TrustJS: Trusted Client-side Execution of JavaScript
File(s)trustjs-eurosec17-accepted.pdf (191.65 KB)
Accepted version
Author(s)
Type
Conference Paper
Abstract
Client-side JavaScript has become ubiquitous in web applications to improve user experience and reduce server load. However, since clients are untrusted, servers cannot rely on the confidentiality or integrity of client-side JavaScript code and the data that it operates on. For example, client-side input validation must be repeated at server side, and confidential business logic cannot be offloaded. In this paper, we present TrustJS, a framework that enables trustworthy execution of security-sensitive JavaScript inside commodity browsers. TrustJS leverages trusted hardware support provided by Intel SGX to protect the client-side execution of JavaScript, enabling a flexible partitioning of web application code. We present the design of TrustJS and provide initial evaluation results, showing that trustworthy JavaScript offloading can further improve user experience and conserve more server resources.
Date Issued
2017-04-23
Date Acceptance
2017-04-23
Citation
Proceedings of the 10th European Workshop on Systems Security (EuroSec'17), 2017
ISBN
978-1-4503-4935-2
Publisher
ACM
Journal / Book Title
Proceedings of the 10th European Workshop on Systems Security (EuroSec'17)
Copyright Statement
© 2017 Copyright held by the owner/author(s). Publication rights licensed to ACM. ermission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for profit or commercial advantage and that copies bear this notice and the full citation
on the first page. Copyrights for components of this work owned by others than the
author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or
republish, to post on servers or to redistribute to lists, requires prior specific permission
and/or a fee. Request permissions from permissions@acm.org.
classroom use is granted without fee provided that copies are not made or distributed
for profit or commercial advantage and that copies bear this notice and the full citation
on the first page. Copyrights for components of this work owned by others than the
author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or
republish, to post on servers or to redistribute to lists, requires prior specific permission
and/or a fee. Request permissions from permissions@acm.org.
Sponsor
Engineering & Physical Science Research Council (EPSRC)
Commission of the European Communities
Grant Number
EP/K008129/1
645011
Source
EuroSec'17
Publication Status
Published
Start Date
2017-04-23
Finish Date
2017-04-26
Coverage Spatial
Belgrade, Serbia