• SecureJS Compiler: Portable Me...

Treffer: SecureJS Compiler: Portable Memory Isolation in JavaScript

Title:
SecureJS Compiler: Portable Memory Isolation in JavaScript
Authors:
Ko, Yoonseok, Rezk, Tamara, Serrano, Manuel
Contributors:
Secure Diffuse Programming (INDES), Centre Inria d'Université Côte d'Azur, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), This research has been partially supported by the ANR-17-CE25-0014-01 CISC project, the Inria Project Lab SPAI, and the European Union’s Horizon 2020 research and innovation programme under grant agreement No 830892., ANR-17-CE25-0014,CISC,Certification de compilation Sure pour l'IoT(2017), European Project: 830892,H2020-SU-ICT-2018-2020,H2020-SU-ICT-2018-2,SPARTA(2019)
Publisher Information:
CCSD, 2021.
Publication Year:
2021
Collection:
collection:INRIA
collection:INRIA-SOPHIA
collection:INRIASO
collection:INRIA_TEST
collection:TESTALAIN1
collection:INRIA2
collection:UNIV-COTEDAZUR
collection:INRIA-300009
collection:ANR
collection:INRIA_WEB
Subject Terms:
JavaScript, Memory isolation, Compiler, [INFO.INFO-PL]Computer Science [cs], Programming Languages [cs.PL]
Subject Geographic:
Gwangju / Virtual, South Korea
Original Identifier:
HAL: hal-03090348
Document Type:
Konferenz conferenceObject<br />Conference papers
Language:
English
Relation:
info:eu-repo/semantics/altIdentifier/doi/10.1145/3412841.3442001; info:eu-repo/grantAgreement//830892/EU/Strategic programs for advanced research and technology in Europe/SPARTA
DOI:
10.1145/3412841.3442001
Access URL:
https://inria.hal.science/hal-03090348
https://inria.hal.science/hal-03090348v1/document
https://inria.hal.science/hal-03090348v1/file/final.pdf
Rights:
info:eu-repo/semantics/OpenAccess
Accession Number:
edshal.hal.03090348v1
Database:
HAL

Weitere Informationen

The memory isolation mechanism plays an essential role to provide security enforcement in JavaScript programs. Existing secure interaction libraries such as Google Caja, SES, and VM2 rely on built-in memory isolation mechanisms provided by Node.js and browsers, yet most of the other engines such as JerryScript and Duktape, which are implementations for IoT devices, do not support such isolation mechanisms.In this paper, we report about the design and implementation of SecureJS, a portable JavaScript-to-JavaScript compiler that enforces memory isolation. As it only uses standard features, the compiled code it generates can be used by any JavaScript engine. We validated empirically the semantics preservation and memory isolation of SecureJS compiled programs by using 10,490 test programs of ECMAScript Test262 test suite. We also developed a novel experiment to evaluate memory isolation property of compiled code by instrumented JavaScript engines.