Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
Embassies: Radically Refactoring the Web

Jon Howell, Bryan Parno, and John R. Douceur


Web browsers ostensibly provide strong isolation for the client-side components of web applications. Unfortunately, this isolation is weak in practice; as browsers add increasingly rich APIs to please developers, these complex interfaces bloat the trusted computing base and erode cross-app isolation boundaries.

We reenvision the web interface based on the notion of a pico-datacenter, the client-side version of a shared server datacenter. Mutually untrusting vendors run their code on the user's computer in low-level native code containers that communicate with the outside world only via IP. Just as in the cloud datacenter, the simple semantics makes isolation tractable, yet native code gives vendors the freedom to run any software stack. Since the datacenter model is designed to be robust to malicious tenants, it is never dangerous for the user to click a link and invite a possibly-hostile party onto the client.


Publication typeInproceedings
Published inProceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI)
AwardsBest Paper Award

Previous versions

John R. Douceur, Jon Howell, Bryan Parno, and Michael Walfish. Refactoring the Web Interface, 24 October 2011.

Jon Howell, Bryan Parno, and John R. Douceur. Eratosthenes: Radically Refactoring the Web, Microsoft Research, 3 October 2012.

> Publications > Embassies: Radically Refactoring the Web