Download Eric_Fouh_Chrome

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
Document related concepts
no text concepts found
Transcript 
Isolating Web Programs in
Modern Browser Architectures
CS6204: Cloud Environment
Spring 2011
1
Relationship with Lecture 1
OS processes as isolation mechanism
Lecture 1:
 Implemented on Microsoft IE web
browser
Lecture 2:
 Implemented on Google Chromium web
browser

2
Other Secure Web Browser
Architecture 1/2

The Tahoma Web browsing system




Based on Browser Operating System (BOS)
Runs each web application (web browser +
site) in its own virtual machine
Implemented on a Xen virtual machine (on
top of a Linux distribution)
Web browser: Konqueror
3
Other Secure Web Browser
Architecture 2/2

USENIX’s secure Web Browser



Based on UNIX OS user’s privileges
Implemented on a SubOS-capable OpenBSD 2.8
operating system using Perl.
Uses three daemons:



Browser Log-in Daemon: downloads objects over the
network. Every object is assigned a sub user id
Browser Display Daemon: displays the content
Browser Interpreter Daemon: processes the content of
the downloaded objects. Starts a new process with sub
user id to interpret active code
4
Ideas



Enable browsers to identify program
boundaries
Revamp web browser to isolate
programs
Preserve the compatibility with existing
web content
5
Web Programs Identification 1/5
Abstractions
 Web programs
Set of related pages and their sub
resources that provide a common
service
 Web program instance
Copies of pages from a web program that
are tightly coupled within the browser
6
Web Programs Identification 2/5
Concrete definitions
 Site



Concrete realization of a web program
abstraction
Combination of protocol and registrycontrolled domain name
Relaxes the Same Origin Policy, since page
origin can change during runtime
7
Web Programs Identification 3/5

Browsing Instance



Set of connected windows and frames
Is created each time a fresh browser
window is open
Grow each time an existing window create
a new connected window or frame
8
Web Programs Identification 4/5

Site instance


Set of connected same site pages within a
browsing instance
Only one site instance per site
9
Web Programs Identification 5/5
10
Execution Model


Web program execution =
Page Rendering + Script execution
Site instance:




single address space for all web object and
web components
Single thread of execution
Pages within the same site instance can
access each other (Coarse Granularity)
Avoid concurrent DOM modifications
11
Browser Architecture 1/4

Rendering engine



One for each instance of a web program
Parses, renders and executes web
programs
Single thread for rendering and script
execution
12
Browser Architecture 2/4

Browser kernel

Contains all shared capabilities and
resources:



Storage functionality: cookies, cache, history
Network stack
Logic for managing the browser’s user interface
13
Browser Architecture 3/4

Plug-ins


Is the process responsible of running
browser plug-ins
Prevents plug-ins to cause crashes in web
program instances
14
Browser Architecture 4/4
15
Chromium’s Implementation

“monolithic” mode:



load all the components in a single process
supported
Process-per-Site-Instance




Creates a separate renderer process for each
site instance
Provides the best isolation
Default process mode
Not fully implemented
16
Implementation’s limits




New process are created only when the user
explicitly expresses it (new tab, etc.)
Navigations initiated within a page are
handled by the same process
Frames and their parents are render in the
same process
Limit to the number of process that can be
created (20 processes)
17
Evaluation 1/6

Methods


Comparison between monolithic mode and
process-per-site-instance mode
Results:

Fault tolerance: simulation of a crash


Monolithic mode: loss of the entire browser
process-per-site-instance mode: loss of a single
rendering engine
18
Evaluation 2/6

Accountability:


User can track CPU usage, memory
consumption and network usage of each
instance
Memory management:

Multi process architecture reclaims the
memory more quickly after an offending
window is closed
19
Evaluation 3/6

Responsiveness



Test the delay between a right click and
the display of the context menu, while
loading web pages.
Significant delays in the monolithic
architecture
Delays are almost absent in the multi
process architecture
20
Evaluation 4/6

Speedup: when restoring a session
21
Evaluation 5/6

Latency
22
Evaluation 6/6

Memory overhead
23
Chrome’s extension model


Extension = Manifest and one or more HTML
page or JavaScript File or other files
Has a “background” page:





Invisible page containing the main logic of the
extension
runs in the extension process, exists for the
lifetime of your extension
one instance is active a time
all extension's pages execute in same process
A script cannot modify the DOM of its parent
background page
24
Remarks


No comparison with other browser
especially IE8 since it is mentioned in
the paper
The goal of isolating web programs is
not fully fulfill:

Different site use the same rendering
process unless it is explicitly specify by the
user
25
Questions???
26
Related documents