skip to main content
research-article

Gradual typing embedded securely in JavaScript

Published:08 January 2014Publication History
Skip Abstract Section

Abstract

JavaScript's flexible semantics makes writing correct code hard and writing secure code extremely difficult. To address the former problem, various forms of gradual typing have been proposed, such as Closure and TypeScript. However, supporting all common programming idioms is not easy; for example, TypeScript deliberately gives up type soundness for programming convenience. In this paper, we propose a gradual type system and implementation techniques that provide important safety and security guarantees.

We present TS# , a gradual type system and source-to-source compiler for JavaScript. In contrast to prior gradual type systems, TS# features full runtime reflection over three kinds of types: (1) simple types for higher-order functions, recursive datatypes and dictionary-based extensible records; (2) the type any, for dynamically type-safe TS# expressions; and (3) the type un, for untrusted, potentially malicious JavaScript contexts in which TS# is embedded. After type-checking, the compiler instruments the program with various checks to ensure the type safety of TS# despite its interactions with arbitrary JavaScript contexts, which are free to use eval, stack walks, prototype customizations, and other offensive features. The proof of our main theorem employs a form of type-preserving compilation, wherein we prove all the runtime invariants of the translation of TS# to JavaScript by showing that translated programs are well-typed in JS# , a previously proposed dependently typed language for proving functional correctness of JavaScript programs.

We describe a prototype compiler, a secure runtime, and sample applications for TS#. Our examples illustrate how web security patterns that developers currently program in JavaScript (with much difficulty and still with dubious results) can instead be programmed naturally in TS#, retaining a flavor of idiomatic JavaScript, while providing strong safety guarantees by virtue of typing.

Skip Supplemental Material Section

Supplemental Material

d2_right_t8.mp4

References

  1. M. Abadi, L. Cardelli, B. Pierce, and G. Plotkin. Dynamic typing in a statically typed language. ACM ToPLAS, 13 (2): 237--268, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. D. Akhawe, P. Saxena, and D. Song. Privilege separation in HTML5 applications. In Proceedings of USENIX Security, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. A. Barth. The web origin concept, 2011. IETF RFC6454.Google ScholarGoogle Scholar
  4. A. Barth, C. Jackson, and J. C. Mitchell. Robust defenses for cross-site request forgery. In Proceedings of CCS, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. R. Berjon, T. Leithead, E. Navara, E.D.and O'Conner, and S. Pfeiffer. HTML5.surlhttp://www.w3.org/TR/html5/, 2013. W3C Cand. Reco.Google ScholarGoogle Scholar
  6. K. Bhargavan, A. Delignat-Lavaud, and S. Maffeis. Language-based defenses against untrusted browser origins. In Proceedings of USENIX Security, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. G. Bierman, E. Meijer, and M. Torgersen. Adding dynamic types to C#. In Proceedings of ECOOP, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. G. Bracha and D. Griswold. Strongtalk: Typechecking Smalltalk in a production environment. In Proceedings of OOPSLA, 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. R. Chugh, D. Herman, and R. Jhala. Dependent types for JavaScript. In OOPSLA, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Facebook API. FB.API, 2013. http://developers.facebook.com/docs/reference/javascript/.Google ScholarGoogle Scholar
  11. R. B. Findler and M. Felleisen. Contracts for higher-order functions. In Proceedings of ICFP, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. C. Flanagan. Hybrid type checking. In Proceedings of POPL, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. C. Fournet, N. Swamy, J. Chen, P.-E. Dagand, P.-Y. Strub, and B. Livshits. Fully abstract compilation to JavaScript. In Proceedings of POPL, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. A. D. Gordon and A. Jeffrey. Authenticity by typing for security protocols. In Proceedings of CSFW, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. S. Guarnieri and B. Livshits. Gatekeeper: mostly static enforcement of security and reliability policies for javascript code. In USENIX security symposium, SSYM'09. USENIX Association, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. A. Guha, C. Saftoiu, and S. Krishnamurthi. The essence of JavaScript. In Proceedings of ECOOP, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. A. Guha, C. Saftoiu, and S. Krishnamurthi. Typing local control and state using flow analysis. In Proceedings of ESOP, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. D. Hedin and A. Sabelfeld. Information-flow security for a core of JavaScript. In Proceedings of CSF, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. D. Herman, A. Tomb, and C. Flanagan. Space-efficient gradual typing. Higher Order Symbol. Comput., 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. L. Ina and A. Igarashi. Gradual typing for generics. In phProceedings of OOPSLA, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. T. Jim, N. Swamy, and M. Hicks. Defeating script injection attacks with browser-enforced embedded policies. In Proceedings of WWW, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. J. Magazinius, P. H. Phung, and D. Sands. Safe wrappers and sane policies for self protecting JavaScript. In Proceedings of NordSec, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. OWASP CSRFGuard. CSRFGuard 3 user manual, 2010.surlhttps://www.owasp.org/index.php/CSRFGuard_3_User_Manual.Google ScholarGoogle Scholar
  24. J. G. Politz, S. A. Eliopoulos, A. Guha, and S. Krishnamurthi. Adsafety: type-based verification of javascript sandboxing. In USENIX Security, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. J. G. Siek and W. Taha. Gradual typing for functional languages. In Scheme and Functional Programming Workshop, 2006.Google ScholarGoogle Scholar
  26. J. G. Siek, R. Garcia, and W. Taha. Exploring the design space of higher-order casts. In Proceedings of ESOP, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. J. G. Siek, M. M. Vitousek, and S. Bharadwaj. Gradual typing for mutable objects.surlhttp://ecee.colorado.edu/siek/gtmo.pdf, 2013.Google ScholarGoogle Scholar
  28. N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, and J. Yang. Secure distributed programming with value-dependent types. In Proceedings of ICFP, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. N. Swamy, J. Weinberger, C. Schlesinger, J. Chen, and B. Livshits. Verifying higher-order programs with the Dijkstra monad. In PLDI, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. A. Taly, U. Erlingsson, J. C. Mitchell, M. S. Miller, and J. Nagra. Automated analysis of security-critical JavaScript APIs. In Proceedings of S&P, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. P. Wadler and R. B. Findler. Well-typed programs can't be blamed. In Proceedings of ESOP, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Gradual typing embedded securely in JavaScript

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image ACM SIGPLAN Notices
            ACM SIGPLAN Notices  Volume 49, Issue 1
            POPL '14
            January 2014
            661 pages
            ISSN:0362-1340
            EISSN:1558-1160
            DOI:10.1145/2578855
            Issue’s Table of Contents
            • cover image ACM Conferences
              POPL '14: Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
              January 2014
              702 pages
              ISBN:9781450325448
              DOI:10.1145/2535838

            Copyright © 2014 ACM

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 8 January 2014

            Check for updates

            Qualifiers

            • research-article

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!