Gulfstream Salvatore Guarnieri University of Washington Ben Livshits Microsoft Research Staged Static Analysis for Streaming JavaScript Applications.

Slides:



Advertisements
Similar presentations
Fall IM 2000 Evfolution of Presence Based Networks Evolution of Presence Based Networks Jonathan Rosenberg Chief Scientist.
Advertisements

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.
Java Script Session1 INTRODUCTION.
GATEKEEPER MOSTLY STATIC ENFORCEMENT OF SECURITY AND RELIABILITY PROPERTIES FOR JAVASCRIPT CODE Salvatore Guarnieri & Benjamin Livshits Presented by Michael.
Presented by Vaibhav Rastogi.  Advent of Web 2.0 and Mashups  Inclusion of untrusted third party content a necessity  Need to restrict the functionality.
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
The Ant and The Grasshopper Fast and Accurate Pointer Analysis for Millions of Lines of Code Ben Hardekopf and Calvin Lin PLDI 2007 (Best Paper & Best.
Gatekeeper : Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code Ben Livshits Salvatore Guarnieri.
Working with JavaScript. 2 Objectives Introducing JavaScript Inserting JavaScript into a Web Page File Writing Output to the Web Page Working with Variables.
November 29, 2005Christopher Tuttle1 Linear Scan Register Allocation Massimiliano Poletto (MIT) and Vivek Sarkar (IBM Watson)
Speeding Up Dataflow Analysis Using Flow- Insensitive Pointer Analysis Stephen Adams, Tom Ball, Manuvir Das Sorin Lerner, Mark Seigle Westley Weimer Microsoft.
Reducing the Energy Usage of Office Applications Jason Flinn M. Satyanarayanan Carnegie Mellon University Eyal de Lara Dan S. Wallach Willy Zwaenepoel.
Multiple Tiers in Action
Staged Information Flow for JavaScript Ravi Chugh, Jeff Meister, Ranjit Jhala, Sorin Lerner UC San Diego.
Generic Simulator for Users' Movements and Behavior in Collaborative Systems.
JSZap: Compressing JavaScript Code Martin Burtscher, UT Austin Ben Livshits & Ben Zorn, Microsoft Research Gaurav Sinha, IIT Kanpur.
Web Design Basic Concepts.
Linear Scan Register Allocation POLETTO ET AL. PRESENTED BY MUHAMMAD HUZAIFA (MOST) SLIDES BORROWED FROM CHRISTOPHER TUTTLE 1.
DESIGNING FOR MOBILE Lunch & Learn Series | February 20, 2014.
Intro to PHP Introduction to server-side scripts (It’s all good :D) © TAFE NSW
Client-Side Validation with Javascript by Daniel Yee.
Lecture 12 – AJAX SFDV3011 – Advanced Web Development Reference: 1.
JavaScript Heap Analysis: From Browser Exploits to Safe JavaScript Subsets Adam Barth Joel Weinberger Matt Finifter Dawn Song University of California,
The New Computing Curriculum select, use and combine a variety of software (including internet services) on a range of digital devices to design and create.
Saving the World Wide Web from Vulnerable JavaScript International Symposium on Software Testing and Analysis (ISSTA 2011) Omer Tripp IBM Software Group.
Ideas to Improve SharePoint Usage 4. What are these 4 Ideas? 1. 7 Steps to check SharePoint Health 2. Avoid common Deployment Mistakes 3. Analyze SharePoint.
JAVA SERVER PAGES. 2 SERVLETS The purpose of a servlet is to create a Web page in response to a client request Servlets are written in Java, with a little.
A seminar on “Mobile Version of The Website”
Cross Site Integration “mashups” cross site scripting.
Aules d’Empresa 2011 Aules d’empresa 2011 DEX. Nom e la presenatació o altra info (opcional) Aules d’Empresa 2011 Contents Graph database Motivation DEX.
Buffered dynamic run-time profiling of arbitrary data for Virtual Machines which employ interpreter and Just-In-Time (JIT) compiler Compiler workshop ’08.
Procrastinator: Pacing Mobile Apps’ Usage of the Network mobisys 2014.
AjaxScope & Doloto: Towards Optimizing Client-side Web 2.0 App Performance Ben Livshits Microsoft Research (joint work with Emre.
Fast Points-to Analysis for Languages with Structured Types Michael Jung and Sorin A. Huss Integrated Circuits and Systems Lab. Department of Computer.
FIRST SCREEN In 1929, we were introduced to the “First Screen” Still today, Television advertising is a tremendously effective way to market.
Mobile web Sebastian Lopienski IT Technical Forum 29 June 2012.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
the acronym for Asynchronous JavaScript and XML.
PRESTO: Program Analyses and Software Tools Research Group, Ohio State University Merging Equivalent Contexts for Scalable Heap-cloning-based Points-to.
Denise Oliver, Education and Outreach Director Alabama Supercomputer Authority.
Ajax for Dynamic Web Development Gregory McChesney.
An Analysis of the Mozilla Jetpack Extension Framework Rezwana Karim, Mohan Dhawan, Vinod Ganapathy Computer Science, Rutgers University Chung-cheih Shan.
Javascript JavaScript is what is called a client-side scripting language:  a programming language that runs inside an Internet browser (a browser is also.
LESSON 15 – UNIT 0 ADAPTING YOUR WEB SITE FOR MOBILE DEVICES.
Evaluation of distribution Alternatives of Pantex Spatial database for the Pantex Plant Presented by Ye Maggie Ruan (
30 Copyright © 2009, Oracle. All rights reserved. Using Oracle Business Intelligence Delivers.
GC Assertions: Using the Garbage Collector To Check Heap Properties Samuel Z. Guyer Tufts University Edward Aftandilian Tufts University.
Web Cache. What is Cache? Cache is the storing of data temporarily to improve performance. Cache exist in a variety of areas such as your CPU, Hard Disk.
History Before designing web pages it is important to know how it all came about… History Channel – The Invention of the Internet History Channel – The.
IF STARBUCKS USED INSTART LOGIC, THEY WOULD HAVE A FASTER RESPONSIVE WEBSITE BY PETER BLUM.
PSD TO HTML CONVERSION SERVICES Focus on designing creative website layouts with the help of professional PSD into HTML Conversion services with experts.
Benefits of IT Outsourcing Services
Programming vs. Packaged
Challenges in Pointer Analysis of JavaScript
TECHNOLOGY GUIDE THREE
MICROSOFT OUTLOOK and Outlook service Provider
Doloto: Code Splitting for Web 2.0 Applications
Building a Custom Video Player
Dynamic Web Page A dynamic web page is a kind of web page that has been prepared with fresh information (content and/or layout), for each individual viewing.
BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML
TECHNOLOGY GUIDE THREE
Client-Side Validation with Javascript
Parallel Programming in Contemporary Programming Languages (Part 2)
AMP.
Doloto: Code Splitting for Web 2.0 Applications
Doloto: Code Splitting for AJAX Applications
Recitation on AdFisher
TECHNOLOGY GUIDE THREE
Presentation transcript:

