(Page 2 of 2)
On the server, said Livshits, "if you have to run the replica within a browser, you would incur a memory footprint of 50 to 60 megabytes per browser instance." The solution that he and Kiciman devised was to instead run a "headless browser"--an emulator that simulates only the functions of a Web browser essential to Ripley. This drove down the memory footprint of the cloned browser and application to between one and one and a half megabytes per application.
By shrinking the server-side clone of the user's browser-based application, Livshits and Kiciman--together with colleagues from Cornell University, NY and the Indian Institute of Technology, Delhi--reduced the performance overhead of Ripley further still. Out of five experimental applications, which included a shopping cart, several games, and a blogging engine, the average increase in latency due to the increased efforts of the server's CPU was around one millisecond.
In some cases, Ripley even enhanced the performance of Web applications, because the server-side clone of the client application is rewritten in .NET, a programming language that is 10 to 100 times faster than the JavaScript running on the client side. Sometimes this allows Ripley to predict what the next client-side application request will be before it has even been made by the client, and preemptively push data to the client.
"This is a magical situation, if you think about it," says Livshits. "It leads to zero latency remote procedure calls."
At present, developers interested in using Ripley to secure their Web applications would have to reimplement the ideas in the paper presented on Ripley on their own favorite Web application framework. Eventually however, Livshits and Kiciman think Ripley could help democratize an essential part of Web application security, putting it within reach of non-expert developers.
"Up until now I think people have attacked these problems manually," says Kiciman. "You get experts who dive in and they tailor their applications to meet these challenges, but that's not very scalable, and not very agile when you need to make changes. What we're trying to do is get the Web development platform to a point where anyone can take advantage of the types of technology these experts are using."
UC Berkeley's Barth notes that Ripley is part of a larger trend in solutions that protect the integrity of client-side code by assuring that no unauthorized behavior can occur. "I see Ripley as more of a thought experiment: What would happen if the server validated everything?" he says. "The work suggests that security would benefit if we validated more than we're validating today."
New browser software can protect websites from software vulnerabilities.
Google is developing a new computing platform equal to the Internet era. Should Microsoft be worried?
One-time passwords are vulnerable to new hacking techniques.
Why not clone and run locally?
I really don't understand why browser developers don't setup the software to run cloned in a separate restricted process space. In Unix, for a long time sensitive applications like ftp, dns have been run under a separate userid with chroot to block access to all but a limited allowed portion of the disk. Even if browsers don't run this way, the plug-in's and extensions should.
Windows is a lost cause, but a separate virtual machine could be used to run a browser and/or plugin in a restricted virtual machine. Add-on software running on the real system could selectively enable blocked features like file save, upload, and print. I know friends who use vm software to clone a snapshot of a windows browser, freshly made for each browsing session.
Running remotely on some cloned system seems unnecessarily complex. The same concepts could be used locally to protect an insecure browser and apps from an insecure operating system.
Re: Why not clone and run locally?
I think you might be misunderstanding the idea here. The goal is to essentially protect the server. We are not trying to protect the browser from an insecure operating system, we are trying to ensure we can trust a distributed computation. Please see http://research.microsoft.com/en-us/projects/ripley/ for more info.
I fear I'm showing naivity here, but wouldn't 'Sys Restore' do the same thing? It could be set up to refresh the browser and vulnerable apps just before the anti virus runs.
Re: How About 'System Restore'?
The client in this model is not trusted. So, why would you trust them to run anything? Even if there such a thing as restoring the state, a malicious user can easily hack things as the application is running.
multi-tab browsing and privacy
How would work for multi-tab browsing? Would the server clone the entire browser or just the one tab running the application? If the entire browser is being cloned, how will the user protect the information in the other tabs? If I have more than one tab open will the web server be able to determine what other tabs/sites I have open?
Re: multi-tab browsing and privacy
This will just protect one tab, the one in which the Ripley-protected application is running. Ripley doesn't have the ability to access anything outside this tab.
By protecting the server side, in effect this protects the client side. With continuing computational power and memory advances, this type of heavy crunching on the server side seems only likely to grow as a security solution.
Of course, it would be nice to see non-proprietary approaches to securing the server from the client. In the real world though, we'll probably see several competing approaches on each platform.
Thanks for your feedback. We believe that this sort of approach that utilizes extra computing power to improve security has a bright future!
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
rocketscience
7 Comments
brilliant
Great Job!
Bravo!
Reply