Return to search

ScriptSpaces: An Isolation Abstraction for Web Browsers

Current web browsers are ill-prepared to manage execution of scripts embedded in web pages, because they treat all JavaScript code executing in a page as one unit. All code shares the same namespace, same security domain, and shares uncontrolled access to the same heap; some browsers even use the same thread for multiple tabs or windows. This lack of isolation frequently causes problems that range from loss of functionality to security compromises.

ScriptSpace is an abstraction that provides separate, isolated execution environments for parts or all of a web page. Within each ScriptSpace, we maintain the traditional, single-threaded JavaScript environment to provide compatibility with existing code written under this assumption. Multiple ScriptSpaces within a page are isolated with respect to namespace, CPU, and memory consumption. The user has the ability to safely terminate failing scripts without affecting the functionality of still-functional components of the page, or of other pages.

We implemented a prototype of ScriptSpace based on the Firefox 3.0 browser. Rather than mapping ScriptSpaces to OS-level threads, we exploit a migrating-thread model in which threads enter and leave the ScriptSpaces associated with the respective sections of the document tree during the event dispatching process. A proportional share scheduler ensures that the number of bytecode instructions executed within each ScriptSpace is controlled. Our prototype can isolate resource-hogging gadgets within an iGoogle Mashup page as well as across multiple pages loaded in the browser and still retain interactive response. / Master of Science

Identiferoai:union.ndltd.org:VTETD/oai:vtechworks.lib.vt.edu:10919/34514
Date02 September 2010
CreatorsDeka, Amarjyoti
ContributorsComputer Science, Back, Godmar V., Tilevich, Eli, Ryder, Barbara G.
PublisherVirginia Tech
Source SetsVirginia Tech Theses and Dissertation
Detected LanguageEnglish
TypeThesis
Formatapplication/pdf
RightsIn Copyright, http://rightsstatements.org/vocab/InC/1.0/
RelationDeka_Amarjyoti_T_2010.pdf

Page generated in 0.0024 seconds