Access Restriction

Author Ingram, Lon ♦ Walfish, Michael
Source CiteSeerX
Content type Text
File Format PDF
Language English
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Subject Keyword Third-party Code ♦ Web Developer ♦ Deployable Today ♦ Current Browser ♦ Performance-sensitive Application ♦ Included Code ♦ Javascript Context ♦ Sandboxed Code ♦ Many Web Application ♦ Application Author Fine-grained Control ♦ Tree-house Show ♦ Web Ecosystem ♦ Javascript Sandbox ♦ Browser Api ♦ New Design Point ♦ O Idea ♦ Web Worker ♦ Sandbox Javascript Code
Description In USENIX ATC
Many Web applications (meaning sites that employ JavaScript) incorporate third-party code and, for reasons rooted in today’s Web ecosystem, are vulnerable to bugs or malice in that code. Our goal is to give Web developers a mechanism that (a) contains included code, limiting (or eliminating) its influence as appropriate; and (b) is deployable today, or very shortly. While the goal of containment is far from new, the requirement of deployability leads us to a new design point, one that applies the OS ideas of sandboxing and virtualization to the JavaScript context. Our approach, called TreeHouse, sandboxes JavaScript code by repurposing a feature of current browsers (namely Web Workers). TreeHouse virtualizes the browser’s API to the sandboxed code (allowing the code to run with few or no modifications) and gives the application author fine-grained control over that code. Our implementation and evaluation of Tree-House show that its overhead is modest enough to handle performance-sensitive applications and that sandboxing existing code is not difficult. 1
Educational Role Student ♦ Teacher
Age Range above 22 year
Educational Use Research
Education Level UG and PG ♦ Career/Technical Study
Learning Resource Type Article
Publisher Date 2012-01-01