Sinatra: Stateful Instantaneous Updates for Commercial Browsers Through Multi-Version eXecution

Authors Ugnius Rumsevicius, Siddhanth Venkateshwaran, Ellen Kidane, Luís Pina



PDF
Thumbnail PDF

File

LIPIcs.ECOOP.2023.26.pdf
  • Filesize: 1.06 MB
  • 29 pages

Document Identifiers

Author Details

Ugnius Rumsevicius
  • University of Illinois at Chicago, IL, USA
Siddhanth Venkateshwaran
  • University of Illinois at Chicago, IL, USA
Ellen Kidane
  • University of Illinois at Chicago, IL, USA
Luís Pina
  • University of Illinois at Chicago, IL, USA

Cite As Get BibTex

Ugnius Rumsevicius, Siddhanth Venkateshwaran, Ellen Kidane, and Luís Pina. Sinatra: Stateful Instantaneous Updates for Commercial Browsers Through Multi-Version eXecution. In 37th European Conference on Object-Oriented Programming (ECOOP 2023). Leibniz International Proceedings in Informatics (LIPIcs), Volume 263, pp. 26:1-26:29, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023) https://doi.org/10.4230/LIPIcs.ECOOP.2023.26

Abstract

Browsers are the main way in which most users experience the internet, which makes them a prime target for malicious entities. The best defense for the common user is to keep their browser always up-to-date, installing updates as soon as they are available. Unfortunately, updating a browser is disruptive as it results in loss of user state. Even though modern browsers reopen all pages (tabs) after an update to minimize inconvenience, this approach still loses all local user state in each page (e.g., contents of unsubmitted forms, including associated JavaScript validation state) and assumes that pages can be refreshed and result in the same contents. We believe this is an important barrier that keeps users from updating their browsers as frequently as possible.
In this paper, we present the design, implementation, and evaluation of Sinatra, which supports instantaneous browser updates that do not result in any data loss through a novel Multi-Version eXecution (MVX) approach for JavaScript programs, combined with a sophisticated proxy. Sinatra works in pure JavaScript, does not require any browser support, thus works on closed-source browsers, and requires trivial changes to each target page, that can be automated. First, Sinatra captures all the non-determinism available to a JavaScript program (e.g., event handlers executed, expired timers, invocations of Math.random). Our evaluation shows that Sinatra requires 6MB to store such events, and the memory grows at a modest rate of 253KB/s as the user keeps interacting with each page. When an update becomes available, Sinatra transfer the state by re-executing the same set of non-deterministic events on the new browser. During this time, which can be as long as 1.5 seconds, Sinatra uses MVX to allow the user to keep interacting with the old browser. Finally, Sinatra changes the roles in less than 10ms, and the user starts interacting with the new browser, effectively performing a browser update with zero downtime and no loss of state.

Subject Classification

ACM Subject Classification
  • Computer systems organization → Availability
  • Software and its engineering → Maintaining software
Keywords
  • Internet browsers
  • dynamic software updating
  • multi-version execution

