WebC: toward a portable framework for deploying legacy code in web browsers
For security, most web applications are developed in some type-safe language, such as JavaScript or Java. However, there is a huge amount of legacy codes developed in unsafe languages, which provide rich functionality and are more efficient than their type-safe counterparts. To allow browsers to inc...
Gespeichert in:
| Veröffentlicht in: | Science China. Information sciences 2015-07, Vol.58 (7), p.107-121 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 121 |
|---|---|
| container_issue | 7 |
| container_start_page | 107 |
| container_title | Science China. Information sciences |
| container_volume | 58 |
| creator | Yin, Jie Tan, Gang Bai, XiaoLong Hu, ShiMin |
| description | For security, most web applications are developed in some type-safe language, such as JavaScript or Java. However, there is a huge amount of legacy codes developed in unsafe languages, which provide rich functionality and are more efficient than their type-safe counterparts. To allow browsers to incorporate type-safe components in a secure way, previous approaches use the software-based fault isolation (SFI) to isolate untrusted legacy code. The SFI approach performs machine-code transformation for security, but the downside is the loss of architecture independence. We propose WebC, a system that allows legacy code transmitted over the web via the Low Level Virtual Machine (LLVM) bitcode format. The untrusted bitcode is transformed by WebC into code in the WebC security language, which enforces both memory isolation and control-flow integrity. Compared with previous approaches, WebC is more portable, provides stronger security, and allows more flexible memory management. Experimental results show that the average runtime overhead of WebC is modest. |
| doi_str_mv | 10.1007/s11432-015-5285-y |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2918614739</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><cqvip_id>665130343</cqvip_id><sourcerecordid>2918614739</sourcerecordid><originalsourceid>FETCH-LOGICAL-c413t-140466dc1a16725aafd2f665ad933fdf208917f520b07ac53c13e904e24b44ac3</originalsourceid><addsrcrecordid>eNp9UEtOwzAQtRBIVNADsLNgHfDYzsdLVPGTitiAYGc5jh1a0ji1U1W5CmfhTlwBV6lgx2xmFu8z7yF0BuQSCMmvAgBnNCGQJikt0mQ4QBMoMpGAAHEY7yznSc7Y2zGahrAkcRgjNC8m6PHVlLPvr0_cu63yFVa4c75XZWOw9Wplts5_YOs8rkzXuGHR1rgxtdID1q4yeNHirSlx6d02GB9O0ZFVTTDT_T5BL7c3z7P7ZP509zC7nieaA-sT4IRnWaVBxc9oqpStqM2yVFWCMVtZSgoBuU0pKUmudMo0MCMIN5SXnCvNTtDFqNt5t96Y0Mul2_g2WkoqYnLgORMRBSNKexeCN1Z2frFSfpBA5K44ORYnY3FyV5wcIoeOnBCxbW38n_J_pPO90btr63Xk_TrFVMAI44z9ABNafLM</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2918614739</pqid></control><display><type>article</type><title>WebC: toward a portable framework for deploying legacy code in web browsers</title><source>Springer Nature - Complete Springer Journals</source><source>Alma/SFX Local Collection</source><source>ProQuest Central</source><creator>Yin, Jie ; Tan, Gang ; Bai, XiaoLong ; Hu, ShiMin</creator><creatorcontrib>Yin, Jie ; Tan, Gang ; Bai, XiaoLong ; Hu, ShiMin</creatorcontrib><description>For security, most web applications are developed in some type-safe language, such as JavaScript or Java. However, there is a huge amount of legacy codes developed in unsafe languages, which provide rich functionality and are more efficient than their type-safe counterparts. To allow browsers to incorporate type-safe components in a secure way, previous approaches use the software-based fault isolation (SFI) to isolate untrusted legacy code. The SFI approach performs machine-code transformation for security, but the downside is the loss of architecture independence. We propose WebC, a system that allows legacy code transmitted over the web via the Low Level Virtual Machine (LLVM) bitcode format. The untrusted bitcode is transformed by WebC into code in the WebC security language, which enforces both memory isolation and control-flow integrity. Compared with previous approaches, WebC is more portable, provides stronger security, and allows more flexible memory management. Experimental results show that the average runtime overhead of WebC is modest.