Hop and HipHop : Multitier Web Orchestration

Rich applications merge classical computing, client-server concurrency, web-based interfaces, and the complex time- and event-based reactive programming found in embedded systems. To handle them, we extend the Hop web programming platform by HipHop, a domain-specific language dedicated to event-based process orchestration. Borrowing the synchronous reactive model of Esterel, HipHop is based on synchronous concurrency and preemption primitives that are known to be key components for the modular design of complex reactive behaviors. HipHop departs from Esterel by its ability to handle the dynamicity of Web applications, thanks to the reflexivity of Hop. Using a music player example, we show how to modularly build a non-trivial Hop application using HipHop orchestration code.Comment: International Conference on Distributed Computing and Internet Technology (2014

Towards a Safe and Secure web semantic framework

This thesis describes the work I did during my internship at the INRIA research center in Sophia-Antipolis, within the INDES team and under the supervision of Ilaria Castellani and Tamara Rezk.The main objectives of the INDES team is to study models and develop languages for Diffuse computing, a computing paradigm in which it is necessary to manage and maintain computing structures distributed on several heterogeneous nodes that usually do not trust each other. INDES focuses on the study of the different concurrency models that underlie these systems and pays particular attention to Multitier programming, an emerging programming paradigm that aims to reduce complexity in the development of web applications by adopting a single language to program all their components. The role played by security issues (and particularly the protection of confidentiality and integrity of data) is crucial in these applications, and ensuring security of web applications is another important goal of the INDES team. My internship took place in the context of the ANR CISC project, whose objective is to provide semantics, languages and attack models for the Internet of Things (IoT), a term that refers to systems composed of a set of interconnected devices, which interact with the environment in which they are placed by means of different sensors and actuators. My individual research took place within Webi, a semantic framework that aims at a primitive simulation of the interactions that take place between servers and clients on the web, developed by Tamara Rezk and her colleagues. In particular, I concentrated on an extension of Webi called WebiLog, which allows one to represent authenticated sessions and to formalize attacks aimed at compromising their integrity

Multiparty Languages: The Choreographic and Multitier Cases (Pearl)

Choreographic languages aim to express multiparty communication protocols, by providing primitives that make interaction manifest. Multitier languages enable programming computation that spans across several tiers of a distributed system, by supporting primitives that allow computation to change the location of execution. Rooted into different theoretical underpinnings - respectively process calculi and lambda calculus - the two paradigms have been investigated independently by different research communities with little or no contact. As a result, the link between the two paradigms has remained hidden for long. In this paper, we show that choreographic languages and multitier languages are surprisingly similar. We substantiate our claim by isolating the core abstractions that differentiate the two approaches and by providing algorithms that translate one into the other in a straightforward way. We believe that this work paves the way for joint research and cross-fertilisation among the two communities

Multitier Modules

Multitier programming languages address the complexity of developing distributed systems abstracting over low level implementation details such as data representation, serialization and network protocols. Since the functionalities of different peers can be defined in the same compilation unit, multitier languages do not force developers to modularize software along network boundaries. Unfortunately, combining the code for all tiers into the same compilation unit poses a scalability challenge or forces developers to resort to traditional modularization abstractions that are agnostic to the multitier nature of the language. In this paper, we address this issue with a module system for multitier languages. Our module system supports encapsulating each (cross-peer) functionality and defining it over abstract peer types. As a result, we disentangle modularization and distribution and we enable the definition of a distributed system as a composition of multitier modules, each representing a subsystem. Our case studies on distributed algorithms, distributed data structures, as well as on the Apache Flink task distribution system, show that multitier modules allow the definition of reusable (abstract) patterns of interaction in distributed software and enable separating the modularization and distribution concerns, properly separating functionalities in distributed systems

A Glimpse of Hopjs

International audienceHop.js is a multitier programming environment for JavaScript. Itallows a single JavaScript program to describe the client-side and theserver-side components of a web application. Its runtime environmentensures consistent executions of the application on the server and onthe client.This paper overviews the Hop.js design. It shows the JavaScriptextensions that makes it possible to conceive web applicationsglobally. It presents how Hop.js interacts with the outside world. Italso briefly presents the Hop.js implementation. It presents theHop.js web server implementation, the handling of server-sideparallelism, and the JavaScript and HTML compilers

