License: Creative Commons Attribution 3.0 Unported license (CC BY 3.0)
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.SNAPL.2017.5
URN: urn:nbn:de:0030-drops-71247
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2017/7124/
Go to the corresponding LIPIcs Volume Portal


Guha, Arjun ; Jeannin, Jean-Baptiste ; Nigam, Rachit ; Tangen, Jane ; Shambaugh, Rian

Fission: Secure Dynamic Code-Splitting for JavaScript

pdf-format:
LIPIcs-SNAPL-2017-5.pdf (0.4 MB)


Abstract

Traditional web programming involves the creation of two distinct programs: a client-side front-end, a server-side back-end, and a lot of communications boilerplate. An alternative approach is to use a tierless programming model, where a single program describes the behavior of both the client and the server, and the runtime system takes care of communication. Unfortunately, this usually entails adopting a new language and thus abandoning well-worn libraries and web programming tools.

In this paper, we present our ongoing work on Fission, a platform that uses dynamic tier-splitting and dynamic information flow control to transparently run a single JavaScript program across the client and server. Although static tier-splitting has been studied before, our focus on dynamic approaches presents several new challenges and opportunities. For example, Fission supports characteristic JavaScript features such as eval and sophisticated JavaScript libraries like React. Therefore, programmers can reason about the integrity and confidentiality of information while continuing to use common libraries and programming patterns. Moreover, by unifying the client and server into a single program, Fission allows language-based tools, like type systems and IDEs, to manipulate complete web applications. To illustrate, we use TypeScript to ensure that client-server communication does not go wrong.

BibTeX - Entry

@InProceedings{guha_et_al:LIPIcs:2017:7124,
  author =	{Arjun Guha and Jean-Baptiste Jeannin and Rachit Nigam and Jane Tangen and Rian Shambaugh},
  title =	{{Fission: Secure Dynamic Code-Splitting for JavaScript}},
  booktitle =	{2nd Summit on Advances in Programming Languages (SNAPL 2017)},
  pages =	{5:1--5:13},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-032-3},
  ISSN =	{1868-8969},
  year =	{2017},
  volume =	{71},
  editor =	{Benjamin S. Lerner and Rastislav Bod{\'i}k and Shriram Krishnamurthi},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{http://drops.dagstuhl.de/opus/volltexte/2017/7124},
  URN =		{urn:nbn:de:0030-drops-71247},
  doi =		{10.4230/LIPIcs.SNAPL.2017.5},
  annote =	{Keywords: JavaScript, information flow control}
}

Keywords: JavaScript, information flow control
Collection: 2nd Summit on Advances in Programming Languages (SNAPL 2017)
Issue Date: 2017
Date of publication: 05.05.2017


DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI