TY - GEN
T1 - TreeHouse
T2 - 2012 USENIX Annual Technical Conference, USENIX ATC 2012
AU - Ingram, Lon
AU - Walfish, Michael
N1 - Funding Information:
Insightful comments by John Hammond, Dave Herman, Jon Howell, Donna Ingram, James Mickens, Emmett Witchel, the anonymous reviewers, and our shepherd, Sam King, substantially improved this draft. This research was partially supported by AFOSR grant FA9550-10-1-0073 and by NSF grants 1055057 and 1040083.
Publisher Copyright:
© 2012 by The USENIX Association. All Rights Reserved
PY - 2019
Y1 - 2019
N2 - Many Web applications (meaning sites that employ JavaScript) incorporate third-party code and, for reasons rooted in today's Web ecosystem, are vulnerable to bugs or malice in that code. Our goal is to give Web developers a mechanism that (a) contains included code, limiting (or eliminating) its influence as appropriate; and (b) is deployable today, or very shortly. While the goal of containment is far from new, the requirement of deployability leads us to a new design point, one that applies the OS ideas of sandboxing and virtualization to the JavaScript context. Our approach, called TreeHouse, sandboxes JavaScript code by repurposing a feature of current browsers (namely Web Workers). TreeHouse virtualizes the browser's API to the sandboxed code (allowing the code to run with few or no modifications) and gives the application author fine-grained control over that code. Our implementation and evaluation of TreeHouse show that its overhead is modest enough to handle performance-sensitive applications and that sandboxing existing code is not difficult.
AB - Many Web applications (meaning sites that employ JavaScript) incorporate third-party code and, for reasons rooted in today's Web ecosystem, are vulnerable to bugs or malice in that code. Our goal is to give Web developers a mechanism that (a) contains included code, limiting (or eliminating) its influence as appropriate; and (b) is deployable today, or very shortly. While the goal of containment is far from new, the requirement of deployability leads us to a new design point, one that applies the OS ideas of sandboxing and virtualization to the JavaScript context. Our approach, called TreeHouse, sandboxes JavaScript code by repurposing a feature of current browsers (namely Web Workers). TreeHouse virtualizes the browser's API to the sandboxed code (allowing the code to run with few or no modifications) and gives the application author fine-grained control over that code. Our implementation and evaluation of TreeHouse show that its overhead is modest enough to handle performance-sensitive applications and that sandboxing existing code is not difficult.
UR - http://www.scopus.com/inward/record.url?scp=85077126899&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85077126899&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85077126899
T3 - Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012
SP - 153
EP - 164
BT - Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012
PB - USENIX Association
Y2 - 13 June 2012 through 15 June 2012
ER -