HOP web programming environment
HOP is a multi-tier programming language for the Web 2.0 and the so-called diffuse Web. It is designed for programming interactive web applications in many fields such as multimedia (web galleries, music players), ubiquitous and house automation (SmartPhones, personal appliance), mashups, office (web agendas, mail clients), etc.
JavaScript security libraries
- iflowtypes.js is designed to type secure information flow in JavaScript. iflowtypes.js has two main modes of operation: fully static and hybrid. In the hybrid mode, the program to be typed is instrumented with runtime assertions that are verified at runtime. By deferring rejection to runtime, the hybrid type system is able to type more programs than fully static mechanisms.
- iflowsigs.js is designed to inline an information flow monitor into JavaScript code. iflowsigs.js supports is able to track information flow even in programs that interact with arbitrary Web APIs.
HipHop
HipHop is a new language layer within Hop dedicated to request and event orchestration. HipHop follows the synchronous reactive model of the Esterel and ReactiveC languages, originally developed for embedded systems programming. It is based on synchronous concurrency and preemption primitives, which are known to be key components for the modular design of complex temporal behaviors. Although the language is concurrent, the generated code is purely sequential and thread-free; HipHop is translated to Hop for the server side and to straight JavaScript for the client side.
Browser Extensions and Login-Leak experiment
In the experiment, we collect user’s browser fingerprint, together with the browser extensions installed and a list of websites she has logged in. We show how unique are Web users based on their extensions and Web logins.
Experimental website is a joint work with Privatics team and is available at https://extensions.inrialpes.fr/.
PriceAereo
PriceAereo automatically visits airline companies’ websites with different user profiles. The goal is determine whether the prices for online airline tickets depend on the user’s profiles, and whether different users may get different prices on the same flight. PriceAereo is a crawler that automatically extracts prices from the top 25 airline companies (including AirFrance, KLM, Lufthansa, Ryanair, Easyjet, etc.) and measures the prices against 66 different user profiles. At that time of the experiment we did not find any evidence for systematic price discrimination. PriceAereo is written in JavaScript and Python and available upon request.
WebStats
WebStats is a website that collects, on a monthly basis, a number of JavaScript and security statistics about top 10 000 webpages: the usage of pop- ular JavaScript libraries; the usage of different language constructs in these libraries; use of Content Security Policies and secure cookies, etc. The WebStats website can be used by programmers (to understand which JavaScript libraries are more popular), researchers in programming languages (when designing a subset of JavaScript, to safely exclude the language constructs that are rarely used according to WebStats), and researchers in privacy (to analyse which tracking libraries are the most prevalent). WebStats is built using PhantomJS and CasperJS.
Mashic compiler
The Mashic compiler is applied to mashups with untrusted scripts. The compiler generates mashups with sandboxed scripts, secured by the same origin policy of the browsers. The compiler is written in Bigloo.
Bigloo
Bigloo is a Scheme implementation devoted to one goal: enabling Scheme based programming style where C(++) is usually required. Bigloo attempts to make Scheme practical by offering features usually presented by traditional programming languages but not offered by Scheme and functional programming. Bigloo compiles Scheme modules. It delivers small and fast stand alone binary executables. Bigloo enables full connections between Scheme and C programs, between Scheme and Java programs, and between Scheme and C# programs.
