Agoric Releases SES: Secure JavaScript

For the past 10 years, the founding team of Agoric has been working to shape JavaScript—to make it more secure, easier to use, and easier to reason about. As part of TC39, the standards committee for JavaScript, the Agoric team (in particular, Mark Miller) has been championing changes such as:

  • Strict mode
  • Security preserving reflection
  • Support for defensive programming, such as Object.freeze
  • Proxies
  • Weak maps
  • Tagged template literals
  • Promises

Each of these changes improves JavaScript’s modularity and security. They help turn JavaScript into a language that can support cooperative interactions between mutually suspicious parties—a necessary foundation for the future of smart contracts.

SES takes us one step closer to this world of smart contracts by creating a secure subset of JavaScript for object capabilities. With SES, even untrusted JavaScript programs can execute in the same environment safely. SES was derived from work done in Google’s Caja project and Salesforce’s Locker Service, both of which enable the safe usage of third party code. SES builds on the Realms proposal currently going through the standardization process.

SES is part of a family of secure subsets of JavaScript, with various tradeoffs between security and compatibility. The Jessie readme has more information on how SES fits into the various flavors of confined JavaScript execution.

SES is still under development and should not yet be used in production systems. However, we invite you to put SES to the test in our SES Challenge, which showcases SES’s ability to keep information secure and hidden from other JavaScript programs executing in the same environment. Any security-sensitive issues can be reported using our vulnerability disclosure process.

  • link fixed since original posting

Updated: