Abstract
JavaScript's flexible semantics makes writing correct code hard and writing secure code extremely difficult. To address the former problem, various forms of gradual typing have been proposed, such as Closure and TypeScript. However, supporting all common programming idioms is not easy; for example, TypeScript deliberately gives up type soundness for programming convenience. In this paper, we propose a gradual type system and implementation techniques that provide important safety and security guarantees.
We present TS# , a gradual type system and source-to-source compiler for JavaScript. In contrast to prior gradual type systems, TS# features full runtime reflection over three kinds of types: (1) simple types for higher-order functions, recursive datatypes and dictionary-based extensible records; (2) the type any, for dynamically type-safe TS# expressions; and (3) the type un, for untrusted, potentially malicious JavaScript contexts in which TS# is embedded. After type-checking, the compiler instruments the program with various checks to ensure the type safety of TS# despite its interactions with arbitrary JavaScript contexts, which are free to use eval, stack walks, prototype customizations, and other offensive features. The proof of our main theorem employs a form of type-preserving compilation, wherein we prove all the runtime invariants of the translation of TS# to JavaScript by showing that translated programs are well-typed in JS# , a previously proposed dependently typed language for proving functional correctness of JavaScript programs.
We describe a prototype compiler, a secure runtime, and sample applications for TS#. Our examples illustrate how web security patterns that developers currently program in JavaScript (with much difficulty and still with dubious results) can instead be programmed naturally in TS#, retaining a flavor of idiomatic JavaScript, while providing strong safety guarantees by virtue of typing.
Supplemental Material
- M. Abadi, L. Cardelli, B. Pierce, and G. Plotkin. Dynamic typing in a statically typed language. ACM ToPLAS, 13 (2): 237--268, 1991. Google Scholar
Digital Library
- D. Akhawe, P. Saxena, and D. Song. Privilege separation in HTML5 applications. In Proceedings of USENIX Security, 2012. Google Scholar
Digital Library
- A. Barth. The web origin concept, 2011. IETF RFC6454.Google Scholar
- A. Barth, C. Jackson, and J. C. Mitchell. Robust defenses for cross-site request forgery. In Proceedings of CCS, 2008. Google Scholar
Digital Library
- R. Berjon, T. Leithead, E. Navara, E.D.and O'Conner, and S. Pfeiffer. HTML5.surlhttp://www.w3.org/TR/html5/, 2013. W3C Cand. Reco.Google Scholar
- K. Bhargavan, A. Delignat-Lavaud, and S. Maffeis. Language-based defenses against untrusted browser origins. In Proceedings of USENIX Security, 2013. Google Scholar
Digital Library
- G. Bierman, E. Meijer, and M. Torgersen. Adding dynamic types to C#. In Proceedings of ECOOP, 2010. Google Scholar
Digital Library
- G. Bracha and D. Griswold. Strongtalk: Typechecking Smalltalk in a production environment. In Proceedings of OOPSLA, 1993. Google Scholar
Digital Library
- R. Chugh, D. Herman, and R. Jhala. Dependent types for JavaScript. In OOPSLA, 2012. Google Scholar
Digital Library
- Facebook API. FB.API, 2013. http://developers.facebook.com/docs/reference/javascript/.Google Scholar
- R. B. Findler and M. Felleisen. Contracts for higher-order functions. In Proceedings of ICFP, 2002. Google Scholar
Digital Library
- C. Flanagan. Hybrid type checking. In Proceedings of POPL, 2006. Google Scholar
Digital Library
- C. Fournet, N. Swamy, J. Chen, P.-E. Dagand, P.-Y. Strub, and B. Livshits. Fully abstract compilation to JavaScript. In Proceedings of POPL, 2013. Google Scholar
Digital Library
- A. D. Gordon and A. Jeffrey. Authenticity by typing for security protocols. In Proceedings of CSFW, 2001. Google Scholar
