freedom . js : an Architecture for Serverless Web Applications

Delivering web software as a service has grown into a powerful paradigm for deploying a wide range of Internetscale applications. However for end-users, accessing software as a service is fundamentally at odds with free software, because of the associated cost of maintaining server infrastructure. Users end up paying for the service in one way or another, often indirectly through ads or the sale of their private data. In this paper, we aim to enable a new generation of portable and free web apps by proposing an alternative model to the existing client-server web architecture. freedom.js is a platform for developing and deploying rich multi-user web apps, where application logic is pushed out from the cloud and run entirely on client-side browsers. By shifting the responsibility of where code runs, we can explore a novel incentive structure where users power applications with their own resources, gain the ability to control application behavior and manage privacy of data. For developers, we lower the barrier of writing popular web apps by removing much of the deployment cost and making applications simpler to write. We provide a set of novel abstractions that allow developers to automatically scale their application with low complexity and overhead. freedom.js apps are inherently sandboxed, multi-threaded, and composed of reusable modules. We demonstrate the flexibility of freedom.js through a number of applications that we have built on top of the platform, including a messaging application, a social file synchronization tool, and a peer-to-peer (P2P) content delivery network (CDN). Our experience shows that we can implement a P2P-CDN with 50% fewer lines of application-specific code in the freedom.js framework when compared to a standalone version. In turn, we incur an additional startup latency of 50-60ms (about 6% of the page load time) with the freedom.js version, without any noticeable impact on system throughput.

[1]  Benjamin C. Pierce,et al.  What is a file synchronizer? , 1998, MobiCom '98.

[2]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[3]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[4]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[5]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[6]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[7]  David Mazières,et al.  Democratizing Content Publication with Coral , 2004, NSDI.

[8]  Robert Tappan Morris,et al.  Comparing the Performance of Distributed Hash Tables Under Churn , 2004, IPTPS.

[9]  Steven D. Gribble,et al.  A safety-oriented platform for Web applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[10]  Barbara Liskov,et al.  MapJAX: Data Structure Abstractions for Asynchronous Web Applications , 2007, USENIX Annual Technical Conference.

[11]  Michael J. Freedman,et al.  Bringing P2P to the web: security and privacy in the firecoral network , 2009, IPTPS.

[12]  Refik Molva,et al.  Safebook: A privacy-preserving online social network leveraging on real-life trust , 2009, IEEE Communications Magazine.

[13]  Sonja Buchegger,et al.  PeerSoN: P2P social networking: early experiences and insights , 2009, SNS '09.

[14]  Charles Reis,et al.  Isolating web programs in modern browser architectures , 2009, EuroSys '09.

[15]  Hao Chen,et al.  DBTaint: Cross-Application Information Flow Tracking via Databases , 2010, WebApps.

[16]  M. Frans Kaashoek,et al.  Whanau: A Sybil-proof Distributed Hash Table , 2010, NSDI.

[17]  Nickolai Zeldovich,et al.  Separating Web Applications from User Data Storage with BSTORE , 2010, WebApps.

[18]  Jin Zhao,et al.  Cuckoo: towards decentralized, socio-aware online microblogging services and data measurements , 2010, HotPlanet '10.

[19]  Steven D. Gribble,et al.  Maverick: Providing Web Applications with Safe and Flexible Access to Local Devices , 2011, WebApps.

[20]  Eric Yawei Chen,et al.  App isolation: get the security of multiple browsers with just one , 2011, CCS '11.

[21]  Pierre St. Juste,et al.  Litter: A Lightweight Peer-to-Peer Microblogging Service , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[22]  Ivan Beschastnikh,et al.  Scalable consistency in Scatter , 2011, SOSP.

[23]  An untold story of middleboxes in cellular networks , 2011, SIGCOMM.

[24]  Deian Stefan,et al.  Hails: Protecting Data Privacy in Untrusted Web Applications , 2012, OSDI.

[25]  Michael Walfish,et al.  Treehouse: Javascript Sandboxes to Help Web Developers Help Themselves , 2012, USENIX Annual Technical Conference.

[26]  Wouter Joosen,et al.  You are what you include: large-scale evaluation of remote javascript inclusions , 2012, CCS.

[27]  A. Krishnamurthy,et al.  Blocking-Resistant Network Services using Unblock , 2012 .

[28]  Naga Praveen Kumar Katta,et al.  JavaScript in JavaScript (js.js): Sandboxing Third-Party Scripts , 2012, WebApps.

[29]  Vijay Erramilli,et al.  Detecting price and search discrimination on the internet , 2012, HotNets-XI.

[30]  Thomas E. Anderson,et al.  FreeDOM: a new baseline for the web , 2012, HotNets-XI.

[31]  Derrell Lipman LIBERATED: A Fully In-Browser Client and Server Web Application Debug and Test Environment , 2012, WebApps.

[32]  Andreas Haeberlen,et al.  Reliable Client Accounting for P2P-Infrastructure Hybrids , 2012, NSDI.

[33]  Feng Zhao,et al.  Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX , 2012, WebApps.

[34]  Jon Howell,et al.  Embassies: Radically Refactoring the Web , 2013, NSDI.

[35]  Ravi Sundaram,et al.  Maygh: building a CDN from client web browsers , 2013, EuroSys '13.