Isolating web programs in modern browser architectures

Many of today's web sites contain substantial amounts of client-side code, and consequently, they act more like programs than simple documents. This creates robustness and performance challenges for web browsers. To give users a robust and responsive platform, the browser must identify program boundaries and provide isolation between them. We provide three contributions in this paper. First, we present abstractions of web programs and program instances, and we show that these abstractions clarify how browser components interact and how appropriate program boundaries can be identified. Second, we identify backwards compatibility tradeoffs that constrain how web content can be divided into programs without disrupting existing web sites. Third, we present a multi-process browser architecture that isolates these web program instances from each other, improving fault tolerance, resource management, and performance. We discuss how this architecture is implemented in Google Chrome, and we provide a quantitative performance evaluation examining its benefits and costs.

[1]  J. Meigs,et al.  WHO Technical Report , 1954, The Yale Journal of Biology and Medicine.

[2]  Norman Hardy,et al.  The Confused Deputy: (or why capabilities might have been invented) , 1988, OPSR.

[3]  Clem Cole,et al.  Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference , 2001 .

[4]  S. Bellovin,et al.  Building a Secure Web Browser , 2001, USENIX Annual Technical Conference, FREENIX Track.

[5]  Steven D. Gribble,et al.  A safety-oriented platform for Web applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[6]  B. Bershad,et al.  Using Processes to Improve the Reliability of Browser-based Applications , 2007 .

[7]  Charles Reis,et al.  Architectural Principles for Safe Web Programs , 2007, HotNets.

[8]  Samuel T. King,et al.  Secure Web Browsing with the OP Web Browser , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[9]  Adam Barth,et al.  The Security Architecture of the Chromium Browser , 2009 .

[10]  Информатика Public Suffix List , 2010 .