javascript (dr. ses on es6) as a language for distributed secure algorithms
DESCRIPTION
JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms. Mark S. Miller (Google Research) Tom Van Cutsem (VUB) Tyler Close (Google). OCaps: Small step from pure objects. Memory safety and encapsulation + Effects only by using held references - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/1.jpg)
JavaScript (Dr. SES on ES6) as aLanguage for Distributed Secure Algorithms
Mark S. Miller (Google Research)Tom Van Cutsem (VUB)
Tyler Close (Google)
![Page 2: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/2.jpg)
OCaps: Small step from pure objects
Memory safety and encapsulation+ Effects only by using held references+ No powerful references by default
![Page 3: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/3.jpg)
OCaps: Small step from pure objects
Memory safety and encapsulation+ Effects only by using held references+ No powerful references by default Reference graph ≡ Access graph Only connectivity begets connectivity OO expressiveness for security patterns
![Page 4: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/4.jpg)
Dr. SESDistributed Resilient Secure
EcmaScript
Linguistic abstraction for safe messagingStretch reference graph between event loops &
machinesCrypto analog of memory safety
SES + Promise library + infix “!” syntax(“Q” Library usable today without “!” syntax)
![Page 5: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/5.jpg)
Unguessable URLs as Crypto-Caps
https://www.example.com/app/#mhbqcmmva5ja3
How are secrets like object references?
![Page 6: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/6.jpg)
Dr. SESDistributed Resilient Secure
EcmaScript
var result = bob.foo(carol); Local-only immediate callvar resultP = bobP ! foo(carol); Eventual send
![Page 7: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/7.jpg)
Dr. SESDistributed Resilient Secure
EcmaScript
var result = bob.foo(carol); Local-only immediate callvar resultP = bobP ! foo(carol); Eventual sendvar result = bob.foo; Local-only immediate getvar resultP = bobP ! foo; Eventual get
![Page 8: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/8.jpg)
Dr. SESDistributed Resilient Secure
EcmaScript
var resultP = bobP ! foo(carol); Eventual send
var resultP = bobP ! foo; Eventual get
![Page 9: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/9.jpg)
Dr. SESDistributed Resilient Secure
EcmaScript
var resultP = bobP ! foo(carol); Eventual sendvar resultP = bobP ! foo; Eventual get
![Page 10: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/10.jpg)
Q(resultP).when(function(result) { …result…}, function (ex) { …ex…});
Register for notification
Dr. SESDistributed Resilient Secure
EcmaScript
var resultP = bobP ! foo(carol); Eventual sendvar resultP = bobP ! foo; Eventual get
![Page 11: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/11.jpg)
Q(resultP).when(function(result) { …result…}, function (ex) { …ex…});
xhr.onreadystatechange = …
Async object ops as JSON/REST ops
var resultP = bobP ! foo(carol); POST https://…q=foo {…}var resultP = bobP ! foo; GET https://…q=foo
![Page 12: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/12.jpg)
Q.raceAny done? (good or bad)
Q.race = function(…answerPs) { const result = Q.defer();
answerPs.forEach(function(answerP) { Q(answerP).when(function(_) { result.resolve(answerP); }, function(reason) { result.resolve(Q.reject(reason)); }); }); return result.promise;};
![Page 13: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/13.jpg)
Timeouts = Racing with a timeBomb
function timeBomb(deltaMillis) { const result = Q.defer(); setTimeout(function() { result.resolve(Q.reject(new Error(“time expired”))); }, deltaMillis); return result.promise;}
const resultP = Q.race(bobP ! foo(carol), timeBomb(3000));
![Page 14: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/14.jpg)
Q.allAll good? Any bad?