Multiparty Languages: The Choreographic and Multitier Cases

International audienceChoreographic languages aim to express multiparty communication protocols, by providing primitives that make interaction manifest. Multitier languages enable programming computation that spans across several tiers of a distributed system, by supporting primitives that allow computation to change the location of execution. Rooted into different theoretical underpinnings-respectively process calculi and lambda calculus-the two paradigms have been investigated independently by different research communities with little or no contact. As a result, the link between the two paradigms has remained hidden for long. In this paper, we show that choreographic languages and multitier languages are surprisingly similar. We substantiate our claim by isolating the core abstractions that differentiate the two approaches and by providing algorithms that translate one into the other in a straightforward way. We believe that this work paves the way for joint research and cross-fertilisation among the two communities

Comparaison de la détection des vulnérabilités XSS entre Node.js et un langage JavaScript multi-niveau via le Deep Learning

International audienceCross-site Scripting (XSS) is one of the most common and impactful software vulnerabilities (ranked second in the CWE 's top 25 in 2021). Several approaches have focused on automatically detecting software vulnerabilities through machine learning models. To build a model, it is necessary to have a dataset of vulnerable and non-vulnerable examples and to represent the source code in a computer understandable way. In this work, we explore the impact of predicting XSS using representations based on single-tier and multi-tier languages. We built 144 models trained on Javascript-based multitier code -i.e. which includes server code and HTML, Javascript and CSS as client code - and 144 models trained on single-tier code, which include server code and client-side code as text. Despite the lower precision, our results show a better recall with a multitier language than a single-tier language, implying an insignificant impact on XSS detectors based on deep learning.Le Cross-site Scripting (XSS) est l'une des vulnérabilités logicielles les plus courantes et les plus percutantes (classé deuxième dans le top 25 du CWE en 2021). Plusieurs approches se sont concentrées sur la détection automatique des vulnérabilités logicielles via des modèles d'apprentissage automatique. Pour construire un modèle, il est nécessaire de disposer d'un ensemble de données d'exemples vulnérables et non vulnérables et de représenter le code source de manière compréhensible par ordinateur. Dans ce travail, nous explorons l'impact de la prédiction de XSS à l'aide de représentations basées sur des langages à un ou plusieurs niveaux. Nous avons construit 144 modèles formés sur du code multi-niveau basé sur Javascript - c'est-à-dire, qui inclut le code serveur et HTML, Javascript et CSS comme code client - et 144 modèles formés sur du code à un niveau - qui incluent le code serveur et le code côté client sous forme de texte. Malgré une faible précision, nos résultats montrent un meilleur rappel avec un langage multi-niveaux qu'avec un langage mono-niveau, impliquant un impact insignifiant sur les détecteurs XSS basés sur l'apprentissage en profondeur

Choral: Object-Oriented Choreographic Programming

We present Choral, the first choreographic programming language based on mainstream abstractions. The key idea in Choral is a new notion of data type, which allows for expressing that data is distributed over different roles. We use this idea to reconstruct the paradigm of choreographic programming through object-oriented abstractions. Choreographies are classes, and instances of choreographies are objects with states and behaviours implemented collaboratively by roles. Choral comes with a compiler that, given a choreography, generates an implementation for each of its roles. These implementations are libraries in pure Java, whose types are under the control of the Choral programmer. Developers can then modularly compose these libraries in their own programs, in order to participate correctly in choreographies. Choral is the first incarnation of choreographic programming offering such modularity, which finally connects more than a decade of research on the paradigm to practical software development. The integration of choreographic and object-oriented programming yields other powerful advantages, where the features of one paradigm benefit the other in ways that go beyond the sum of the parts. The high-level abstractions and static checks from the world of choreographies can be used to write concurrent and distributed object-oriented software more concisely and correctly. We obtain a much more expressive choreographic language from object-oriented abstractions than in previous work. For example, object passing makes Choral the first higher-order choreographic programming language, whereby choreographies can be parameterised over other choreographies without any need for central coordination. Together with subtyping and generics, this allows Choral to elegantly support user-defined communication mechanisms and middleware