research-article

Isolating web programs in modern browser architectures

Authors:

Steven D. GribbleAuthors Info & Claims

EuroSys '09: Proceedings of the 4th ACM European conference on Computer systems

Pages 219 - 232

https://doi.org/10.1145/1519065.1519090

Published: 01 April 2009 Publication History

Abstract

Many of today's web sites contain substantial amounts of client-side code, and consequently, they act more like programs than simple documents. This creates robustness and performance challenges for web browsers. To give users a robust and responsive platform, the browser must identify program boundaries and provide isolation between them.

We provide three contributions in this paper. First, we present abstractions of web programs and program instances, and we show that these abstractions clarify how browser components interact and how appropriate program boundaries can be identified. Second, we identify backwards compatibility tradeoffs that constrain how web content can be divided into programs without disrupting existing web sites. Third, we present a multi-process browser architecture that isolates these web program instances from each other, improving fault tolerance, resource management, and performance. We discuss how this architecture is implemented in Google Chrome, and we provide a quantitative performance evaluation examining its benefits and costs.

References

[1]

Alexa. Alexa Web Search -- Top 500. http://www.alexa.com/site/ds/top_500, 2008.

[2]

Adam Barth, Collin Jackson, Charles Reis, and Google Chrome Team. The Security Architecture of the Chromium Browser. Technical report, Stanford University, 2008. http://crypto.stanford.edu/websec/chromium/chromium-security-architecture.pdf.

[3]

Richard S. Cox, Jacob Gorm Hansen, Steven D. Gribble, and Henry M. Levy. A Safety-Oriented Platform for Web Applications. In IEEE Symposium on Security and Privacy, 2006.

Digital Library

[4]

Todd Ditchendorf. Fluid -- Free Site Specific Browser for Mac OS X Leopard. http://fluidapp.com/, 2008.

[5]

Google. Issue 3666 -- chromium -- Tab crash (sad tab, aw snap) on jquery slidetoggle with-webkit-column-count greater than 1 -- Google Code. http://code.google.com/p/chromium/issues/detail?id=3666, October 2008.

[6]

Google. Memory Usage Backgrounder (Chromium Developer Documentation). http://dev.chromium.org/memory-usage-backgrounder, 2008.

[7]

Google. Plugin Architecture (Chromium Developer Documentation). http://dev.chromium.org/developers/design-documents/plugin-architecture, 2008.

[8]

Google. Process Models (Chromium Developer Documentation). http://dev.chromium.org/developers/design-documents/process-models, 2008.

[9]

Chris Grier, Shuo Tang, and Samuel T. King. Secure Web Browsing with the OP Web Browser. In IEEE Symposium on Security and Privacy, 2008.

Digital Library

[10]

Norm Hardy. The Confused Deputy (or why capabilities might have been invented). Operating Systems Review, 22(4):36o8, October 1988.

Digital Library

[11]

Ian Hickson and David Hyatt. HTML 5. http://www.w3.org/html/wg/html5/, October 2008.

[12]

Sotiris Ioannidis and Steven M. Bellovin. Building a Secure Web Browser. In Proceedings of the FREENIX Track of the 2001 USENIX Annual Technical Conference, June 2001.

Digital Library

[13]

Mozilla. Public Suffix List. http://publicsuffix.org/, 2007.

[14]

Mozilla. Prism. https://developer.mozilla.org/en/Prism, 2008.

[15]

Stuart Parmenter. Firefox 3 Memory Usage. http://blog.pavlov.net/2008/03/11/firefox-3-memory-usage/, March 2008.

[16]

Charles Reis, Brian Bershad, Steven D. Gribble, and Henry M. Levy. Using Processes to Improve the Reliability of Browser-based Applications. Technical Report UW-CSE-2007-12-01, University of Washington, December 2007.

[17]

Charles Reis, Steven D. Gribble, and Henry M. Levy. Architectural Principals for Safe Web Programs. In HotNets-VI, November 2007.

[18]

Jesse Ruderman. The Same Origin Policy. http://www.mozilla.org/projects/security/components/same-origin.html, 2001.

[19]

Peter Watkins. Cross-Site Request Forgeries. http://www.tux.org/~peterw/csrf.txt, 2001.

[20]

Andy Zeigler. IE8 and Loosely-Coupled IE. http://blogs.msdn.com/ie/archive/2008/03/11/ie8-and-loosely-coupled-ie-lcie.aspx, March 2008.

[21]

Andy Zeigler. IE8 and Reliability. http://blogs.msdn.com/ie/archive/2008/07/28/ie8-and-reliability.aspx, July 2008.

Cited By

Oliveira GGhose SGómez-Luna JBoroumand ASavery ARao SQazi SGrignou GThakur RShiu EMutlu O(2023)Extending Memory Capacity in Modern Consumer Systems With Emerging Non-Volatile Memory: Experimental Analysis and Characterization Using the Intel Optane SSDIEEE Access10.1109/ACCESS.2023.331788411(105843-105871)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3317884
Busi MDegano PGalletta LHong JBures MPark JCerny T(2022)Towards effective preservation of robust safety propertiesProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507084(1674-1683)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3507084
Alshmrany KBhayat ABraube FCordeiro LKorovin KMelham TMustafa MOlivier PReger GShmarov F(2022)Position Paper: Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities2022 IEEE Secure Development Conference (SecDev)10.1109/SecDev53368.2022.00020(52-58)Online publication date: Oct-2022
https://doi.org/10.1109/SecDev53368.2022.00020
Show More Cited By

Index Terms

Isolating web programs in modern browser architectures
1. Information systems
  1. World Wide Web
    1. Web interfaces
      1. Browsers
2. Software and its engineering
  1. Software notations and tools
    1. Context specific languages
      1. Domain specific languages
  2. Software organization and properties
    1. Extra-functional properties
      1. Software fault tolerance
    2. Software system structures
      1. Software architectures

Recommendations

Browser Feature Usage on the Modern Web
IMC '16: Proceedings of the 2016 Internet Measurement Conference

Modern web browsers are incredibly complex, with millions of lines of code and over one thousand JavaScript functions and properties available to website authors. This work investigates how these browser features are used on the modern, open web. We ...
App isolation: get the security of multiple browsers with just one
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

Many browser-based attacks can be prevented by using separate browsers for separate web sites. However, most users access the web with only one browser. We explain the security benefits that using multiple browsers provides in terms of two concepts: ...
Isolating commodity hosted hypervisors with HyperLock
EuroSys '12: Proceedings of the 7th ACM european conference on Computer Systems

Hosted hypervisors (e.g., KVM) are being widely deployed. One key reason is that they can effectively take advantage of the mature features and broad user bases of commodity operating systems. However, they are not immune to exploitable software bugs. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

EuroSys '09: Proceedings of the 4th ACM European conference on Computer systems

April 2009

342 pages

ISBN:9781605584829

DOI:10.1145/1519065

General Chair:
Wolfgang Schröder-Preikschat
FAU Erlangen-Nuremberg, Germany
,
Program Chairs:
John Wilkes
Google, Inc., USA
,
Rebecca Isaacs
Microsoft Research, Cambridge, UK

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 April 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

EuroSys '09

Sponsor:

SIGOPS

EuroSys '09: Fourth EuroSys Conference 2009

April 1 - 3, 2009

Nuremberg, Germany

Acceptance Rates

Overall Acceptance Rate 241 of 1,308 submissions, 18%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

77
Total Citations
View Citations
1,525
Total Downloads

Downloads (Last 12 months)37
Downloads (Last 6 weeks)7

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Oliveira GGhose SGómez-Luna JBoroumand ASavery ARao SQazi SGrignou GThakur RShiu EMutlu O(2023)Extending Memory Capacity in Modern Consumer Systems With Emerging Non-Volatile Memory: Experimental Analysis and Characterization Using the Intel Optane SSDIEEE Access10.1109/ACCESS.2023.331788411(105843-105871)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3317884
Busi MDegano PGalletta LHong JBures MPark JCerny T(2022)Towards effective preservation of robust safety propertiesProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507084(1674-1683)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3507084
Alshmrany KBhayat ABraube FCordeiro LKorovin KMelham TMustafa MOlivier PReger GShmarov F(2022)Position Paper: Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities2022 IEEE Secure Development Conference (SecDev)10.1109/SecDev53368.2022.00020(52-58)Online publication date: Oct-2022
https://doi.org/10.1109/SecDev53368.2022.00020
Jin ZKong ZChen SDuan H(2022)Timing-Based Browsing Privacy Vulnerabilities Via Site Isolation2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833710(1525-1539)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833710
Narayan SDisselkoen CGarfinkel TFroyd NRahm ELerner SShacham HStefan DCapkun SRoesner F(2020)Retrofitting fine grain isolation in the firefox rendererProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489252(699-716)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489252
Marx MSchwarz MBlochberger MWille FFederrath H(2020)Context-Aware IPv6 Address HoppingInformation and Communications Security10.1007/978-3-030-41579-2_31(539-554)Online publication date: 18-Feb-2020
https://doi.org/10.1007/978-3-030-41579-2_31
Reis CMoshchuk AOskov NHeninger NTraynor P(2019)Site isolationProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361454(1661-1678)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361454
Ishida KAsao DEndo AKido YDate SShimojo S(2019)High-Resolution Streaming Functionality in SAGE2 Screen Sharing10.1007/978-3-030-12385-7_30(384-399)Online publication date: 2-Feb-2019
https://doi.org/10.1007/978-3-030-12385-7_30
Freyberger MHe WAkhawe DMazurek MMittal P(2018)Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet BrowsersProceedings on Privacy Enhancing Technologies10.1515/popets-2018-00122018:2(47-63)Online publication date: 20-Feb-2018
https://doi.org/10.1515/popets-2018-0012
Garmany BStoffel MGawlik RKoppe PBlazytko THolz T(2018)Towards Automated Generation of Exploitation Primitives for Web BrowsersProceedings of the 34th Annual Computer Security Applications Conference10.1145/3274694.3274723(300-312)Online publication date: 3-Dec-2018
https://dl.acm.org/doi/10.1145/3274694.3274723
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents