• Corpus ID: 8428762

Embassies: Radically Refactoring the Web

@inproceedings{Howell2013EmbassiesRR,
  title={Embassies: Radically Refactoring the Web},
  author={Jon Howell and Bryan Parno and John R. Douceur},
  booktitle={NSDI},
  year={2013}
}
Web browsers ostensibly provide strong isolation for the client-side components of web applications. Unfortunately, this isolation is weak in practice; as browsers add increasingly rich APIs to please developers, these complex interfaces bloat the trusted computing base and erode cross-app isolation boundaries. We reenvision the web interface based on the notion of a pico-datacenter, the client-side version of a shared server datacenter. Mutually untrusting vendors run their code on the user… 

Figures from this paper

Protecting Users by Confining JavaScript with COWL
TLDR
COWL introduces label-based mandatory access control to browsing contexts in a way that is fully backward-compatible with legacy web content and allows both the inclusion of untrusted scripts in applications and the building of mashups that combine sensitive information from multiple mutually distrusting origins, all while protecting users' privacy.
Radiatus: a Shared-Nothing Server-Side Web Architecture
TLDR
This paper designs and evaluates Radiatus, a shared-nothing web framework where application-specific computation and storage on the server is contained within a sandbox with the privileges of the end-user, and introduces a distributed capabilities system to allow fine-grained secure resource sharing across the many distributed services that compose an application.
Missive: Fast Application Launch From an Untrusted Buffer Cache
TLDR
This paper measures a hundred diverse applications to show that applications indeed exhibit sufficient commonality to enable fast start, reducing startup data from 64MiB to 1MiB and is proof that big apps really can start in a few hundred milliseconds from a shared but untrusted buffer cache.
Radiatus : Strong User Isolation for Scalable Web Applications
TLDR
This paper designs and implements Radiatus, a web framework where all applicationspecific computation running on the server is executed within a sandbox with the privileges of the end-user, and introduces a distributed capabilities system to protect data at scale across the many distributed services that compose a modern web application.
Content-based isolation: rethinking isolation policy design on client systems
TLDR
This paper proposes a content-based principal model in which the OS treats content owners as its principals and isolates content of different owners from one another, and presents the design, implementation, and evaluation of the prototype system that tackles this challenge.
JSFfox: Run-Timely Confining JavaScript for Firefox
TLDR
Current web applications incorporate third-party content hosted at different origins that offer a series of online services, as well as a suit of reusable libraries that demand access to privacy-sensitive data for implementing normal operations.
Browsix: Bridging the Gap Between Unix and the Browser
TLDR
This paper presents Browsix, a framework that bridges the considerable gap between conventional operating systems and the browser, enabling unmodified programs expecting a Unix-like environment to run directly in the browser.
freedom . js : an Architecture for Serverless Web Applications
TLDR
This paper aims to enable a new generation of portable and free web apps by proposing an alternative model to the existing client-server web architecture, and provides a set of novel abstractions that allow developers to automatically scale their application with low complexity and overhead.
Picocenter: supporting long-lived, mostly-idle applications in cloud environments
TLDR
An alternative approach for cloud computation based on a process-like abstraction rather than a virtual machine abstraction is explored, thereby gaining the scalability and efficiency of PaaS along with the generality of IaaS.
Monarch: A Reimagined Browser for the Modern Web
TLDR
The concept of the App Web a category of the world wide web which increases productivity and its place in the current application experience is proposed.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 87 REFERENCES
Protection and communication abstractions for web browsers in MashupOS
TLDR
This paper identifies and designs the missing abstractions needed for a browser-based multi-principal platform, and builds a prototype system that realizes almost all of the abstractions and their associated properties.
Atlantis: robust, extensible execution environments for web applications
TLDR
Atlantis is the first browsing system to truly minimize a web page's dependence on black box browser code, which makes it much easier to develop robust, secure web applications.
Content-Based Isolation: Rethinking Isolation Policy in Modern Client Systems
TLDR
This paper proposes a content-based principal model in which the OS treats content owners as its principals and isolates content of different owners from one another, and presents the design, implementation, and evaluation of a prototype system that tackles the challenge.
A safety-oriented platform for Web applications
TLDR
The security evaluation shows that Tahoma can prevent or contain 87% of the vulnerabilities that have been identified in the widely used Mozilla browser, and measurements of latency, throughput, and responsiveness demonstrate that users need not sacrifice performance for the benefits of stronger isolation and safety.
MashupOS: Operating System Abstractions for Client Mashups
TLDR
An analogy between Web sites' sharing of browser resources and users' shares of operating system resources is drawn and used as a guide to develop protection and communication abstractions in MashupOS: a set of abstractions that isolate mutually-untrusting web services within the browser, while allowing safe forms of communication.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
TLDR
This paper describes the design, implementation and evaluation of Native Client, a sandbox for untrusted x86 native code that combines software fault isolation and a secure runtime to direct system interaction and side effects through interfaces managed by Native Client.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
TLDR
This paper describes the design, implementation and evaluation of Native Client, a sandbox for untrusted x86 native code that combines software fault isolation and a secure runtime to direct system interaction and side effects through interfaces managed by Native Client.
The Multi-Principal OS Construction of the Gazelle Web Browser
TLDR
Gazelle is introduced, a secure web browser constructed as a multi-principal OS that exclusively manages resource protection and sharing across web site principals and exposes intricate design issues that no previous work has identified.
Convergence of desktop and web applications on a multi-service OS
TLDR
ServiceOS will enable an application model that synthesizes the best elements from both desktop and web applications, providing fundamentally better security without sacrificing functionality.
Leveraging Legacy Code to Deploy Desktop Applications on the Web
TLDR
This work ported 3.3 million lines of code, including a PDF viewer, a Python interpreter, a speech synthesizer, and an OpenGL pipeline to Xax, a browser plugin model that enables developers to leverage existing tools, libraries, and entire programs to deliver feature-rich applications on the web.
...
1
2
3
4
5
...