Gulfstream Salvatore Guarnieri University of Washington Ben Livshits Microsoft Research Staged Static Analysis for Streaming JavaScript Applications

1 Third Party Server Web application widget.js Web page

Safe Code Inclusion In JavaScript Runtime Enforcement Conscript [Oakland 10] BrowserShield [OSDI 06] Caja Static Analysis Gatekeeper [USENIX Sec 09] Staged Information flow for JavaScript [PLDI 09] 2 Whole program analysis approaches require the entire program

3

4 JavaScript programs are streaming

function foo(){...} var f = foo; function bar(){...} if (...) f = bar;... Script Creation 5 What does f refer to?

Incremental Loading in Facebook 6 71%

✔ ✔ Gulfstream In Action 7 OfflineOnline ✔ ✔ ✔ ✔

Outline Motivation Implementation Evaluation Conclusions 8

Queries We want to determine something about the program Example – What does f() refer to – Detect alert calls – Does this program use setTimeout 9

Points-To Analysis Provides deep program understanding Can be used to construct call graphs Is the foundation of further analyses Answers a simple question: What heap locations does variable x point to 10

Points-To Example 11

Implementation Strategies Datalog with bddbddb + Fast for large programs + Highly tuned - Large startup cost - Difficult to implement in the browser Used in Gatekeeper [USENIX Sec 09] Graph-based flow analysis + Very small startup cost + Customized to work with Gulfstream - Does not scale well 12

Implementation Normalize JavaScript – Turn program into a series of simple statements – Introduce temporaries as necessary Create flow graph – Use normalized program to generate flow constraints Serialize flow graph – Encode the flow-graph so online analysis can use it to update results 13

Implementation Continued Perform points-to analysis – Traverse flow graph to find all aliases – Follow flow through method boundaries – Generate points-to map for queries to use Queries – Use points-to data and flow graph to answer queries 14

Evaluation Question – Is Gulfstream faster than non-staged analysis Benchmarks – Synthetically generated – Scraped from Google code – Scraped from Facebook Simulate diverse environments – CPU speed and network properties – Cell phone, laptop, desktop, etc. 15

Laptop Running Time Comparison 16 After 30KB of updates, Gulfstream is no longer faster

Simulated Devices Low power mobile High power 17

Lessons Learned Slow devices benefit from Gulfstream A slow network can negate the benefits of the staged analysis Large page updates don’t benefit from Gulfstream 18

Facebook Experiment Visit 4 pages – Home – Friends – Inbox – Profile Each page loads additional JavaScript 19

Gulfstream Savings: Slow Devices 20

Gulfstream Savings: Fast Devices seconds saved

Conclusion Gulfstream, staged analysis for JavaScript Staged analysis – Offline on the server – Online in the browser Wide range of experiments – For small updates, Gulfstream is faster – Devices with slow CPU benefit most 22

The End Contact: 23

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.