Abstract

Web applications such as Facebook, Google Maps, and Hotmail have become an integral part of everyday life. These modern AJAX Web applications are distributed systems with a great deal of inherent complexity. Applications containing 100,000 lines of client—side JavaScript or more are not uncommon and emerging applications such as Office for the Web, Zimbra, and Zoho hint at more complexity still to come. This talk focuses on two projects addressing performance and security of AJAX applications.

Doloto is an optimization tool for Web 2.0 applications. Doloto analyzes application workloads and automatically rewrites the existing application code to introduce dynamic code loading. Doloto reduces the size of application code download by hundreds of kilobytes or as much as 50% of the original download size. The time to download and begin interacting with large applications, such as Hotmail or Google Maps, is often reduced by 20-40%, depending on the application and wide-area network conditions.

The second project is Ripley, a replication technology for preserving computational integrity of AJAX applications. Once a portion of a Web application is moved to the client, a malicious user can subvert the client side of the computation, jeopardizing the integrity of the server-side state. In this project we propose Ripley, a system that uses replicated execution to automatically preserve the integrity of a distributed computation. Ripley observes results of the computation, both as computed on the client-side and on the server side using the replica of the client-side code. Any discrepancy is flagged as a potential violation of computational integrity. We keep the client-side code to preserve low-latency user interactions. We have built Ripley on top of Volta, a distributing compiler that translates .NET applications into JavaScript, effectively providing a measure of security by construction for Volta applications.

Bio

Ben Livshits is a researcher at Microsoft Research in Redmond, WA. Originally from St. Petersburg, Russia, he received a bachelor's degree in Computer Science and Math from Cornell University in 1999, and his M.S. and Ph.D. in Computer Science from Stanford University in 2002 and 2006, respectively. Dr. Livshits' research interests include application of sophisticated static and dynamic analysis techniques to finding errors in programs.

He is known for his work in software reliability and especially tools to improve software security, with a primary focus on approaches to finding buffer overruns in C programs and a variety of security vulnerabilities (cross-site scripting, SQL injections, etc.) in Web-based applications. He is the author or several dozen academic papers and patents. Lately he has been focused on how Web 2.0 application reliability, performance, and security can be improved through a combination of static and runtime techniques.