Skip to main content.

Refereed Papers

Track: Security I: Misc

Paper Title:
Better Abstractions for Secure Server-Side Scripting


It is notoriously difficult to program a solid web application. Besides addressing web interactions, state maintenance, and whimsical user navigation behaviors, programmers must also avoid a minefield of security vulnerabilities. The problem is twofold. First, we lack a clear understanding of the new computation model underlying web applications. Second, we lack proper abstractions for hiding common and subtle coding details that are orthogonal to the business functionalities of specific web applications. This paper addresses both issues. First, we present a language BASS for declarative server-side scripting. BASS allows programmers to work in an ideal world, using new abstractions to tackle common but problematic aspects of web programming. The meta properties of BASS provide useful security guarantees. Second, we present a language MOSS reflecting realistic web programming concepts and scenarios, thus articulating the computation model behind web programming. Finally, we present a translation from BASS to MOSS, demonstrating how the ideal programming model and security guarantees of BASS can be implemented in practice.

PDF version

Inquiries can be sent to: Email contact: program-chairs at

Valid XHTML 1.0 Transitional