Feedback

TrustJS: Trusted Client-side Execution of JavaScript

GND
1131654978
Affiliation/Institute
Institut für Betriebssysteme und Rechnerverbund
Goltzsche, David;
Affiliation/Institute
Institut für Betriebssysteme und Rechnerverbund
Wulf, Colin;
Affiliation/Institute
Imperial College London, UK
Muthukumaran, Divya;
Affiliation/Institute
Institute of System Security
Rieck, Konrad;
Affiliation/Institute
Imperial College London, UK
Pietzuch, Peter;
GND
1042639698
Affiliation/Institute
Institut für Betriebssysteme und Rechnerverbund
Kapitza, Rüdiger

Client-side JavaScript has become ubiquitous in web applications to improve user experience and reduce server load. However, since clients are untrusted, servers cannot rely on the confidentiality or integrity of client-side JavaScript code and the data that it operates on. For example, client-side input validation must be repeated at server side, and confidential business logic cannot be offloaded. In this paper, we present TrustJS, a framework that enables trustworthy execution of security-sensitive JavaScript inside commodity browsers. TrustJS leverages trusted hardware support provided by Intel SGX to protect the client-side execution of JavaScript, enabling a flexible partitioning of web application code. We present the design of TrustJS and provide initial evaluation results, showing that trustworthy JavaScript offloading can further improve user experience and conserve more server resources.

Cite

Citation style:
Could not load citation form.

Access Statistic

Total:
Downloads:
Abtractviews:
Last 12 Month:
Downloads:
Abtractviews:

Rights

License Holder: © ACM, 2017. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in proceedings of the 10th European Workshop on System Security 2017 (EuroSec’17). http://dx.doi.org/10.1145/3065913.3065917

Use and reproduction: