This specification relates to translating web application code into security-enhanced native executable code.
One important principle of the web is portability. For example, a typical web page renders and behaves the same way on a browser, regardless of the browser's operating system or the type of hardware it's running on. A conventional technique for ensuring portability is to distribute an intermediate representation of the software module source code that is encoded in a portable code format (i.e., a format that is not specific to any particular instruction set architecture). A client application platform (e.g., a browser) then locally either interprets the portable code or translates the portable code into native machine code instructions for the client's particular instruction set architecture (ISA) prior to executing the native code.
There are many security vulnerabilities present for clients that receive and process portable code. One source of vulnerability is the design of the portable code itself. For example, the portable code may represent unsafe source language constructs that, after translation into native code instructions, will harm the client system when the instructions are executed. Another source of vulnerability is in the translation process. Interpreters and components performing translation (e.g., translators, JIT compilers, and bytecode verifiers) are large, complex software modules that are likely to have bugs, design flaws, and other features that can be exploited by malicious code.