research-article

Gradual typing embedded securely in JavaScript

Authors:

Cedric Fournet,

Karthikeyan Bhargavan,

Pierre-Yves Strub,

Gavin BiermanAuthors Info & Claims

ACM SIGPLAN Notices, Volume 49, Issue 1

Pages 425 - 437

https://doi.org/10.1145/2578855.2535889

Published: 08 January 2014 Publication History

Abstract

JavaScript's flexible semantics makes writing correct code hard and writing secure code extremely difficult. To address the former problem, various forms of gradual typing have been proposed, such as Closure and TypeScript. However, supporting all common programming idioms is not easy; for example, TypeScript deliberately gives up type soundness for programming convenience. In this paper, we propose a gradual type system and implementation techniques that provide important safety and security guarantees.

We present TS#, a gradual type system and source-to-source compiler for JavaScript. In contrast to prior gradual type systems, TS# features full runtime reflection over three kinds of types: (1) simple types for higher-order functions, recursive datatypes and dictionary-based extensible records; (2) the type any, for dynamically type-safe TS# expressions; and (3) the type un, for untrusted, potentially malicious JavaScript contexts in which TS# is embedded. After type-checking, the compiler instruments the program with various checks to ensure the type safety of TS# despite its interactions with arbitrary JavaScript contexts, which are free to use eval, stack walks, prototype customizations, and other offensive features. The proof of our main theorem employs a form of type-preserving compilation, wherein we prove all the runtime invariants of the translation of TS# to JavaScript by showing that translated programs are well-typed in JS#, a previously proposed dependently typed language for proving functional correctness of JavaScript programs.

We describe a prototype compiler, a secure runtime, and sample applications for TS#. Our examples illustrate how web security patterns that developers currently program in JavaScript (with much difficulty and still with dubious results) can instead be programmed naturally in TS#, retaining a flavor of idiomatic JavaScript, while providing strong safety guarantees by virtue of typing.

Supplementary Material

JPG File (d2_right_t8.jpg)

Download
12.19 KB

MP4 File (d2_right_t8.mp4)

Download
337.25 MB

References

[1]

M. Abadi, L. Cardelli, B. Pierce, and G. Plotkin. Dynamic typing in a statically typed language. ACM ToPLAS, 13 (2): 237--268, 1991.

Digital Library

[2]

D. Akhawe, P. Saxena, and D. Song. Privilege separation in HTML5 applications. In Proceedings of USENIX Security, 2012.

Digital Library

[3]

A. Barth. The web origin concept, 2011. IETF RFC6454.

[4]

A. Barth, C. Jackson, and J. C. Mitchell. Robust defenses for cross-site request forgery. In Proceedings of CCS, 2008.

Digital Library

[5]

R. Berjon, T. Leithead, E. Navara, E.D.and O'Conner, and S. Pfeiffer. HTML5.surlhttp://www.w3.org/TR/html5/, 2013. W3C Cand. Reco.

[6]

K. Bhargavan, A. Delignat-Lavaud, and S. Maffeis. Language-based defenses against untrusted browser origins. In Proceedings of USENIX Security, 2013.

Digital Library

[7]

G. Bierman, E. Meijer, and M. Torgersen. Adding dynamic types to C^#. In Proceedings of ECOOP, 2010.

Digital Library

[8]

G. Bracha and D. Griswold. Strongtalk: Typechecking Smalltalk in a production environment. In Proceedings of OOPSLA, 1993.

Digital Library

[9]

R. Chugh, D. Herman, and R. Jhala. Dependent types for JavaScript. In OOPSLA, 2012.

Digital Library

[10]

Facebook API. FB.API, 2013. http://developers.facebook.com/docs/reference/javascript/.

[11]

R. B. Findler and M. Felleisen. Contracts for higher-order functions. In Proceedings of ICFP, 2002.

Digital Library

[12]

C. Flanagan. Hybrid type checking. In Proceedings of POPL, 2006.

Digital Library

[13]

C. Fournet, N. Swamy, J. Chen, P.-E. Dagand, P.-Y. Strub, and B. Livshits. Fully abstract compilation to JavaScript. In Proceedings of POPL, 2013.