</description><identifier>ISSN: 1674-733X</identifier><identifier>EISSN: 1869-1919</identifier><identifier>DOI: 10.1007/s11432-015-5285-y</identifier><language>eng</language><publisher>Beijing: Science China Press</publisher><subject>Applications programs ; Computer Science ; Information Systems and Communication Service ; JavaScript ; Low level ; Portability ; Research Paper ; Security ; Virtual environments ; Web应用程序 ; Web浏览器 ; 代码转换 ; 便携式 ; 框架 ; 类型安全 ; 部署</subject><ispartof>Science China. Information sciences, 2015-07, Vol.58 (7), p.107-121</ispartof><rights>Science China Press and Springer-Verlag Berlin Heidelberg 2015</rights><rights>Science China Press and Springer-Verlag Berlin Heidelberg 2015.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c413t-140466dc1a16725aafd2f665ad933fdf208917f520b07ac53c13e904e24b44ac3</citedby><cites>FETCH-LOGICAL-c413t-140466dc1a16725aafd2f665ad933fdf208917f520b07ac53c13e904e24b44ac3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Uhttp://image.cqvip.com/vip1000/qk/84009A/84009A.jpg</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s11432-015-5285-y$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://www.proquest.com/docview/2918614739?pq-origsite=primo$$EHTML$$P50$$Gproquest$$H</linktohtml><link.rule.ids>314,776,780,21367,27901,27902,33721,41464,42533,43781,51294</link.rule.ids></links><search><creatorcontrib>Yin, Jie</creatorcontrib><creatorcontrib>Tan, Gang</creatorcontrib><creatorcontrib>Bai, XiaoLong</creatorcontrib><creatorcontrib>Hu, ShiMin</creatorcontrib><title>WebC: toward a portable framework for deploying legacy code in web browsers</title><title>Science China. Information sciences</title><addtitle>Sci. China Inf. Sci</addtitle><addtitle>SCIENCE CHINA Information Sciences</addtitle><description>For security, most web applications are developed in some type-safe language, such as JavaScript or Java. However, there is a huge amount of legacy codes developed in unsafe languages, which provide rich functionality and are more efficient than their type-safe counterparts. To allow browsers to incorporate type-safe components in a secure way, previous approaches use the software-based fault isolation (SFI) to isolate untrusted legacy code. The SFI approach performs machine-code transformation for security, but the downside is the loss of architecture independence. We propose WebC, a system that allows legacy code transmitted over the web via the Low Level Virtual Machine (LLVM) bitcode format. The untrusted bitcode is transformed by WebC into code in the WebC security language, which enforces both memory isolation and control-flow integrity. Compared with previous approaches, WebC is more portable, provides stronger security, and allows more flexible memory management. Experimental results show that the average runtime overhead of WebC is modest.</description><subject>Applications programs</subject><subject>Computer Science</subject><subject>Information Systems and Communication Service</subject><subject>JavaScript</subject><subject>Low level</subject><subject>Portability</subject><subject>Research Paper</subject><subject>Security</subject><subject>Virtual environments</subject><subject>Web应用程序</subject><subject>Web浏览器</subject><subject>代码转换</subject><subject>便携式</subject><subject>框架</subject><subject>类型安全</subject><subject>部署</subject><issn>1674-733X</issn><issn>1869-1919</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><sourceid>BENPR</sourceid><recordid>eNp9UEtOwzAQtRBIVNADsLNgHfDYzsdLVPGTitiAYGc5jh1a0ji1U1W5CmfhTlwBV6lgx2xmFu8z7yF0BuQSCMmvAgBnNCGQJikt0mQ4QBMoMpGAAHEY7yznSc7Y2zGahrAkcRgjNC8m6PHVlLPvr0_cu63yFVa4c75XZWOw9Wplts5_YOs8rkzXuGHR1rgxtdID1q4yeNHirSlx6d02GB9O0ZFVTTDT_T5BL7c3z7P7ZP509zC7nieaA-sT4IRnWaVBxc9oqpStqM2yVFWCMVtZSgoBuU0pKUmudMo0MCMIN5SXnCvNTtDFqNt5t96Y0Mul2_g2WkoqYnLgORMRBSNKexeCN1Z2frFSfpBA5K44ORYnY3FyV5wcIoeOnBCxbW38n_J_pPO90btr63Xk_TrFVMAI44z9ABNafLM</recordid><startdate>20150701</startdate><enddate>20150701</enddate><creator>Yin, Jie</creator><creator>Tan, Gang</creator><creator>Bai, XiaoLong</creator><creator>Hu, ShiMin</creator><general>Science China Press</general><general>Springer Nature B.V</general><scope>2RA</scope><scope>92L</scope><scope>CQIGP</scope><scope>W92</scope><scope>~WA</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>8FE</scope><scope>8FG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>P5Z</scope><scope>P62</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope></search><sort><creationdate>20150701</creationdate><title>WebC: