Pivot: Fast, Synchronous Mashup Isolation Using Generator Chains

Mickens, James

doi:10.1109/sp.2014.24

Cited by 16 publications

(11 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…JavaScript Isolation In the case of JavaScript specifically, much effort has gone into client-side compartmentalization (e.g., execution isolation [33], object capabilities [34], sandboxing [53], [2] information flow control [52]). These works focused primarily on client-side, web-based setups which are different from our focus in many ways: isolation primitives (i.e., iframes), origin (i.e., explicit sources), threat model (i.e., no C/C++ modules; no valid access to "/etc/passwd"), compartment numbers (i.e., few), and developer effort (i.e., manual annotations or rewrite).…”

Section: Related Workmentioning

confidence: 99%

“…Further problems increase these risks. With popular modules averaging tens of thousands of lines of code, understanding the internals of a complex package and verifying that it will not behave in unintended ways [15], [33] are both extremely difficult tasks. The popularity of certain packages-dependedupon by thousands of other packages-allows vulnerabilities deep in the dependency graph to cause widespread difficulties [30], [23], [60].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

BreakApp: Automated, Flexible Application Compartmentalization

Vasilakis

Karel

Roessler

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Developers of large-scale software systems may use third-party modules to reduce costs and accelerate release cycles, at some risk to safety and security. BREAKAPP exploits module boundaries to automate compartmentalization of systems and enforce security policies, enhancing reliability and security. BREAKAPP transparently spawns modules in protected compartments while preserving their original behavior. Optional high-level policies decouple security assumptions made during development from requirements imposed for module composition and use. These policies allow fine-tuning trade-offs such as security and performance based on changing threat models or load patterns. Evaluation of BREAKAPP with a prototype implementation for JavaScript demonstrates feasibility by enabling simplified security hardening of existing systems with low performance overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

BreakApp: Automated, Flexible Application Compartmentalization

Vasilakis

Karel

Roessler

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Pivot [39] isolates untrusted JavaScript into an iframe and rewrites the program to use generators, which allows blocking I/O between the iframe and the outside world. Stopify is not an isolation framework and implements blocking without generators or cps ( §3).…”

Section: Related Workmentioning

confidence: 99%

Putting in all the stops: execution control for JavaScript

et al. 2018

View full text Add to dashboard Cite

Scores of compilers produce JavaScript, enabling programmers to use many languages on the Web, reuse existing code, and even use Web IDEs. Unfortunately, most compilers inherit the browser's compromised execution model, so longrunning programs freeze the browser tab, infinite loops crash IDEs, and so on. The few compilers that avoid these problems suffer poor performance and are difficult to engineer. This paper presents Stopify, a source-to-source compiler that extends JavaScript with debugging abstractions and blocking operations, and easily integrates with existing compilers. We apply Stopify to ten programming languages and develop a Web IDE that supports stopping, single-stepping, breakpointing, and long-running computations. For nine languages, Stopify requires no or trivial compiler changes. For eight, our IDE is the first that provides these features. Two of our subject languages have compilers with similar features. Stopify's performance is competitive with these compilers and it makes them dramatically simpler.Stopify's abstractions rely on first-class continuations, which it provides by compiling JavaScript to JavaScript. We also identify sub-languages of JavaScript that compilers implicitly use, and exploit these to improve performance. Finally, Stopify needs to repeatedly interrupt and resume program execution. We use a sampling-based technique to estimate program speed that outperforms other systems.Preliminary Solutions There are a handful of robust programming language implementations for the Web: GopherJS (Go) [17], Pyret [57], Skulpt (Python) [68], Doppio (JVM) [77], GambitJS (Scheme) [71], and Whalesong (Racket) [83]. They use sophisticated compilers and runtime systems to support some subset of long-running computations, shared-memory concurrency, blocking I/O, proper tail calls, debugging, and

show abstract

“…Instead of propagating DOM changes, Mashic [17] and Pivot [23] provide a transparent, synchronous interface for cross-domain operations on top of postMessage, to support confinement of general-purpose code. Mashic rewrites all code to continuation-passing style, while Pivot uses Generators to achieve the same goal using minor rewriting.…”

Section: Frame-based Isolationmentioning

confidence: 99%

“…• Frame-based isolation: The browser's SOP isolates code running in different frames, while providing a controlled means for communicating through the postMessage API. AdJail [34], Mashic [17] and Pivot [23] rely on this approach for isolation. MashupOS [42] also relies on frames and similar isolation mechanisms.…”

Section: Introductionmentioning

confidence: 99%

JaTE

Tran

Pelizzi

Sekar

2015

Proceedings of the 31st Annual Computer Security Applications Conference

View full text Add to dashboard Cite