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. Sinatra’s github reposiroty. URL: https://github.com/bitslab/sinatra.
  2. Automate the boring stuff with python. https://github.com/RMPR/atbswp, 2021. Accessed: 2021-04-14.
  3. Node.js. https://nodejs.org/en/, 2021. Accessed: 2021-04-14.
  4. Socket.io. https://socket.io/, 2021. Accessed: 2021-04-14.
  5. Earl T. Barr, Mark Marron, Ed Maurer, Dan Moseley, and Gaurav Seth. Time-travel debugging for javascript/node.js. In FSE '16 Proceedings of the 2016 ACM International Symposium on the Foundations of Software Engineering. Association for Computing Machinery, September 2016. URL: https://www.microsoft.com/en-us/research/publication/time-travel-debugging-javascriptnode-js/.
  6. Samuel Baxter, Rachit Nigam, Joe Gibbs Politz, Shriram Krishnamurthi, and Arjun Guha. Putting in all the stops: Execution control for javascript. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2018, pages 30-45, New York, NY, USA, 2018. Association for Computing Machinery. URL: https://doi.org/10.1145/3192366.3192370.
  7. Jonathan Bell, Nikhil Sarda, and Gail Kaiser. Chronicler: Lightweight recording to reproduce field failures. In Proceedings of the 2013 International Conference on Software Engineering, ICSE '13, pages 362-371. IEEE Press, 2013. Google Scholar
  8. Emery Berger and Benjamin Zorn. Diehard: Probabilistic memory safety for unsafe languages. In Proceedings of the ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation, Ottawa, Ontario, Canada, June 11-14, 2006, volume 41, pages 158-168, January 2006. URL: https://doi.org/10.1145/1133255.1134000.
  9. Andrew Black, Stéphane Ducasse, Oscar Nierstrasz, Damien Pollet, Damien Cassou, and Marcus Denker. Pharo by Example. Square Bracket Associates, 2009. URL: http://pharobyexample.org.
  10. Brian Burg, Richard Bailey, Andrew J. Ko, and Michael D. Ernst. Interactive record/replay for web application debugging. In UIST 2013: Proceedings of the 26th ACM Symposium on User Interface Software and Technology, pages 473-484, St. Andrews, UK, October 2013. Google Scholar
  11. Haibo Chen, Jie Yu, Rong Chen, Binyu Zang, and Pen-Chung Yew. Polus: A powerful live updating system. In Proceedings of the 29th International Conference on Software Engineering, ICSE '07, pages 271-281, USA, 2007. IEEE Computer Society. URL: https://doi.org/10.1109/ICSE.2007.65.
  12. Aldo Cortesi, Maximilian Hils, Thomas Kriechbaumer, and contributors. mitmproxy: A free and open source interactive HTTPS proxy, 2010-. [Version 5.3]. URL: https://mitmproxy.org/.
  13. Benjamin Cox, David Evans, Adrian Filipi, Jonathan Rowanhill, Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser. N-variant systems: A secretless framework for security through diversity. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS'06, USA, 2006. USENIX Association. Google Scholar
  14. ECMA (European Association for Standardizing Information and Communication Systems). Standard ECMA-262 6th Edition - Section 19.1.2.4. https://262.ecma-international.org/6.0/#sec-object.defineproperty. Accessed: 2022-01-04.
  15. ECMA International. Standard ECMA-404 - The JSON data interchange syntax. https://www.ecma-international.org/publications-and-standards/standards/ecma-404/, December 2017.
  16. ECMA International. Standard ECMA-262 - ECMAScript(R) 2020 language specification. https://www.ecma-international.org/publications-and-standards/standards/ecma-262/, June 2020.
  17. Cristiano Giuffrida, Călin Iorgulescu, Anton Kuijsten, and Andrew S. Tanenbaum. Back to the future: Fault-tolerant live update with time-traveling state transfer. In Proceedings of the 27th USENIX Conference on Large Installation System Administration, LISA'13, pages 89-104, USA, 2013. USENIX Association. Google Scholar
  18. Cristiano Giuffrida, Călin Iorgulescu, and Andrew S. Tanenbaum. Mutable checkpoint-restart: Automating live update for generic server programs. In Proceedings of the 15th International Middleware Conference, Middleware '14, pages 133-144, New York, NY, USA, 2014. Association for Computing Machinery. URL: https://doi.org/10.1145/2663165.2663328.
  19. Cristiano Giuffrida, Anton Kuijsten, and Andrew S. Tanenbaum. Safe and automatic live update for operating systems. SIGARCH Comput. Archit. News, 41(1):279-292, March 2013. URL: https://doi.org/10.1145/2490301.2451147.
  20. Adele Goldberg and David Robson. Smalltalk-80: The Language and its Implementation. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1983. Google Scholar
  21. Google. Angularjs. https://angularjs.org/, 2018. Accessed: 2021-04-14.
  22. Google Inc. API Reference - Chrome Developers. https://developer.chrome.com/docs/extensions/reference/. Accessed: 2022-01-04.
  23. Google Inc. JsAction repository. https://github.com/google/jsaction. Accessed: 2022-01-04.
