TreeHouse: JavaScript sandboxes to help Web developers help themselves

Lon Ingram, Michael Walfish

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Many Web applications (meaning sites that employ JavaScript) incorporate third-party code and, for reasons rooted in today's Web ecosystem, are vulnerable to bugs or malice in that code. Our goal is to give Web developers a mechanism that (a) contains included code, limiting (or eliminating) its influence as appropriate; and (b) is deployable today, or very shortly. While the goal of containment is far from new, the requirement of deployability leads us to a new design point, one that applies the OS ideas of sandboxing and virtualization to the JavaScript context. Our approach, called TreeHouse, sandboxes JavaScript code by repurposing a feature of current browsers (namely Web Workers). TreeHouse virtualizes the browser's API to the sandboxed code (allowing the code to run with few or no modifications) and gives the application author fine-grained control over that code. Our implementation and evaluation of TreeHouse show that its overhead is modest enough to handle performance-sensitive applications and that sandboxing existing code is not difficult.

Original languageEnglish (US)
Title of host publicationProceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012
PublisherUSENIX Association
Pages153-164
Number of pages12
ISBN (Electronic)9781931971935
StatePublished - 2019
Event2012 USENIX Annual Technical Conference, USENIX ATC 2012 - Boston, United States
Duration: Jun 13 2012Jun 15 2012

Publication series

NameProceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012

Conference

Conference2012 USENIX Annual Technical Conference, USENIX ATC 2012
Country/TerritoryUnited States
CityBoston
Period6/13/126/15/12

ASJC Scopus subject areas

  • General Computer Science

Fingerprint

Dive into the research topics of 'TreeHouse: JavaScript sandboxes to help Web developers help themselves'. Together they form a unique fingerprint.

Cite this