Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
A Safety-Oriented Platform for Web Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Secure Web Browsing with the OP Web Browser
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Browser security: lessons from Google Chrome
Communications of the ACM - A Blind Person's Interaction with Technology
Browser Security: Lessons from Google Chrome
Queue - Distributed Computing
Communications of the ACM - Finding the Fun in Computer Science Education
Residue objects: a challenge to web browser security
Proceedings of the 5th European conference on Computer systems
Convergence of desktop and web applications on a multi-service OS
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
The multi-principal OS construction of the gazelle web browser
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Apiary: easy-to-use desktop application fault containment on commodity operating systems
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications
Proceedings of the 17th ACM conference on Computer and communications security
Trust and protection in the Illinois browser operating system
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Deterministic process groups in dOS
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Capsicum: practical capabilities for UNIX
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Securing script-based extensibility in web browsers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Designing and Implementing the OP and OP2 Web Browsers
ACM Transactions on the Web (TWEB)
Compartmental memory management in a modern web browser
Proceedings of the international symposium on Memory management
Language-independent sandboxing of just-in-time compilation and self-modifying code
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Maverick: providing web applications with safe and flexible access to local devices
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
App isolation: get the security of multiple browsers with just one
Proceedings of the 18th ACM conference on Computer and communications security
Improving user experience by infusing web technologies into desktops
Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion
The web interface should be radically refactored
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
A taste of Capsicum: practical capabilities for UNIX
Communications of the ACM
TreeHouse: JavaScript sandboxes to helpWeb developers help themselves
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Gibraltar: exposing hardware devices to web pages using AJAX
WebApps'12 Proceedings of the 3rd USENIX conference on Web Application Development
ARC: protecting against HTTP parameter pollution attacks using application request caches
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
AdSplit: separating smartphone advertising from applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
User interface toolkit mechanisms for securing interface elements
Proceedings of the 25th annual ACM symposium on User interface software and technology
Adaptive defenses for commodity software through virtual application partitioning
Proceedings of the 2012 ACM conference on Computer and communications security
Enforcing user-space privilege separation with declarative architectures
Proceedings of the seventh ACM workshop on Scalable trusted computing
MemRed: towards reliable web applications
Proceedings of the Workshop on Secure and Dependable Middleware for Cloud Monitoring and Management
Towards dependable clients: improving the reliability and availability of the browsers
Proceedings of the 9th Middleware Doctoral Symposium of the 13th ACM/IFIP/USENIX International Middleware Conference
ZOOMM: a parallel web browser engine for multicore mobile devices
Proceedings of the 18th ACM SIGPLAN symposium on Principles and practice of parallel programming
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
Flexible access control for javascript
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
How to run POSIX apps in a minimal picoprocess
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
Hi-index | 0.02 |
Many of today's web sites contain substantial amounts of client-side code, and consequently, they act more like programs than simple documents. This creates robustness and performance challenges for web browsers. To give users a robust and responsive platform, the browser must identify program boundaries and provide isolation between them. We provide three contributions in this paper. First, we present abstractions of web programs and program instances, and we show that these abstractions clarify how browser components interact and how appropriate program boundaries can be identified. Second, we identify backwards compatibility tradeoffs that constrain how web content can be divided into programs without disrupting existing web sites. Third, we present a multi-process browser architecture that isolates these web program instances from each other, improving fault tolerance, resource management, and performance. We discuss how this architecture is implemented in Google Chrome, and we provide a quantitative performance evaluation examining its benefits and costs.