  24. Christopher M. Hayden, Edward K. Smith, Michail Denchev, Michael Hicks, and Jeffrey S. Foster. Kitsune: Efficient, general-purpose dynamic software updating for C. In Proceedings of the ACM Conference on Object-Oriented Programming Languages, Systems, and Applications (OOPSLA), October 2012. Google Scholar
  25. M. He, G. Wu, H. Tang, W. Chen, J. Wei, H. Zhong, and T. Huang. X-check: A novel cross-browser testing service based on record/replay. In 2016 IEEE International Conference on Web Services (ICWS), pages 123-130, 2016. Google Scholar
  26. Petr Hosek and Cristian Cadar. Safe software updates via multi-version execution. In International Conference on Software Engineering (ICSE 2013), pages 612-621, May 2013. Google Scholar
  27. Petr Hosek and Cristian Cadar. Varan the unbelievable: An efficient n-version execution framework. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2015), pages 339-353, March 2015. Google Scholar
  28. Linghua Jin. Stroop effect color game build with angularjs. https://github.com/linghuaj/Angular-ColorGame, 2016. Accessed: 2021-04-14.
  29. Aryeh Gregor Johannes Wilm. execcommand - unofficial draft 13 april 2021. https://w3c.github.io/editing/docs/execCommand/, 2021. Accessed: 2021-04-14.
  30. Jevgeni Kabanov and Varmo Vene. A thousand years of productivity: the jrebel story. Software: Practice and Experience, 44(1):105-127, 2014. URL: https://doi.org/10.1002/spe.2158.
  31. Brian Kirchoff. Nicedit - wysiwyg content editor, inline rich text application. https://nicedit.com/, 2008. Accessed: 2021-04-14.
  32. Koen Koning, Herbert Bos, and Cristiano Giuffrida. Secure and efficient multi-variant execution using hardware-assisted process virtualization. In Proceedings - 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016, pages 431-442. Institute of Electrical and Electronics Engineers, Inc., September 2016. URL: https://doi.org/10.1109/DSN.2016.46.
  33. Leslie Lamport. Time, clocks, and the ordering of events in a distributed system. Commun. ACM, 21(7):558-565, July 1978. URL: https://doi.org/10.1145/359545.359563.
  34. Liming Chen and A. Avizienis. N-version programminc: A fault-tolerance approach to rellablllty of software operatlon. In Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'., pages 113-, 1995. URL: https://doi.org/10.1109/FTCSH.1995.532621.
  35. Linux Foundation. ptrace - linux standard base core specification 4.1. http://refspecs.linux-foundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/baselib-ptrace-1.html, 2010. Accessed: 2021-04-14.
  36. Kristis Makris and Rida A. Bazzi. Immediate multi-threaded dynamic software updates using stack reconstruction. In Proceedings of the 2009 Conference on USENIX Annual Technical Conference, USENIX'09, page 31, USA, 2009. USENIX Association. Google Scholar
  37. Matthew Maurer and David Brumley. Tachyon: Tandem execution for efficient live patch testing. In 21st USENIX Security Symposium (USENIX Security 12), pages 617-630, Bellevue, WA, August 2012. USENIX Association. URL: https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/maurer.
  38. Meta Platforms, Inc. React - A JavaScript Library for building user interfaces. https://reactjs.org/. Accessed: 2022-01-04.
  39. James Mickens, Jeremy Elson, and Jon Howell. Mugshot: Deterministic capture and replay for javascript applications. In Proceedings of NSDI. USENIX, April 2010. URL: https://www.microsoft.com/en-us/research/publication/mugshot-deterministic-capture-and-replay-for-javascript-applications/.
  40. Mozilla Inc. Browser Extensions - Mozilla MDN. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions. Accessed: 2022-01-04.
  41. Mozilla Inc. Firefox Public Data Report. https://data.firefox.com/dashboard/user-activity. Accessed: 2022-01-04.
  42. Robert O'Callahan, Chris Jones, Nathan Froyd, Kyle Huey, Albert Noll, and Nimrod Partush. Lightweight user-space record and replay. CoRR, abs/1610.02144, 2016. URL: https://arxiv.org/abs/1610.02144.
  43. Luís Pina, Anastasios Andronidis, and Cristian Cadar. Freeda: Deploying incompatible stock dynamic analyses in production via multi-version execution. In Proceedings of the ACM International Conference on Computing Frontiers, CF '18. ACM, May 2018. Google Scholar
  44. Luís Pina, Anastasios Andronidis, Michael Hicks, and Cristian Cadar. MVEDSUa: Higher Availability Dynamic Software Updates via Multi-Version Execution. In Proceedings of the ACM 24th Architectural Support for Programming Languages and Operating Systems, ASPLOS '19. ACM, April 2019. Google Scholar
  45. Luís Pina and João Cachopo. Atomic dynamic upgrades using software transactional memory. In Proceedings of the 4th International Workshop on Hot Topics in Software Upgrades, HotSWUp. IEEE, June 2012. Google Scholar
  46. Luís Pina, Daniel Grumberg, Anastasios Andronidis, and Cristian Cadar. A dsl approach to reconcile equivalent divergent program executions. In Proceedings of the USENIX Annual Technical Conference, USENIX ATC '17. USENIX, July 2017. Google Scholar
