Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.

Published byMaude Barker Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011."— Presentation transcript:

1 1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011

2 2 Relationship with Lecture 1 OS processes as isolation mechanism Lecture 1: Implemented on Microsoft IE web browser Lecture 2: Implemented on Google Chromium web browser

3 3 Other Secure Web Browser Architecture 1/2 The Tahoma Web browsing system Based on Browser Operating System (BOS) Runs each web application (web browser + site) in its own virtual machine Implemented on a Xen virtual machine (on top of a Linux distribution) Web browser: Konqueror

4 4 Other Secure Web Browser Architecture 2/2 USENIX’s secure Web Browser Based on UNIX OS user’s privileges Implemented on a SubOS-capable OpenBSD 2.8 operating system using Perl. Uses three daemons: Browser Log-in Daemon: downloads objects over the network. Every object is assigned a sub user id Browser Display Daemon: displays the content Browser Interpreter Daemon: processes the content of the downloaded objects. Starts a new process with sub user id to interpret active code

5 5 Ideas Enable browsers to identify program boundaries Revamp web browser to isolate programs Preserve the compatibility with existing web content

6 6 Web Programs Identification 1/5 Abstractions Web programs Set of related pages and their sub resources that provide a common service Web program instance Copies of pages from a web program that are tightly coupled within the browser

7 7 Web Programs Identification 2/5 Concrete definitions Site Concrete realization of a web program abstraction Combination of protocol and registry- controlled domain name Relaxes the Same Origin Policy, since page origin can change during runtime

8 8 Web Programs Identification 3/5 Browsing Instance Set of connected windows and frames Is created each time a fresh browser window is open Grow each time an existing window create a new connected window or frame

9 9 Web Programs Identification 4/5 Site instance Set of connected same site pages within a browsing instance Only one site instance per site

10 10 Web Programs Identification 5/5

11 11 Execution Model Web program execution = Page Rendering + Script execution Site instance: single address space for all web object and web components Single thread of execution Pages within the same site instance can access each other (Coarse Granularity) Avoid concurrent DOM modifications

12 12 Browser Architecture 1/4 Rendering engine One for each instance of a web program Parses, renders and executes web programs Single thread for rendering and script execution

13 13 Browser Architecture 2/4 Browser kernel Contains all shared capabilities and resources: Storage functionality: cookies, cache, history Network stack Logic for managing the browser’s user interface

14 14 Browser Architecture 3/4 Plug-ins Is the process responsible of running browser plug-ins Prevents plug-ins to cause crashes in web program instances

15 15 Browser Architecture 4/4

16 16 Chromium’s Implementation “monolithic” mode: load all the components in a single process supported Process-per-Site-Instance Creates a separate renderer process for each site instance Provides the best isolation Default process mode Not fully implemented

17 17 Implementation’s limits New process are created only when the user explicitly expresses it (new tab, etc.) Navigations initiated within a page are handled by the same process Frames and their parents are render in the same process Limit to the number of process that can be created (20 processes)

18 18 Evaluation 1/6 Methods Comparison between monolithic mode and process-per-site-instance mode Results: Fault tolerance: simulation of a crash Monolithic mode: loss of the entire browser process-per-site-instance mode: loss of a single rendering engine

19 19 Evaluation 2/6 Accountability: User can track CPU usage, memory consumption and network usage of each instance Memory management: Multi process architecture reclaims the memory more quickly after an offending window is closed

20 20 Evaluation 3/6 Responsiveness Test the delay between a right click and the display of the context menu, while loading web pages. Significant delays in the monolithic architecture Delays are almost absent in the multi process architecture

21 21 Evaluation 4/6 Speedup: when restoring a session

22 22 Evaluation 5/6 Latency

23 23 Evaluation 6/6 Memory overhead

24 24 Chrome’s extension model Extension = Manifest and one or more HTML page or JavaScript File or other files Has a “background” page: Invisible page containing the main logic of the extension runs in the extension process, exists for the lifetime of your extension one instance is active a time all extension's pages execute in same process A script cannot modify the DOM of its parent background page

25 25 Remarks No comparison with other browser especially IE8 since it is mentioned in the paper The goal of isolating web programs is not fully fulfill: Different site use the same rendering process unless it is explicitly specify by the user

26 26 Questions???

Download ppt "1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011."

Similar presentations

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
Applications of Feather-Weight Virtual Machines (FVMs) Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science.

Applications of Feather-Weight Virtual Machines (FVMs) Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science.
User-Mode Linux Ken C.K. Lee

User-Mode Linux Ken C.K. Lee
Slide 2-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 2 Using the Operating System 2.

Slide 2-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 2 Using the Operating System 2.
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Computers Software. Computer Layers Hardware BIOS Operating System Applications.

Computers Software. Computer Layers Hardware BIOS Operating System Applications.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
Microkernels How to build a dependable, modular and secure operating system?

Microkernels How to build a dependable, modular and secure operating system?
Introduction to Operating Systems CS-2301 B-term 20081 Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
Chapter 4: Threads. Overview Multithreading Models Threading Issues Pthreads Windows XP Threads.

Chapter 4: Threads. Overview Multithreading Models Threading Issues Pthreads Windows XP Threads.
DISTRIBUTED CONSISTENCY MANAGEMENT IN A SINGLE ADDRESS SPACE DISTRIBUTED OPERATING SYSTEM Sombrero.

DISTRIBUTED CONSISTENCY MANAGEMENT IN A SINGLE ADDRESS SPACE DISTRIBUTED OPERATING SYSTEM Sombrero.
Threads Clients Servers Code Migration Software Agents Summary

Threads Clients Servers Code Migration Software Agents Summary
CS 5150 1 CS 5150 Software Engineering Lecture 13 System Architecture and Design 1.

CS CS 5150 Software Engineering Lecture 13 System Architecture and Design 1.
Early OS security Overview by: Greg Morrisett Cornell University, Edited (by permission) for CSUS CSc250 by Bill Mitchell.

Early OS security Overview by: Greg Morrisett Cornell University, Edited (by permission) for CSUS CSc250 by Bill Mitchell.
CSE 490dp Resource Control Robert Grimm. Problems How to access resources? –Basic usage tracking How to measure resource consumption? –Accounting How.

CSE 490dp Resource Control Robert Grimm. Problems How to access resources? –Basic usage tracking How to measure resource consumption? –Accounting How.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Client/Server Architectures

Client/Server Architectures
Computer System Architectures Computer System Software

Computer System Architectures Computer System Software

Similar presentations

Ads by Google