Secure compilation of a multi-tier web language

Ioannis G. Baltopoulos, Andrew D. Gordon
2008 Proceedings of the 4th international workshop on Types in language design and implementation - TLDI '09  
Storing state in the client tier (in forms or cookies, for example) improves the efficiency of a web application, but it also renders the secrecy and integrity of stored data vulnerable to untrustworthy clients. We study this general problem in the context of the LINKS multi-tier web-programming language. Like other systems, LINKS stores unencrypted application data, including web continuations, on the client tier; hence, LINKS is open to attacks that expose secrets, and modify control flow and
more » ... fy control flow and application data. We characterise these attacks as failures of the general principle that security properties of multi-tier applications should follow simply from review of the source code (as opposed to the detailed study of the files compiled for each tier, for example). We propose a secure compilation strategy, which uses authenticated encryption to eliminate these threats, and we implement it as a simple extension to the LINKS system. We model this compilation strategy as a translation from a core fragment of the language to a concurrent λ -calculus equipped with a formal representation of cryptography. To formalize source-level reasoning about LINKS programs, we define a type and effect system for our core language; our implementation can machine-check various integrity properties of the source code. By appeal to a recent system of refinement types for secure implementations, we show that our compilation strategy guarantees all the properties provable by our type and effect system.
doi:10.1145/1481861.1481866 dblp:conf/tldi/BaltopoulosG09 fatcat:3rswmnqfdjg6ji2yyw5g6eia2i