Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/1519065.1519090acmconferencesArticle/Chapter ViewAbstractPublication PageseurosysConference Proceedingsconference-collections
research-article

Isolating web programs in modern browser architectures

Published: 01 April 2009 Publication History

Abstract

Many of today's web sites contain substantial amounts of client-side code, and consequently, they act more like programs than simple documents. This creates robustness and performance challenges for web browsers. To give users a robust and responsive platform, the browser must identify program boundaries and provide isolation between them.
We provide three contributions in this paper. First, we present abstractions of web programs and program instances, and we show that these abstractions clarify how browser components interact and how appropriate program boundaries can be identified. Second, we identify backwards compatibility tradeoffs that constrain how web content can be divided into programs without disrupting existing web sites. Third, we present a multi-process browser architecture that isolates these web program instances from each other, improving fault tolerance, resource management, and performance. We discuss how this architecture is implemented in Google Chrome, and we provide a quantitative performance evaluation examining its benefits and costs.

References

[1]
Alexa. Alexa Web Search -- Top 500. http://www.alexa.com/site/ds/top_500, 2008.
[2]
Adam Barth, Collin Jackson, Charles Reis, and Google Chrome Team. The Security Architecture of the Chromium Browser. Technical report, Stanford University, 2008. http://crypto.stanford.edu/websec/chromium/chromium-security-architecture.pdf.
[3]
Richard S. Cox, Jacob Gorm Hansen, Steven D. Gribble, and Henry M. Levy. A Safety-Oriented Platform for Web Applications. In IEEE Symposium on Security and Privacy, 2006.
[4]
Todd Ditchendorf. Fluid -- Free Site Specific Browser for Mac OS X Leopard. http://fluidapp.com/, 2008.
[5]
Google. Issue 3666 -- chromium -- Tab crash (sad tab, aw snap) on jquery slidetoggle with-webkit-column-count greater than 1 -- Google Code. http://code.google.com/p/chromium/issues/detail?id=3666, October 2008.
[6]
Google. Memory Usage Backgrounder (Chromium Developer Documentation). http://dev.chromium.org/memory-usage-backgrounder, 2008.
[7]
Google. Plugin Architecture (Chromium Developer Documentation). http://dev.chromium.org/developers/design-documents/plugin-architecture, 2008.
[8]
Google. Process Models (Chromium Developer Documentation). http://dev.chromium.org/developers/design-documents/process-models, 2008.
[9]
Chris Grier, Shuo Tang, and Samuel T. King. Secure Web Browsing with the OP Web Browser. In IEEE Symposium on Security and Privacy, 2008.
[10]
Norm Hardy. The Confused Deputy (or why capabilities might have been invented). Operating Systems Review, 22(4):36o8, October 1988.
[11]
Ian Hickson and David Hyatt. HTML 5. http://www.w3.org/html/wg/html5/, October 2008.
[12]
Sotiris Ioannidis and Steven M. Bellovin. Building a Secure Web Browser. In Proceedings of the FREENIX Track of the 2001 USENIX Annual Technical Conference, June 2001.
[13]
Mozilla. Public Suffix List. http://publicsuffix.org/, 2007.
[14]
Mozilla. Prism. https://developer.mozilla.org/en/Prism, 2008.
[15]
Stuart Parmenter. Firefox 3 Memory Usage. http://blog.pavlov.net/2008/03/11/firefox-3-memory-usage/, March 2008.
[16]
Charles Reis, Brian Bershad, Steven D. Gribble, and Henry M. Levy. Using Processes to Improve the Reliability of Browser-based Applications. Technical Report UW-CSE-2007-12-01, University of Washington, December 2007.
[17]
Charles Reis, Steven D. Gribble, and Henry M. Levy. Architectural Principals for Safe Web Programs. In HotNets-VI, November 2007.
[18]
Jesse Ruderman. The Same Origin Policy. http://www.mozilla.org/projects/security/components/same-origin.html, 2001.
[19]
Peter Watkins. Cross-Site Request Forgeries. http://www.tux.org/~peterw/csrf.txt, 2001.
[20]
Andy Zeigler. IE8 and Loosely-Coupled IE. http://blogs.msdn.com/ie/archive/2008/03/11/ie8-and-loosely-coupled-ie-lcie.aspx, March 2008.
[21]
Andy Zeigler. IE8 and Reliability. http://blogs.msdn.com/ie/archive/2008/07/28/ie8-and-reliability.aspx, July 2008.

Cited By

View all
  • (2023)Extending Memory Capacity in Modern Consumer Systems With Emerging Non-Volatile Memory: Experimental Analysis and Characterization Using the Intel Optane SSDIEEE Access10.1109/ACCESS.2023.331788411(105843-105871)Online publication date: 2023
  • (2022)Towards effective preservation of robust safety propertiesProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507084(1674-1683)Online publication date: 25-Apr-2022
  • (2022)Position Paper: Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities2022 IEEE Secure Development Conference (SecDev)10.1109/SecDev53368.2022.00020(52-58)Online publication date: Oct-2022
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
EuroSys '09: Proceedings of the 4th ACM European conference on Computer systems
April 2009
342 pages
ISBN:9781605584829
DOI:10.1145/1519065
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 April 2009

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. isolation
  2. multi-process browser
  3. reliability
  4. robustness
  5. web browser architecture

Qualifiers

  • Research-article

Conference

EuroSys '09
Sponsor:
EuroSys '09: Fourth EuroSys Conference 2009
April 1 - 3, 2009
Nuremberg, Germany

Acceptance Rates

Overall Acceptance Rate 241 of 1,308 submissions, 18%

Upcoming Conference

EuroSys '25
Twentieth European Conference on Computer Systems
March 30 - April 3, 2025
Rotterdam , Netherlands

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)37
  • Downloads (Last 6 weeks)7
Reflects downloads up to 10 Nov 2024

Other Metrics

Citations

Cited By

View all
  • (2023)Extending Memory Capacity in Modern Consumer Systems With Emerging Non-Volatile Memory: Experimental Analysis and Characterization Using the Intel Optane SSDIEEE Access10.1109/ACCESS.2023.331788411(105843-105871)Online publication date: 2023
  • (2022)Towards effective preservation of robust safety propertiesProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507084(1674-1683)Online publication date: 25-Apr-2022
  • (2022)Position Paper: Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities2022 IEEE Secure Development Conference (SecDev)10.1109/SecDev53368.2022.00020(52-58)Online publication date: Oct-2022
  • (2022)Timing-Based Browsing Privacy Vulnerabilities Via Site Isolation2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833710(1525-1539)Online publication date: May-2022
  • (2020)Retrofitting fine grain isolation in the firefox rendererProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489252(699-716)Online publication date: 12-Aug-2020
  • (2020)Context-Aware IPv6 Address HoppingInformation and Communications Security10.1007/978-3-030-41579-2_31(539-554)Online publication date: 18-Feb-2020
  • (2019)Site isolationProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361454(1661-1678)Online publication date: 14-Aug-2019
  • (2019)High-Resolution Streaming Functionality in SAGE2 Screen Sharing10.1007/978-3-030-12385-7_30(384-399)Online publication date: 2-Feb-2019
  • (2018)Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet BrowsersProceedings on Privacy Enhancing Technologies10.1515/popets-2018-00122018:2(47-63)Online publication date: 20-Feb-2018
  • (2018)Towards Automated Generation of Exploitation Primitives for Web BrowsersProceedings of the 34th Annual Computer Security Applications Conference10.1145/3274694.3274723(300-312)Online publication date: 3-Dec-2018
  • Show More Cited By

View Options

Get Access

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media