1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.
-
Upload
maude-barker -
Category
Documents
-
view
215 -
download
1
Transcript of 1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.
1
Isolating Web Programs in Modern Browser Architectures
CS6204: Cloud EnvironmentSpring 2011
2
Relationship with Lecture 1
OS processes as isolation mechanism
Lecture 1: Implemented on Microsoft IE web
browserLecture 2: Implemented on Google Chromium
web browser
3
Other Secure Web Browser Architecture 1/2
The Tahoma Web browsing system Based on Browser Operating System
(BOS) Runs each web application (web
browser + site) in its own virtual machine
Implemented on a Xen virtual machine (on top of a Linux distribution)
Web browser: Konqueror
4
Other Secure Web Browser Architecture 2/2
USENIX’s secure Web Browser Based on UNIX OS user’s privileges Implemented on a SubOS-capable OpenBSD
2.8 operating system using Perl. Uses three daemons:
Browser Log-in Daemon: downloads objects over the network. Every object is assigned a sub user id
Browser Display Daemon: displays the content Browser Interpreter Daemon: processes the
content of the downloaded objects. Starts a new process with sub user id to interpret active code
5
Ideas
Enable browsers to identify program boundaries
Revamp web browser to isolate programs
Preserve the compatibility with existing web content
6
Web Programs Identification 1/5
Abstractions Web programsSet of related pages and their sub
resources that provide a common service
Web program instanceCopies of pages from a web program
that are tightly coupled within the browser
7
Web Programs Identification 2/5
Concrete definitions Site
Concrete realization of a web program abstraction
Combination of protocol and registry-controlled domain name
Relaxes the Same Origin Policy, since page origin can change during runtime
8
Web Programs Identification 3/5
Browsing Instance Set of connected windows and frames Is created each time a fresh browser
window is open Grow each time an existing window
create a new connected window or frame
9
Web Programs Identification 4/5
Site instance Set of connected same site pages
within a browsing instance Only one site instance per site
10
Web Programs Identification 5/5
11
Execution Model Web program execution =
Page Rendering + Script execution Site instance:
single address space for all web object and web components
Single thread of execution Pages within the same site instance can
access each other (Coarse Granularity) Avoid concurrent DOM modifications
12
Browser Architecture 1/4
Rendering engine One for each instance of a web
program Parses, renders and executes web
programs Single thread for rendering and script
execution
13
Browser Architecture 2/4
Browser kernel Contains all shared capabilities and
resources: Storage functionality: cookies, cache,
history Network stack Logic for managing the browser’s user
interface
14
Browser Architecture 3/4
Plug-ins Is the process responsible of running
browser plug-ins Prevents plug-ins to cause crashes in
web program instances
15
Browser Architecture 4/4
16
Chromium’s Implementation
“monolithic” mode: load all the components in a single
process supported
Process-per-Site-Instance Creates a separate renderer process for
each site instance Provides the best isolation Default process mode Not fully implemented
17
Implementation’s limits New process are created only when the
user explicitly expresses it (new tab, etc.)
Navigations initiated within a page are handled by the same process
Frames and their parents are render in the same process
Limit to the number of process that can be created (20 processes)
18
Evaluation 1/6 Methods
Comparison between monolithic mode and process-per-site-instance mode
Results: Fault tolerance: simulation of a crash
Monolithic mode: loss of the entire browser
process-per-site-instance mode: loss of a single rendering engine
19
Evaluation 2/6
Accountability: User can track CPU usage, memory
consumption and network usage of each instance
Memory management: Multi process architecture reclaims
the memory more quickly after an offending window is closed
20
Evaluation 3/6
Responsiveness Test the delay between a right click
and the display of the context menu, while loading web pages.
Significant delays in the monolithic architecture
Delays are almost absent in the multi process architecture
21
Evaluation 4/6
Speedup: when restoring a session
22
Evaluation 5/6
Latency
23
Evaluation 6/6
Memory overhead
24
Chrome’s extension model Extension = Manifest and one or more
HTML page or JavaScript File or other files Has a “background” page:
Invisible page containing the main logic of the extension
runs in the extension process, exists for the lifetime of your extension
one instance is active a time all extension's pages execute in same
process A script cannot modify the DOM of its
parent background page
25
Remarks
No comparison with other browser especially IE8 since it is mentioned in the paper
The goal of isolating web programs is not fully fulfill: Different site use the same rendering
process unless it is explicitly specify by the user
26
Questions???