Modern Web Browsers and the Role of Practical Systems Research
Ben Livshits
This keynote will highlight some of the on cutting-edge research coming out of Microsoft Research, a division of Microsoft Corporation located in Redmond, Washington. Microsoft Research is dedicated to conducting both basic and applied research in computer science and software engineering. Researchers focus on more than 55 areas of computing and collaborate with leading academic, government and industry researchers to advance the state of the art. Microsoft Research has expanded over the years to eight locations worldwide and a number of collaborative projects that bring together the best minds in computer science to advance a research agenda based on their unique talents and interests.
In this keynote I will focus on two recent projects focusing on performance and security of Web browsers.
The focus of the JSMeter project is on making browsers in JavaScript run faster. JavaScript is widely used in web-based applications and is increasingly popular with developers. So-called browser wars in recent years have focused on JavaScript performance, specifically claiming comparative results based on benchmark suites such as SunSpider and V8. In this talk, I evaluate the behavior of JavaScript web applications from commercial web sites and compare this behavior with the benchmarks. We conclude that benchmarks and real web applications behave very differently when it comes to just about every aspect of runtime performance. This work motivated our efforts to create significantly more realistic browser benchmarks using record and replay techniques.
The second project I’ll describe is RePriv, a system for controlling the release of private information within the browser. We demonstrate how to perform mining of core user interests within a browser. We also propose a protocol on top of HTTP that can be used to seamlessly integrate RePriv with existing web infrastructure. We show how pluggable miners can be used to extract more detailed information and how to check these third-party miners for privacy leaks. We evaluated several aspects of RePriv in realistic scenarios. We show that RePriv ‘s default in-browser mining can be done with no noticeable overhead to normal browsing, and that the results it produces converge quickly. We then go on to show similar results for each of our case studies: that RePriv enables high-quality personalization, and that the performance impact each case has on the browser is minimal. We conclude that personalized content and individual privacy on the web are not mutually exclusive.
Bio
Ben Livshits is a researcher at Microsoft Research in Redmond, WA and an affiliate faculty member at the University of Washington. Originally from St. Petersburg, Russia, he received a bachelor’s degree in Computer Science and Math from Cornell University in 1999, and his M.S. and Ph.D. in Computer Science from Stanford University in 2002 and 2006, respectively. Dr. Livshits’ research interests include application of sophisticated static and dynamic analysis techniques to finding errors in programs.
He is known for his work in software reliability and especially tools to improve software security, with a primary focus on approaches to finding buffer overruns in C programs and a variety of security vulnerabilities (cross-site scripting, SQL injections, etc.) in Web-based applications. He is the author of several dozen academic papers and patents. Lately he has been focusing on how Web 2.0 application reliability, performance, and security can be improved through a combination of static and runtime techniques.