Abstract
For security, most web applications are developed in some type-safe language, such as JavaScriptor Java. However, there is a huge amount of legacy codes developed in unsafe languages, which provide richfunctionality and are more efficient than their type-safe counterparts. To allow browsers to incorporate type-safecomponents in a secure way, previous approaches use the software-based fault isolation (SFI) to isolate untrustedlegacy code. The SFI approach performs machine-code transformation for security, but the downside is the lossof architecture independence. We propose WebC, a system that allows legacy code transmitted over the web viathe Low Level Virtual Machine (LLVM) bitcode format. The untrusted bitcode is transformed by WebC intocode in the WebC security language, which enforces both memory isolation and control-flow integrity. Comparedwith previous approaches, WebC is more portable, provides stronger security, and allows more flexible memorymanagement. Experimental results show that the average runtime overhead of WebC is modest.
Similar content being viewed by others
References
Oeschger. API reference: netscape Gecko plugins 2.190 pgs. Netscape Communication, 2002
Yee B, Sehr D, Dardyk G, et al. Native client: a sandbox for portable, untrusted x86 native code. In: Proceedings ofIEEE Symposium on Security and Privacy, Oakland 2009, 79–93
Douceur JR, Elson J, Howell J, et al. Leveraging legacy code to deploy desktop applications on the web. In:Proceedings of USENIX Symposium on Operating Systems Design and Implementation, San Diego 2008, 339–354
Wahbe R, Lucco S, Anderson T, et al. Efficient software-based fault isolation. In: Proceedings of ACM Symposiumon Operating Systems Principles, New York 1993, 203–216
McCamant S, Morrisett G. Evaluating SFI for a CISC architecture. In: Proceedings of USENIX Security Symposium,Vancouver 2006, 209–224
Sehr D, Muth R, Biffle C, et al. Adapting software fault isolation to contemporary CPU architectures. In: Proceedingsof USENIX Security Symposium, Washington DC 2010, 1–12
Erlingsson U, Abadi M, Vrable M, et al. XFI: software guards for system address spaces. In: Proceedings of the 7thSymposium on Operating Systems Design and Implementation, Seattle 2006, 75–88
Abadi M, Budiu M, Erlingsson U, et al. Control-flow integrity. In: Proceedings of the 12th ACM Conference onComputer and Communications Security, Alexandria 2005, 340–353
Woo SC, Ohara M, Torrie E, et al. The SPLASH-2 programs: characterization and methodological considerations.In: Proceedings of International Symposium on Computer Architecture, Santa Margherita Ligure 1995, 24–36
Zeng B, Tan G, Morrisett G. Combining control-flow integrity and static analysis for efficient and validated datasandboxing. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, Chicago 2011,29–40
Jim T, Morrisett JG, Grossman D, et al. Cyclone: a safe dialect of C. In: Proceedings of USENIX Annual TechnicalConference, Monterey 2002, 275–288
Necula G. Proof-carrying code. In: Proceedings of the 24th ACM Symposium on Principles of Programming Languages,New York 1997, 106–119
Erlingsson U, Schneider FB. SASI enforcement of security policies: a retrospective. In: Proceedings of New SecurityParadigms Workshop, Ontario 1999, 87–95
Evans D, Twyman A. Flexible policy-directed code safety. In: Proceedings of IEEE Symposium on Security andPrivacy, Oakland 1999, 32–45
Erlingsson U, Schneider FB. IRM enforcement of Java stack inspection. In: Proceedings of IEEE Symposium onSecurity and Privacy, Oakland 2000, 246–255
Small C. A tool for constructing safe extensible C++ systems. In: Proceedings of the 3rd USENIX Conference onObject-Oriented Technologies and Systems, Portland 1997, 175–184
Ford B, Cox R. Vx32: lightweight user-level sandboxing on the x86. In: Proceedings of USENIX Annual TechnicalConference, Boston 2008, 293–306
Zeng B, Tan G, Erlingsson U. Strato: a retargetable framework for low-level inlined-reference monitors. In: Proceedingsof USENIX Security Symposium, Washington DC 2013, 369–382
Morrisett G, Tan G, Tassarotti J, et al. RockSalt: better, faster, stronger SFI for the x86. In: Proceedings of the 33rdACM SIGPLAN conference on Programming Language Design and Implementation, Beijing 2012, 395–404
Dhurjati D, Kowshik S, Adve V. SAFECode: enforcing alias analysis for weakly typed languages. In: Proceedings ofthe ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation, Ottawa, Ontario 2006,144–157
Dhurjati D, Adve V. Backwards-compatible array bounds checking for C with very low overhead. In: Proceedings ofthe 28th International Conference on Software Engineering, Shanghai 2006, 162–171
Nagarakatte S, Zhao J, Martin MM, et al. SoftBound: highly compatible and complete spatial memory safety for C. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, Dublin,2009. 245–258
Howell J, Parno B, Douceur JR. How to run POSIX apps in a minimal picoprocess. In: Proceedings of the USENIXAnnual Technical Conference, San Jose 2013, 321–332
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yin, J., Tan, G., Bai, X. et al. WebC: toward a portable framework for deploying legacy code in web browsers. Sci. China Inf. Sci. 58, 1–15 (2015). https://doi.org/10.1007/s11432-015-5285-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11432-015-5285-y