TrustJS: Trusted client-side execution of javascript

Goltzsche D, Wulf C, Muthukumaran D, Rieck K, Pietzuch P, Kapitza R (2017)


Publication Type: Conference contribution

Publication year: 2017

Publisher: Association for Computing Machinery, Inc

Conference Proceedings Title: Proceedings of the Proceedings of the 10th European Workshop on Systems Security, EuroSec 2017, co-located with European Conference on Computer Systems, EuroSys 2017

Event location: Belgrade, SRB

ISBN: 9781450349352

DOI: 10.1145/3065913.3065917

Abstract

Client-side JavaScript has become ubiquitous in web applications to improve user experience and reduce server load. However, since clients are untrusted, servers cannot rely on the confidentiality or integrity of client-side JavaScript code and the data that it oper- ates on. For example, client-side input validation must be repeated at server side, and confidential business logic cannot be offloaded. In this paper, we present TRUSTJS, a framework that enables trust- worthy execution of security-sensitive JavaScript inside commodity browsers. TRUSTJS leverages trusted hardware support provided by Intel SGX to protect the client-side execution of JavaScript, en- abling a flexible partitioning of web application code. We present the design of TRUSTJS and provide initial evaluation results, show- ing that trustworthy JavaScript offloading can further improve user experience and conserve more server resources.

Authors with CRIS profile

Involved external institutions

How to cite

APA:

Goltzsche, D., Wulf, C., Muthukumaran, D., Rieck, K., Pietzuch, P., & Kapitza, R. (2017). TrustJS: Trusted client-side execution of javascript. In Proceedings of the Proceedings of the 10th European Workshop on Systems Security, EuroSec 2017, co-located with European Conference on Computer Systems, EuroSys 2017. Belgrade, SRB: Association for Computing Machinery, Inc.

MLA:

Goltzsche, David, et al. "TrustJS: Trusted client-side execution of javascript." Proceedings of the 10th European Workshop on Systems Security, EuroSec 2017, co-located with European Conference on Computer Systems, EuroSys 2017, Belgrade, SRB Association for Computing Machinery, Inc, 2017.

BibTeX: Download