Fully abstract compilation to JavaScript

Many tools allow programmers to develop applications in high-level languages and deploy them in web browsers via compilation to JavaScript. While practical and widely used, these compilers are ad hoc: no guarantee is provided on their correctness for whole programs, nor their security for programs executed within arbitrary JavaScript contexts. This paper presents a compiler with such guarantees. We compile an ML-like language with higher-order functions and references to JavaScript, while preserving all source program properties. Relying on type-based invariants and applicative bisimilarity, we show full abstraction: two programs are equivalent in all source contexts if and only if their wrapped translations are equivalent in all JavaScript contexts. We evaluate our compiler on sample programs, including a series of secure libraries.

[1]  John McCarthy,et al.  Towards a Mathematical Science of Computation , 1962, IFIP Congress.

[2]  James H. Morris Protection in programming languages , 1973, CACM.

[3]  John C. Mitchell On Abstraction and the Expressive Power of Programming Languages , 1991, Sci. Comput. Program..

[4]  Martín Abadi,et al.  Protection in Programming-Language Translations , 1998, ICALP.

[5]  Martín Abadi,et al.  Secure Implementation of Channel Abstractions , 2002, Inf. Comput..

[6]  Søren B. Lassen,et al.  Eager normal form bisimulation , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[7]  Benjamin C. Pierce,et al.  A bisimulation for type abstraction and recursion , 2005, POPL '05.

[8]  Erick Gallesio,et al.  Hop: a language for programming the web 2.0 , 2006, OOPSLA Companion.

[9]  Philip Wadler,et al.  Links: Web Programming Without Tiers , 2006, FMCO.

[10]  Andrew Kennedy Securing the .NET programming model , 2006, Theor. Comput. Sci..

[11]  Juan-Carlos Cano,et al.  HOP: achieving efficient anonymity in MANETs by combining HIP, OLSR, and pseudonyms , 2006, OOPSLA 2006.

[12]  Matthias Blume,et al.  Typed closure conversion preserves observational equivalence , 2008, ICFP.

[13]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[14]  Ankur Taly,et al.  An Operational Semantics for JavaScript , 2008, APLAS.

[15]  Shriram Krishnamurthi,et al.  The Essence of JavaScript , 2010, ECOOP.

[16]  Benjamin Livshits,et al.  ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser , 2010, 2010 IEEE Symposium on Security and Privacy.

[17]  Martín Abadi,et al.  On Protection by Layout Randomization , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[18]  Úlfar Erlingsson,et al.  Automated Analysis of Security-Critical JavaScript APIs , 2011, 2011 IEEE Symposium on Security and Privacy.

[19]  Juan Chen,et al.  Secure distributed programming with value-dependent types , 2011, Journal of Functional Programming.

[20]  N. Swamy,et al.  Verification Condition Generation with the Dijkstra State Monad , 2012 .

[21]  B. Livshits,et al.  Towards JavaScript Verification with the Dijkstra State Monad , 2012 .

[22]  Frank Piessens,et al.  Secure Compilation to Modern Processors , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[23]  Joe Gibbs Politz,et al.  A tested semantics for getters, setters, and eval in JavaScript , 2012, DLS.