toward a portable framework for deploying legacy code in web browsers</title><author>Yin, Jie ; Tan, Gang ; Bai, XiaoLong ; Hu, ShiMin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c413t-140466dc1a16725aafd2f665ad933fdf208917f520b07ac53c13e904e24b44ac3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Applications programs</topic><topic>Computer Science</topic><topic>Information Systems and Communication Service</topic><topic>JavaScript</topic><topic>Low level</topic><topic>Portability</topic><topic>Research Paper</topic><topic>Security</topic><topic>Virtual environments</topic><topic>Web应用程序</topic><topic>Web浏览器</topic><topic>代码转换</topic><topic>便携式</topic><topic>框架</topic><topic>类型安全</topic><topic>部署</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Yin, Jie</creatorcontrib><creatorcontrib>Tan, Gang</creatorcontrib><creatorcontrib>Bai, XiaoLong</creatorcontrib><creatorcontrib>Hu, ShiMin</creatorcontrib><collection>中文科技期刊数据库</collection><collection>中文科技期刊数据库-CALIS站点</collection><collection>中文科技期刊数据库-7.0平台</collection><collection>中文科技期刊数据库-工程技术</collection><collection>中文科技期刊数据库- 镜像站点</collection><collection>CrossRef</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><jtitle>Science China. Information sciences</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Yin, Jie</au><au>Tan, Gang</au><au>Bai, XiaoLong</au><au>Hu, ShiMin</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>WebC: toward a portable framework for deploying legacy code in web browsers</atitle><jtitle>Science China. Information sciences</jtitle><stitle>Sci. China Inf. Sci</stitle><addtitle>SCIENCE CHINA Information Sciences</addtitle><date>2015-07-01</date><risdate>2015</risdate><volume>58</volume><issue>7</issue><spage>107</spage><epage>121</epage><pages>107-121</pages><issn>1674-733X</issn><eissn>1869-1919</eissn><abstract>For security, most web applications are developed in some type-safe language, such as JavaScript or Java. However, there is a huge amount of legacy codes developed in unsafe languages, which provide rich functionality and are more efficient than their type-safe counterparts. To allow browsers to incorporate type-safe components in a secure way, previous approaches use the software-based fault isolation (SFI) to isolate untrusted legacy code. The SFI approach performs machine-code transformation for security, but the downside is the loss of architecture independence. We propose WebC, a system that allows legacy code transmitted over the web via the Low Level Virtual Machine (LLVM) bitcode format. The untrusted bitcode is transformed by WebC into code in the WebC security language, which enforces both memory isolation and control-flow integrity. Compared with previous approaches, WebC is more portable, provides stronger security, and allows more flexible memory management. Experimental results show that the average runtime overhead of WebC is modest.</abstract><cop>Beijing</cop><pub>Science China Press</pub><doi>10.1007/s11432-015-5285-y</doi><tpages>15</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1674-733X |
| ispartof | Science China. Information sciences, 2015-07, Vol.58 (7), p.107-121 |
| issn | 1674-733X 1869-1919 |
| language | eng |
| recordid | cdi_proquest_journals_2918614739 |
| source | Springer Nature - Complete Springer Journals; Alma/SFX Local Collection; ProQuest Central |
| subjects | Applications programs Computer Science Information Systems and Communication Service JavaScript Low level Portability Research Paper Security Virtual environments Web应用程序 Web浏览器 代码转换 便携式 框架 类型安全 部署 |
| title | WebC: toward a portable framework for deploying legacy code in web browsers |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-10T20%3A42%3A12IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=WebC%EF%BC%9A%20toward%20a%20portable%20framework%20for%20deploying%20legacy%20code%20in%20web%20browsers&rft.jtitle=Science%20China.%20Information%20sciences&rft.au=Yin,%20Jie&rft.date=2015-07-01&rft.volume=58&rft.issue=7&rft.spage=107&rft.epage=121&rft.pages=107-121&rft.issn=1674-733X&rft.eissn=1869-1919&rft_id=info:doi/10.1007/s11432-015-5285-y&rft_dat=%3Cproquest_cross%3E2918614739%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2918614739&rft_id=info:pmid/&rft_cqvip_id=665130343&rfr_iscdi=true |