Charles Reis
ABSTRACT
Many of today's web sites contain substantial amounts of client-side code, and consequently, they act more like programs than simple documents. This creates robustness and performance challenges for web browsers. To give users a robust and responsive platform, the browser must identify program boundaries and provide isolation between them.
We provide three contributions in this paper. First, we present abstractions of web programs and program instances, and we show that these abstractions clarify how browser components interact and how appropriate program boundaries can be identified. Second, we identify backwards compatibility tradeoffs that constrain how web content can be divided into programs without disrupting existing web sites. Third, we present a multi-process browser architecture that isolates these web program instances from each other, improving fault tolerance, resource management, and performance. We discuss how this architecture is implemented in Google Chrome, and we provide a quantitative performance evaluation examining its benefits and costs.
- Alexa. Alexa Web Search -- Top 500. http://www.alexa.com/site/ds/top_500, 2008.Google Scholar
- Adam Barth, Collin Jackson, Charles Reis, and Google Chrome Team. The Security Architecture of the Chromium Browser. Technical report, Stanford University, 2008. http://crypto.stanford.edu/websec/chromium/chromium-security-architecture.pdf.Google Scholar
- Richard S. Cox, Jacob Gorm Hansen, Steven D. Gribble, and Henry M. Levy. A Safety-Oriented Platform for Web Applications. In IEEE Symposium on Security and Privacy, 2006. Google ScholarDigital Library
- Todd Ditchendorf. Fluid -- Free Site Specific Browser for Mac OS X Leopard. http://fluidapp.com/, 2008.Google Scholar
- Google. Issue 3666 -- chromium -- Tab crash (sad tab, aw snap) on jquery slidetoggle with-webkit-column-count greater than 1 -- Google Code. http://code.google.com/p/chromium/issues/detail?id=3666, October 2008.Google Scholar
- Google. Memory Usage Backgrounder (Chromium Developer Documentation). http://dev.chromium.org/memory-usage-backgrounder, 2008.Google Scholar
- Google. Plugin Architecture (Chromium Developer Documentation). http://dev.chromium.org/developers/design-documents/plugin-architecture, 2008.Google Scholar
- Google. Process Models (Chromium Developer Documentation). http://dev.chromium.org/developers/design-documents/process-models, 2008.Google Scholar
- Chris Grier, Shuo Tang, and Samuel T. King. Secure Web Browsing with the OP Web Browser. In IEEE Symposium on Security and Privacy, 2008. Google ScholarDigital Library
- Norm Hardy. The Confused Deputy (or why capabilities might have been invented). Operating Systems Review, 22(4):36o8, October 1988. Google ScholarDigital Library
- Ian Hickson and David Hyatt. HTML 5. http://www.w3.org/html/wg/html5/, October 2008.Google Scholar
- Sotiris Ioannidis and Steven M. Bellovin. Building a Secure Web Browser. In Proceedings of the FREENIX Track of the 2001 USENIX Annual Technical Conference, June 2001. Google ScholarDigital Library
- Mozilla. Public Suffix List. http://publicsuffix.org/, 2007.Google Scholar
- Mozilla. Prism. https://developer.mozilla.org/en/Prism, 2008.Google Scholar
- Stuart Parmenter. Firefox 3 Memory Usage. http://blog.pavlov.net/2008/03/11/firefox-3-memory-usage/, March 2008.Google Scholar
- Charles Reis, Brian Bershad, Steven D. Gribble, and Henry M. Levy. Using Processes to Improve the Reliability of Browser-based Applications. Technical Report UW-CSE-2007-12-01, University of Washington, December 2007.Google Scholar
- Charles Reis, Steven D. Gribble, and Henry M. Levy. Architectural Principals for Safe Web Programs. In HotNets-VI, November 2007.Google Scholar
- Jesse Ruderman. The Same Origin Policy. http://www.mozilla.org/projects/security/components/same-origin.html, 2001.Google Scholar
- Peter Watkins. Cross-Site Request Forgeries. http://www.tux.org/~peterw/csrf.txt, 2001.Google Scholar
- Andy Zeigler. IE8 and Loosely-Coupled IE. http://blogs.msdn.com/ie/archive/2008/03/11/ie8-and-loosely-coupled-ie-lcie.aspx, March 2008.Google Scholar
- Andy Zeigler. IE8 and Reliability. http://blogs.msdn.com/ie/archive/2008/07/28/ie8-and-reliability.aspx, July 2008.Google Scholar
Index Terms
Isolating web programs in modern browser architectures
Recommendations
Browser Feature Usage on the Modern Web
IMC '16: Proceedings of the 2016 Internet Measurement ConferenceModern web browsers are incredibly complex, with millions of lines of code and over one thousand JavaScript functions and properties available to website authors. This work investigates how these browser features are used on the modern, open web. We ...
App isolation: get the security of multiple browsers with just one
CCS '11: Proceedings of the 18th ACM conference on Computer and communications securityMany browser-based attacks can be prevented by using separate browsers for separate web sites. However, most users access the web with only one browser. We explain the security benefits that using multiple browsers provides in terms of two concepts: ...
Isolating commodity hosted hypervisors with HyperLock
EuroSys '12: Proceedings of the 7th ACM european conference on Computer SystemsHosted hypervisors (e.g., KVM) are being widely deployed. One key reason is that they can effectively take advantage of the mature features and broad user bases of commodity operating systems. However, they are not immune to exploitable software bugs. ...
Comments