Post on 24-Feb-2018
FineFine Grained JavaScript Execution Isolation Using Script SpacesGrained JavaScript Execution Isolation Using Script SpacesFineFine--Grained JavaScript Execution Isolation Using Script SpacesGrained JavaScript Execution Isolation Using Script SpacesFineFine--Grained JavaScript Execution Isolation Using Script SpacesGrained JavaScript Execution Isolation Using Script SpacesFineFine Grained JavaScript Execution Isolation Using Script SpacesGrained JavaScript Execution Isolation Using Script SpacesCCCAmarjyoti Deka Godmar BackCAmarjyoti Deka Godmar BackAmarjyoti Deka Godmar Backjy
Acision Inc Department of Computer Science Virginia TechAcision, Inc. Department of Computer Science, Virginia Tech, p f p , gamar deka@gmail com gback@cs vt eduamar.deka@gmail.com gback@cs.vt.edu@g g @
M i iMotivation b dMotivation <body>
di l "SS 1“Many emerging web/in‐the‐cloud applications rely on increasingly complex <div class="SS_1“ >i t t "b tt " li k " li kh dl A()" l "Cli k !" \Many emerging web/in the cloud applications rely on increasingly complex <input type="button" onclick="clickhandlerA()" value="Click me !" \>di id "A" C t /diJavaScript components coexisting within one page: <div id = "A" >Counter</div>
</di >JavaScript components coexisting within one page: </div>
Rich Internet Application (RIA) <div class="SS 2“ >Rich Internet Application (RIA) <div class= SS_2 ><input type="button" onclick="clickhandlerB()" value="Clickme!" \>
frameworks; heavy use of JS libraries;<input type= button onclick= clickhandlerB() value= Click me! \><div id = "B" >Counter</div>frameworks; heavy use of JS libraries; <div id = B >Counter</div></div>
ythird party ready to include
</div>
third‐party ready‐to‐include </body>p y y` id t ’
</body>
`widgets’gClient‐side extensions (content scripts) CClient‐side extensions (content scripts) Cinteract with arbitrary pages Cinteract with arbitrary pages C
CC t J S i t i t l k C CCurrent JavaScript environments lack C CCurrent JavaScript environments lackf l d C Cnamespace separation, fault and resource Cnamespace separation, fault and resource
isolation; malfunctioning or maliciousisolation; malfunctioning or maliciouscomponents affect entire page/tab and/orcomponents affect entire page/tab and/orbrowserbrowser
N d f b t ti i tNeed for robust execution environmentNeed for robust execution environmentMulti‐process browsers provide partial solution: do not provide isolationMulti‐process browsers provide partial solution: do not provide isolation
below the level of individual tabs/pages and move resource managementbelow the level of individual tabs/pages and move resource management problem to underlying OS which often lacks information about appropriate Script Spaces/DOM Relationship: Mash‐Up Example:problem to underlying OS, which often lacks information about appropriate Script Spaces/DOM Relationship: Mash‐Up Example: p y g , pp p
t t t i By default each page executes within its own Script Space but Script Spaces This iGoogle mash‐up includes a CPU bound gadget (Fibonacci); using Script Spaces theresource management strategies By default, each page executes within its own Script Space, but Script Spaces This iGoogle mash up includes a CPU bound gadget (Fibonacci); using Script Spaces, the g gmay also be created for portions of a page corresponding to sub trees of the page remains responsive and other gadgets remain functional even when it is runmay also be created for portions of a page corresponding to sub trees of the page remains responsive and other gadgets remain functional even when it is run.DOM treeDOM tree.
I l t ti Gecko Layout Execution NetworkS i t S Implementation Gecko Layout Execution NetworkScript Spaces ImplementationE i Environment Layer
Script Spacesb d
Engine Environment LayerPrototype based on
EngineProvide an abstraction for separate execution of JavaScript code Prototype based on
/Provide an abstraction for separate execution of JavaScript code
Firefox 3 0b2 codebase/ Content Model JavaScript Engine Async I/Ocomponents Firefox 3.0b2 codebase/ JavaScript EngineSupport
componentsSpidermonkey VM
Support
K f t Spidermonkey VMRenderingKey features:
U SM t t tRendering Security
Key features:Uses SM contexts to Data CachingUnit of isolation
lti lData CachingUnit of isolation
manage multiple XML Parser ScriptSpaceMC fi bl manage multiple
S i iManagementConfigurable namespace
JavaScript execution DNS/HTTP/FTP/Fil
g pJavaScript execution
Event Processing BVT SchedulerDNS/HTTP/FTP/FileSeparately schedulable contexts simultaneously
Event Processing BVT SchedulerSeparately schedulable contexts simultaneouslyS t t i ti No static bindingSeparate termination No static binding
B I f t t C tp g
b t th d d CBase Infrastructure ComponentsSeparate resource accounting between threads and CpSeparate resource accountingi t CShared access to DOM script spaces C
XPCOM NSPRXPConnectShared access to DOM script spaces“Migrating threads”Backwards‐compatible (within each space a single‐threaded Migrating threads Backwards compatible (within each space, a single threaded
enter and leave spacesenvironment; respects DOM event processing semantics) enter and leave spaces environment; respects DOM event processing semantics)based on event processing needsR l t d k based on event processing needsRelated work: p g
h d l h k (b h llb k)CPU scheduling via interpreter hook (branch callback)Orthogonal to work directed at improving security models or CPU scheduling via interpreter hook (branch callback)Orthogonal to work directed at improving security models or Implements Borrowed Virtual Time [Duda99] schedulerimplementations (Caja ConScript etc ) Implements Borrowed Virtual Time [Duda99] schedulerimplementations (Caja, ConScript, etc.)
l d b d i f d fD i lt ti t lti d l Includes component‐based management interface and UI for userDesign alternative to multi‐process model Includes component based management interface and UI for user /
g pScript Space Manager:interaction/adjustmentComplementary to emerging parallel browser implementations Script Space Manager:interaction/adjustmentComplementary to emerging parallel browser implementationsAn extension displays existing script spaces and CPU consumption over time; users can
Current limitations: not parallel; Firefox components aren’t thread safe;An extension displays existing script spaces and CPU consumption over time; users can
Current limitations: not parallel; Firefox components aren t thread‐safe; adjust consumption of spaces or terminate them safelyp pti t i l t d
adjust consumption of spaces or terminate them safely.memory accounting not implemented y g p
hi k i llC This work was partially C s o as pa t a yf d d b NSF CAREER
C
funded by NSF CAREER
C
yAward CISE/SHF #0845830Award CISE/SHF #0845830