Digital Library

[14]

A. D. Gordon and A. Jeffrey. Authenticity by typing for security protocols. In Proceedings of CSFW, 2001.

Digital Library

[15]

S. Guarnieri and B. Livshits. Gatekeeper: mostly static enforcement of security and reliability policies for javascript code. In USENIX security symposium, SSYM'09. USENIX Association, 2009.

Digital Library

[16]

A. Guha, C. Saftoiu, and S. Krishnamurthi. The essence of JavaScript. In Proceedings of ECOOP, 2010.

Digital Library

[17]

A. Guha, C. Saftoiu, and S. Krishnamurthi. Typing local control and state using flow analysis. In Proceedings of ESOP, 2011.

Digital Library

[18]

D. Hedin and A. Sabelfeld. Information-flow security for a core of JavaScript. In Proceedings of CSF, 2012.

Digital Library

[19]

D. Herman, A. Tomb, and C. Flanagan. Space-efficient gradual typing. Higher Order Symbol. Comput., 2010.

Digital Library

[20]

L. Ina and A. Igarashi. Gradual typing for generics. In phProceedings of OOPSLA, 2011.

Digital Library

[21]

T. Jim, N. Swamy, and M. Hicks. Defeating script injection attacks with browser-enforced embedded policies. In Proceedings of WWW, 2007.

Digital Library

[22]

J. Magazinius, P. H. Phung, and D. Sands. Safe wrappers and sane policies for self protecting JavaScript. In Proceedings of NordSec, 2010.

Digital Library

[23]

OWASP CSRFGuard. CSRFGuard 3 user manual, 2010.surlhttps://www.owasp.org/index.php/CSRFGuard_3_User_Manual.

[24]

J. G. Politz, S. A. Eliopoulos, A. Guha, and S. Krishnamurthi. Adsafety: type-based verification of javascript sandboxing. In USENIX Security, 2011.

Digital Library

[25]

J. G. Siek and W. Taha. Gradual typing for functional languages. In Scheme and Functional Programming Workshop, 2006.

[26]

J. G. Siek, R. Garcia, and W. Taha. Exploring the design space of higher-order casts. In Proceedings of ESOP, 2009.

Digital Library

[27]

J. G. Siek, M. M. Vitousek, and S. Bharadwaj. Gradual typing for mutable objects.surlhttp://ecee.colorado.edu/siek/gtmo.pdf, 2013.

[28]

N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, and J. Yang. Secure distributed programming with value-dependent types. In Proceedings of ICFP, 2011.

Digital Library

[29]

N. Swamy, J. Weinberger, C. Schlesinger, J. Chen, and B. Livshits. Verifying higher-order programs with the Dijkstra monad. In PLDI, 2013.

Digital Library

[30]

A. Taly, U. Erlingsson, J. C. Mitchell, M. S. Miller, and J. Nagra. Automated analysis of security-critical JavaScript APIs. In Proceedings of S&P, 2011.

Digital Library

[31]

P. Wadler and R. B. Findler. Well-typed programs can't be blamed. In Proceedings of ESOP, 2009.

Digital Library

Cited By

Patrignani MGarg D(2021)Robustly Safe Compilation, an Efficient Form of Secure CompilationACM Transactions on Programming Languages and Systems10.1145/343680943:1(1-41)Online publication date: 9-Feb-2021
https://dl.acm.org/doi/10.1145/3436809
Patrignani MAhmed AClarke D(2019)Formal Approaches to Secure CompilationACM Computing Surveys10.1145/328098451:6(1-36)Online publication date: 4-Feb-2019
https://dl.acm.org/doi/10.1145/3280984
Petricek TGuerra GSyme D(2016)Types from data: making structured data first-class citizens in F#ACM SIGPLAN Notices10.1145/2980983.290811551:6(477-490)Online publication date: 2-Jun-2016
https://dl.acm.org/doi/10.1145/2980983.2908115
Show More Cited By

Index Terms

Gradual typing embedded securely in JavaScript

Recommendations

Gradual typing: a new perspective

We define a new, more semantic interpretation of gradual types and use it to ``gradualize'' two forms of polymorphism: subtyping polymorphism and implicit parametric polymorphism. In particular, we use the new interpretation to define three gradual type ...
Gradual typing embedded securely in JavaScript
POPL '14: Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

JavaScript's flexible semantics makes writing correct code hard and writing secure code extremely difficult. To address the former problem, various forms of gradual typing have been proposed, such as Closure and TypeScript. However, supporting all ...
On polymorphic gradual typing

We study an extension of gradual typing—a method to integrate dynamic typing and static typing smoothly in a single language—to parametric polymorphism and its theoretical properties, including conservativity of typing and semantics over both statically ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 49, Issue 1

POPL '14

January 2014

661 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/2578855

Editor:
Mark W. Bailey
Hamilton College, Clinton, NY

Issue’s Table of Contents

POPL '14: Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
January 2014
702 pages
ISBN:9781450325448
DOI:10.1145/2535838
General Chair:
Suresh Jagannathan
Purdue University, USA
,
Program Chair:
Peter Sewell
University of Cambridge, UK

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 January 2014

Published in SIGPLAN Volume 49, Issue 1

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

42
Total Citations
View Citations
588
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)1

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Patrignani MGarg D(2021)Robustly Safe Compilation, an Efficient Form of Secure CompilationACM Transactions on Programming Languages and Systems10.1145/343680943:1(1-41)Online publication date: 9-Feb-2021
https://dl.acm.org/doi/10.1145/3436809
Patrignani MAhmed AClarke D(2019)Formal Approaches to Secure CompilationACM Computing Surveys10.1145/328098451:6(1-36)Online publication date: 4-Feb-2019
https://dl.acm.org/doi/10.1145/3280984
Petricek TGuerra GSyme D(2016)Types from data: making structured data first-class citizens in F#ACM SIGPLAN Notices10.1145/2980983.290811551:6(477-490)Online publication date: 2-Jun-2016
https://dl.acm.org/doi/10.1145/2980983.2908115
Petricek TGuerra GSyme DKrintz CBerger E(2016)Types from data: making structured data first-class citizens in F#Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/2908080.2908115(477-490)Online publication date: 2-Jun-2016
https://dl.acm.org/doi/10.1145/2908080.2908115
YE WOLIVEIRA B(2024)Type-directed operational semantics for gradual typingJournal of Functional Programming10.1017/S095679682400007834Online publication date: 26-Sep-2024
https://doi.org/10.1017/S0956796824000078
Greenman BDimoulas CFelleisen M(2023)Typed–Untyped Interactions: A Comparative AnalysisACM Transactions on Programming Languages and Systems10.1145/357983345:1(1-54)Online publication date: 5-Mar-2023
https://dl.acm.org/doi/10.1145/3579833
Bastys IAlgehed MSjösten ASabelfeld A(2022)SecWasm: Information Flow Control for WebAssemblyStatic Analysis10.1007/978-3-031-22308-2_5(74-103)Online publication date: 2-Dec-2022
https://doi.org/10.1007/978-3-031-22308-2_5
Lazarek LGreenman BFelleisen MDimoulas C(2021)How to evaluate blame for gradual typesProceedings of the ACM on Programming Languages10.1145/34735735:ICFP(1-29)Online publication date: 19-Aug-2021
https://dl.acm.org/doi/10.1145/3473573
Moy CNguyễn PTobin-Hochstadt SVan Horn D(2021)Corpse reviver: sound and efficient gradual typing via contract verificationProceedings of the ACM on Programming Languages10.1145/34343345:POPL(1-28)Online publication date: 4-Jan-2021
https://dl.acm.org/doi/10.1145/3434334
Ko YRezk TSerrano MHung CHong JBechini ASong E(2021)SecureJS compilerProceedings of the 36th Annual ACM Symposium on Applied Computing10.1145/3412841.3442001(1265-1274)Online publication date: 22-Mar-2021
https://dl.acm.org/doi/10.1145/3412841.3442001
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents