Static Verification for Web Scripting Languages
Wednesday, February 13, 2013 - 10:00am - 11:10am
KEC 1007
Ravi Chugh
PhD student
Department of Computer Science
UC San Diego
Abstract:
Modern web applications are developed largely in so-called "dynamic" or
"scripting" languages like JavaScript, PHP, and Python. In addition to being untyped,
these languages sport several features --- run-time type tests, value-indexed dictionaries, and
dynamic code loading --- that make it easy to rapidly prototype and to glue together applications
from disparate components. As applications grow large, however, the lack of static typing makes it
difficult to achieve reliability and maintainability. Moreover, third-party code like ads are
routinely downloaded and run in the client's browser, and the flexibility of scripting languages
makes it hard to ensure security.
In the first part of this talk, I will present Dependent JavaScript (DJS), a
statically typed dialect that facilitates precise reasoning about JavaScript
and other web scripting languages. I will describe the major obstacles that
have stymied prior attempts at static reasoning for JavaScript, and I'll
outline how DJS overcomes them using several key innovations based on
refinement types.
In the second part of the talk, I will show how to build on DJS to verify
security properties of third-party JavaScript. After describing preliminary
experiments that use DJS to author provably-secure JavaScript browser
extensions, I will identify several future directions of work that will lead to
a platform for fine-grained web security.
Speaker Biography:
Ravi Chugh is a Computer Science Ph.D. student at UC San Diego and holds master's and bachelor's degrees from the University of Pennsylvania. Ravi's primary research interest is developing programming language techniques, such as type systems and program analysis, to improve the reliability and security of modern web applications.
_______________________________________________
Colloquium mailing list
[email protected]
https://secure.engr.oregonstate.edu/mailman/listinfo/colloquium
