Jon Howell, Bryan Parno, and John R. Douceur
5 April 2013
Web browsers ostensibly provide strong isolation for the client-side components of web applications. Unfortunately, this isolation is weak in practice; as browsers add increasingly rich APIs to please developers, these complex interfaces bloat the trusted computing base and erode cross-app isolation boundaries.
We reenvision the web interface based on the notion of a pico-datacenter, the client-side version of a shared server datacenter. Mutually untrusting vendors run their code on the user's computer in low-level native code containers that communicate with the outside world only via IP. Just as in the cloud datacenter, the simple semantics makes isolation tractable, yet native code gives vendors the freedom to run any software stack. Since the datacenter model is designed to be robust to malicious tenants, it is never dangerous for the user to click a link and invite a possibly-hostile party onto the client.
|Published in||Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI)|
|Awards||Best Paper Award|
Jon Howell, Bryan Parno, and John R. Douceur. Eratosthenes: Radically Refactoring the Web, Microsoft Research, 3 October 2012.
John R. Douceur, Jon Howell, Bryan Parno, and Michael Walfish. Refactoring the Web Interface, 24 October 2011.