Zheng L. Zdancewic S. Chong S. Nystrom N. Jif 3.0: Java information flow. Software release. http:\/\/www.cs.cornell.edu\/jif July 2006. Myers A.C. Zheng L. Zdancewic S. Chong S. Nystrom N. Jif 3.0: Java information flow. Software release. http:\/\/www.cs.cornell.edu\/jif July 2006."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-25660-1_20"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.5555\/1765931.1765947"},{"key":"e_1_2_1_18_1","unstructured":"PHP\n : hypertext processor http:\/\/www.php.net. PHP: hypertext processor http:\/\/www.php.net."},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1176617.1176756"},{"key":"e_1_2_1_20_1","volume-title":"Symantec Corporation","author":"Symantec","year":"2006","unstructured":"Symantec Internet security threat report, volume X . Symantec Corporation , September 2006 . Symantec Internet security threat report, volume X. Symantec Corporation, September 2006."},{"key":"e_1_2_1_21_1","volume-title":"Programming Ruby: The Pragmatic Programmers' Guide. The Pragmatic Programmers","author":"Thomas D.","year":"2004","unstructured":"Thomas , D. , Fowler , C. , Hunt , A. Programming Ruby: The Pragmatic Programmers' Guide. The Pragmatic Programmers , 2 nd edition, 2004 . ISBN 0-974-51405-5. Thomas, D., Fowler, C., Hunt, A. Programming Ruby: The Pragmatic Programmers' Guide. The Pragmatic Programmers, 2nd edition, 2004. ISBN 0-974-51405-5.","edition":"2"},{"key":"e_1_2_1_22_1","volume-title":"Proceedings of the 15th USENIX Security Symposium (July","author":"Xie Y.","year":"2006","unstructured":"Xie , Y. , Aiken , A. Static detection of security vulnerabilities in scripting languages . In Proceedings of the 15th USENIX Security Symposium (July 2006 ), 179--192. Xie, Y., Aiken, A. Static detection of security vulnerabilities in scripting languages. In Proceedings of the 15th USENIX Security Symposium (July 2006), 179--192."},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of the 15th USENIX Security Symposium (August","author":"Xu W.","year":"2006","unstructured":"Xu , W. , Bhatkar , S. , Sekar , R. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks . In Proceedings of the 15th USENIX Security Symposium (August 2006 ), 121--136. Xu, W., Bhatkar, S., Sekar, R. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In Proceedings of the 15th USENIX Security Symposium (August 2006), 121--136."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242619"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/566340.566343"},{"key":"e_1_2_1_26_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"Zheng L.","year":"2003","unstructured":"Zheng , L. , Chong , S. , Myers , A.C. , Zdancewic , S. Using replication and partitioning to build secure distributed systems . In Proceedings of the IEEE Symposium on Security and Privacy ( Oakland, California , May 2003 ), 236--250. Zheng, L., Chong, S., Myers, A.C., Zdancewic, S. Using replication and partitioning to build secure distributed systems. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, California, May 2003), 236--250."}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1461928.1461949","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1461928.1461949","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:29:40Z","timestamp":1750253380000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1461928.1461949"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,2]]},"references-count":26,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2009,2]]}},"alternative-id":["10.1145\/1461928.1461949"],"URL":"https:\/\/doi.org\/10.1145\/1461928.1461949","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"type":"print","value":"0001-0782"},{"type":"electronic","value":"1557-7317"}],"subject":[],"published":{"date-parts":[[2009,2]]},"assertion":[{"value":"2009-02-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}