  47. Luís Pina, Luís Veiga, and Michael Hicks. Rubah: DSU for java on a stock JVM. In Proceedings of the ACM 2014 International Conference on Object-Oriented Programming Languages, Systems, and Applications, OOPSLA '14. ACM, October 2014. Google Scholar
  48. Weizhong Qiang, Feng Chen, Laurence T. Yang, and Hai Jin. Muc: Updating cloud applications dynamically via multi-version execution. Future Generation Computer Systems, 74:254-264, 2017. URL: https://doi.org/10.1016/j.future.2015.12.003.
  49. Rafael Robayna. Canvas painter. http://caimansys.com/painter/, 2006. Accessed: 2021-04-14.
  50. Ugnius Rumsevicius, Siddhanth Venkateshwaran, Ellen Kidane, and Luís Pina. Artifact for SINATRA: Stateful Instantaneous Updates for Commercial Browsers through Multi- Version eXecution, February 2023. URL: https://doi.org/10.5281/zenodo.7647070.
  51. Babak Salamat, Todd Jackson, Andreas Gal, and Michael Franz. Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space. In Wolfgang Schröder-Preikschat, John Wilkes, and Rebecca Isaacs, editors, Proceedings of the 2009 EuroSys Conference, Nuremberg, Germany, April 1-3, 2009, pages 33-46. ACM, 2009. URL: https://doi.org/10.1145/1519065.1519071.
  52. Jacob Seidelin. DOMTRIS - A DHTML Tetris clone. https://web.archive.org/web/20140805202021/http://www.nihilogic.dk/labs/tetris/, 2014. Accessed: 2021-04-14.
  53. StatCounter GlobalStats. Desktop Browser Version Market Share Worlwide. https://gs.statcounter.com/browser-version-market-share/desktop/worldwide//#daily-20201001-20201201. Accessed: 2022-01-04.
  54. J. R. Stroop. Studies of interference in serial verbal reactions. Journal of Experimental Psychology, 1935. URL: https://doi.org/10.1037/h0054651.
  55. Suriya Subramanian, Michael Hicks, and Kathryn S. McKinley. Dynamic software updates: A VM-centric approach. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI), pages 1-12, June 2009. Google Scholar
  56. Al Sweigart. Pyautigui documentation. https://pyautogui.readthedocs.io/en/latest/, 2019. Accessed: 2021-04-14.
  57. John Vilk, James Mickens, and Mark Marron. A gray box approach for high-fidelity, high-speed time-travel debugging. Technical Report MSR-TR-2016-7, Microsoft, June 2016. URL: https://www.microsoft.com/en-us/research/publication/gray-box-approach-high-fidelity-high-speed-time-travel-debugging/.
  58. Stijn Volckaert, Bart Coppens, Bjorn De Sutter, Koen De Bosschere, Per Larsen, and Michael Franz. Taming parallelism in a multi-variant execution environment. In Proceedings of the Twelfth European Conference on Computer Systems, EuroSys ’17, pages 270-285, New York, NY, USA, 2017. Association for Computing Machinery. URL: https://doi.org/10.1145/3064176.3064178.
  59. Stijn Volckaert, Bart Coppens, Alexios Voulimeneas, Andrei Homescu, Per Larsen, Bjorn De Sutter, and Michael Franz. Secure and efficient application monitoring and replication. In 2016 USENIX Annual Technical Conference (USENIX ATC 16), pages 167-179, Denver, CO, June 2016. USENIX Association. URL: https://www.usenix.org/conference/atc16/technical-sessions/presentation/volckaert.
  60. W3C. DOM - Living Standard - Section 4.3: Mutation Observers. https://dom.spec.whatwg.org/#mutation-observers. Accessed: 2022-01-04.
  61. W3C. HTML - Living Standard - Section 10: Web workers. https://html.spec.whatwg.org/multipage/workers.html#workers. Accessed: 2022-01-04.
  62. W3C. HTML - Living Standard - Section 12: Web storage. https://html.spec.whatwg.org/multipage/webstorage.html#webstorage. Accessed: 2022-01-04.
  63. W3C. WebRTC 1.0: Real-Time Communication Between Broswers. https://w3c.github.io/webrtc-pc/. Accessed: 2022-01-04.
  64. Web Hypertext Application Technology Working Group (WHATWG). Html living standard - 4.12.5 the canvas element. https://html.spec.whatwg.org/multipage/canvas.html#the-canvas-element, 2021. Accessed: 2021-04-14.
  65. Thomas Würthinger, Danilo Ansaloni, Walter Binder, Christian Wimmer, and Hanspeter Mössenböck. Safe and atomic run-time code evolution for java and its application to dynamic aop. SIGPLAN Not., 46(10):825-844, October 2011. URL: https://doi.org/10.1145/2076021.2048129.
  66. Thomas Würthinger, Christian Wimmer, and Lukas Stadler. Dynamic code evolution for java. In Proceedings of the 8th International Conference on the Principles and Practice of Programming in Java, PPPJ '10, pages 10-19, New York, NY, USA, 2010. Association for Computing Machinery. URL: https://doi.org/10.1145/1852761.1852764.
  67. Hui Xue, Nathan Dautenhahn, and Samuel T. King. Using replicated execution for a more secure and reliable web browser. In 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, February 5-8, 2012. The Internet Society, 2012. URL: https://www.ndss-symposium.org/ndss2012/using-replicated-execution-more-secure-and-reliable-web-browser.
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail