Missive: Fast Application Launch From an Untrusted Buffer Cache

Jon Howell, Jeremy Elson, Bryan Parno, and John R. Douceur


The Embassies system turns the web browser model inside out: the client

is ultra-minimal, and hence strongly isolates pages and apps; every app

carries its own libraries and provides itself OS-like services. A typical

Embassies app is 100 MiB of binary code. We have found that the first

reaction most people have upon learning of this design is: how can big

apps start quickly in such a harsh, mutually-untrusting environment?

The key is the observation that, with appropriate system organization,

the performance enhancements of a shared buffer cache can be supplied by

an untrusted component. The benefits of sharing depend on availability

of commonality; this paper measures a hundred diverse applications to

show that applications indeed exhibit sufficient commonality to enable

fast start, reducing startup data from 64MiB to 1MiB. Exploiting that

commonality requires careful packaging and appropriate application

of conventional deduplication and incremental start techniques.

These enable an untrusted client-side cache to rapidly assemble an

app image and transfer it---via IP---to the bootstrapping process.

The result is proof that big apps really can start in a few hundred

milliseconds from a shared but untrusted buffer cache.


Publication typeInproceedings
Published inAnnual Technical Conference
> Publications > Missive: Fast Application Launch From an Untrusted Buffer Cache