Digital Library
- S. Guarnieri and B. Livshits. Gatekeeper: mostly static enforcement of security and reliability policies for javascript code. In USENIX security symposium, SSYM'09. USENIX Association, 2009. Google Scholar
Digital Library
- A. Guha, C. Saftoiu, and S. Krishnamurthi. The essence of JavaScript. In Proceedings of ECOOP, 2010. Google Scholar
Digital Library
- A. Guha, C. Saftoiu, and S. Krishnamurthi. Typing local control and state using flow analysis. In Proceedings of ESOP, 2011. Google Scholar
Digital Library
- D. Hedin and A. Sabelfeld. Information-flow security for a core of JavaScript. In Proceedings of CSF, 2012. Google Scholar
Digital Library
- D. Herman, A. Tomb, and C. Flanagan. Space-efficient gradual typing. Higher Order Symbol. Comput., 2010. Google Scholar
Digital Library
- L. Ina and A. Igarashi. Gradual typing for generics. In phProceedings of OOPSLA, 2011. Google Scholar
Digital Library
- T. Jim, N. Swamy, and M. Hicks. Defeating script injection attacks with browser-enforced embedded policies. In Proceedings of WWW, 2007. Google Scholar
Digital Library
- J. Magazinius, P. H. Phung, and D. Sands. Safe wrappers and sane policies for self protecting JavaScript. In Proceedings of NordSec, 2010. Google Scholar
Digital Library
- OWASP CSRFGuard. CSRFGuard 3 user manual, 2010.surlhttps://www.owasp.org/index.php/CSRFGuard_3_User_Manual.Google Scholar
- J. G. Politz, S. A. Eliopoulos, A. Guha, and S. Krishnamurthi. Adsafety: type-based verification of javascript sandboxing. In USENIX Security, 2011. Google Scholar
Digital Library
- J. G. Siek and W. Taha. Gradual typing for functional languages. In Scheme and Functional Programming Workshop, 2006.Google Scholar
- J. G. Siek, R. Garcia, and W. Taha. Exploring the design space of higher-order casts. In Proceedings of ESOP, 2009. Google Scholar
Digital Library
- J. G. Siek, M. M. Vitousek, and S. Bharadwaj. Gradual typing for mutable objects.surlhttp://ecee.colorado.edu/siek/gtmo.pdf, 2013.Google Scholar
- N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, and J. Yang. Secure distributed programming with value-dependent types. In Proceedings of ICFP, 2011. Google Scholar
Digital Library
- N. Swamy, J. Weinberger, C. Schlesinger, J. Chen, and B. Livshits. Verifying higher-order programs with the Dijkstra monad. In PLDI, 2013. Google Scholar
Digital Library
- A. Taly, U. Erlingsson, J. C. Mitchell, M. S. Miller, and J. Nagra. Automated analysis of security-critical JavaScript APIs. In Proceedings of S&P, 2011. Google Scholar
Digital Library
- P. Wadler and R. B. Findler. Well-typed programs can't be blamed. In Proceedings of ESOP, 2009. Google Scholar
Digital Library
Index Terms
Gradual typing embedded securely in JavaScript
Recommendations
Gradual typing embedded securely in JavaScript
POPL '14: Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming LanguagesJavaScript's flexible semantics makes writing correct code hard and writing secure code extremely difficult. To address the former problem, various forms of gradual typing have been proposed, such as Closure and TypeScript. However, supporting all ...
The gradualizer: a methodology and algorithm for generating gradual type systems
POPL '16: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming LanguagesMany languages are beginning to integrate dynamic and static typing. Siek and Taha offered gradual typing as an approach to this integration that provides a coherent and full-span migration between the two disciplines. However, the literature lacks a ...
The gradualizer: a methodology and algorithm for generating gradual type systems
POPL '16Many languages are beginning to integrate dynamic and static typing. Siek and Taha offered gradual typing as an approach to this integration that provides a coherent and full-span migration between the two disciplines. However, the literature lacks a ...







Comments