Seminar by Mohan Dhawan
Rethinking web platform extensibility
Mohan Dhawan
Rutgers University
Date: Tuesday, April 5th, 2013
Time: 3PM
Venue: CS101.Abstract:
The modern web platform provides an extensible architecture that lets third-party extensions, often untrusted, enhance and customize the web browser and the web applications. The last few years have seen numerous incidents involving third-party extensions that have exploited vulnerabilities in the web platform. In this line of research, I have explored and characterized issues with JavaScript-based extensibility in the web platform and developed novel solutions to secure and make robust both the web browser and the web applications against untrusted third-party extensions.
In this talk, I will describe two examples from my research in this space. In these works, I have reasoned about extensibility of the web platform from a languages and systems perspectives to develop practical systems that implement extensibility as a first class primitive for the web platform. First, I will present Transcript, which is a language runtime system that provides a fine-grained sandboxing mechanism to isolate untrusted third-party JavaScript-based web application extensions, and thus secures web application extensibility. Second, I will describe Atlantis, which is a novel exokernel based web browser that enables web applications to leverage the extensibility of the web browser and become more secure and robust. Although, both these systems have been developed for web application extensions, they are equally applicable to web browser extensions.