Q.all = function(…answerPs) { let countDown = answerPs.length; if (countDown === 0) { return answerPs; } const result = Q.defer();
answerPs.forEach(function(answerP) { Q(answerP).when(function(_) { if (--countDown === 0) { result.resolve(answerPs); } }, function(reason) { result.resolve(Q.reject(reason)); }); }); return result.promise;}
![Page 15: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/15.jpg)
Q.joinMutual acceptability
Q.join = function(xP, yP) { return Q.all(xP, yP).when(function([x, y]) { if (Object.is(x, y)) { return x; } else { throw new Error(“not the same”);} }); };
![Page 16: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/16.jpg)
makeMintThe “factorial” of language security
function makeMint() { const amp = WeakMap(); return function mint(balance) { Nat(balance); const purse = def({ get balance() { return balance; }, makePurse: function() { return mint(0) }, deposit: function(amount, src) { Nat(balance + amount); amp.get(src)(Nat(amount)); balance += amount; } }); amp.set(purse, function decr(amount) { balance = Nat(balance – amount); }); return purse;}; }
![Page 17: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/17.jpg)
transfer # insecureParticipant in Two-Phase Commit
function transfer(decisionP, srcPurseP, dstPurseP, amount) { const escrowPurseP = srcPurseP ! makePurse();
Q(decisionP).when(function(_) { # setup phase 2 dstPurseP ! deposit(amount, escrowPurseP); }, function(reason) { srcPurseP ! deposit(amount, escrowPurseP); }); return escrowPurseP ! deposit(amount, srcPurseP); # phase 1}
![Page 18: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/18.jpg)
exchange # insecureAll or nothing (or stuck)
function exchange(aliceMoneySrcP, aliceStockDstP, stockNeeded, bobStockSrcP, bobMoneyDstP, moneyNeeded) { const decision = Q.defer();
decision.resolve(Q.all( transfer(decision.promise, aliceMoneySrcP, bobMoneyDstP, moneyNeeded), transfer(decision.promise, bobStockSrcP, aliceStockDstP, stockNeeded))); return decision.promise;}
![Page 19: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/19.jpg)
makePurseMakerAll customers get the same makePurse
function makePurseMaker(purse) { return function makePurse() { return purse.makePurse(); };}
![Page 20: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/20.jpg)
makeTransferMake mutually acceptable participant
function makeTransfer(makeEscrowPurseP) {
return function transfer(decisionP, srcPurseP, dstPurseP, amount) { const escrowPurseP = makeEscrowPurseP ! ();
Q(decisionP).when(function(_) { # setup phase 2 dstPurseP ! deposit(amount, escrowPurseP); }, function(reason) { srcPurseP ! deposit(amount, escrowPurseP); }); return escrowPurseP ! deposit(amount, srcPurseP); # phase 1}; }
![Page 21: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/21.jpg)
makeTransferMake mutually acceptable participant
function makeTransfer(makeEscrowPurseP) {
return function transfer(decisionP, srcPurseP, dstPurseP, amount) { const escrowPurseP = makeEscrowPurseP ! ();
Q(decisionP).when(function(_) { # setup phase 2 dstPurseP ! deposit(amount, escrowPurseP); }, function(reason) { srcPurseP ! deposit(amount, escrowPurseP); }); return escrowPurseP ! deposit(amount, srcPurseP); # phase 1}; }
![Page 22: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/22.jpg)
makeExchangeSecure Escrow Exchange Agent
function makeExchange(aliceMakeMoneyEscrowP, aliceMakeStockEscrowP, bobMakeStockEscrowP, bobMakeMoneyEscrowP) {
const transferMoney = makeTransfer(Q.join(aliceMakeMoneyEscrowP, bobMakeMoneyEscrowP)); const transferStock = makeTransfer(Q.join(bobMakeStockEscrowP, aliceMakeStockEscrowP));
return function exchange(aliceMoneySrcP, aliceStockDstP, stockNeeded, bobStockSrcP, bobMoneyDstP, moneyNeeded) { const d = Q.defer(); d.resolve(Q.all( transferMoney(d.promise, aliceMoneySrcP, bobMoneyDstP, moneyNeeded), transferStock (d.promise, bobStockSrcP, aliceStockDstP, stockNeeded))); return d.promise;}; }
![Page 23: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/23.jpg)
makeExchangeSecure Escrow Exchange Agent
function makeExchange(aliceMakeMoneyEscrowP, aliceMakeStockEscrowP, bobMakeStockEscrowP, bobMakeMoneyEscrowP) {
const transferMoney = makeTransfer(Q.join(aliceMakeMoneyEscrowP, bobMakeMoneyEscrowP)); const transferStock = makeTransfer(Q.join(bobMakeStockEscrowP, aliceMakeStockEscrowP));
return function exchange(aliceMoneySrcP, aliceStockDstP, stockNeeded, bobStockSrcP, bobMoneyDstP, moneyNeeded) { const d = Q.defer(); d.resolve(Q.all( transferMoney(d.promise, aliceMoneySrcP, bobMoneyDstP, moneyNeeded), transferStock (d.promise, bobStockSrcP, aliceStockDstP, stockNeeded))); return d.promise;}; }
![Page 24: JavaScript (Dr. SES on ES6) as a Language for Distributed Secure Algorithms](https://reader036.vdocuments.mx/reader036/viewer/2022081507/56816194550346895dd13715/html5/thumbnails/24.jpg)
makeMembraningPurseNon-fungible, exercisable, exclusive
function makeMembraningPurse(makeMembrane, preciousP) { const amp = WeakMap(); function mint(optMembrane) { const membraningPurse = def({ get balance() { return optMembrane.wrapper; }, makePurse: function() { return mint(null); }, deposit: function(_, src) { amp.get(src)(); optMembrane = makeMembrane(preciousP); } }); amp.set(membraningPurse, function revoke() { optMembrane.revoke(); optMembrane = null; }); return membraningPurse; } return mint(makeMembrane(preciousP));}