Jif logo

Documentation

Swift tutorial

Current developers

Stephen Chong
Andrew Myers
K. Vikram

Mailing lists

(Open subscription, low traffic.)
Jif users
Jif announcements

Related projects

Jif: Java information flow
SIF

Support

The development and maintenance of the Swift system has been supported by NSF grants 0430161 and 0627649, and by TRUST (supported by NSF, AFOSR, and industrial partners).

Swift: making web applications
secure by construction

Swift is a new, principled approach to building web applications that are secure by construction. Web applications are hard to build because code and data need to be partitioned to make them responsive. They are also hard to build because code and data need to be partitioned for security. Currently there are no good methods for deciding when it is secure to move code and data to the client side.

Because of the connection (and tension) between the problems of security and interactive performance, Swift addresses both at once, automatically partitioning application code while providing assurance that the resulting placement is secure and efficient.

In the Swift approach, application code is written in the Jif language, a Java-based language that includes information security policies. The source code is automatically partitioned into JavaScript code running in the browser, and Java code running on the server. For interactive performance, code and data are placed on the client side where possible. Security-critical code is placed on the server and user interface code is placed on the client. Code placement is constrained by high-level, declarative information flow policies that strongly enforce the confidentiality and integrity of server-side information. The Swift compiler may also choose to replicate code and data across the client and server, with benefits for both security and performance.

Example Swift applications

Related publications