The use of native instructions to supplement a web application is nothing new, but engineers at Google are attempting to bring a fresh, and secure, perspective to the concept. With a novel architecture and security model, Native Client makes for an interesting project with promising results.
Here we go again with another foray into the world of native instructions within a web browser. This is nothing new as we have always dealt with the ubiquitous Netscape Plug-in API (NPAPI) and the much derided ActiveX technology from our friends at Microsoft (among others, of course). Developed in nice, quaint, simple times, these architectures did very little in the way of security. They operated largely off of the concept of trust and are given the full run of the PC: it’s Filesystem, networking interfaces, etc. Internet Explorer has come a ways since those days by offering little annoying notification bars at the top of the page alerting you that it needs to run an ActiveX component. I almost never see that (and if I do, I realize I’m in IE and immediately switch back to Chrome or Firefox). Both of these leave room for social engineering attacks.
We also have the not-so-native technologies for webpages in Java, Microsoft Silverlight, and Adobe AIR (Flash/Flex), all of which are a means of isolating the untrusted code they contain from the host operating system’s interfaces. These generally make the lives of developers easier in their “write-once-run-anywhere” and are generally safer, but still have their fair share of security flaws pop up every now and again.
Google Native Client
What we are getting (at a slightly lower level) is the execution of this compiled code in an x86 sandbox, which provides memory segmentation and isolation from the browser and the host operating system. The sandboxing of the code provides the user protection from unintended instructions as well as protecting the module itself from potential operating system defects (if you believe that any operating system is defect free, then, boy, do I have a bridge to sell you!).
We also see that direct access to the Filesystem and operating system resources has been blocked. This is done within the NaCl service runtime which disassembles the binary module (thus no tricky compilation schemes allows) and checks the instructions against a white-list; any illegal instructions found and the module will be rejected. Aside from providing the primitives for memory allocation and deallocation, the service runtime also explicitly prevents networking calls such as connect() and accept().
Additional features in NaCl include a subset of POSIX threads, and SSE instructions for parallel computing. The Pepper Interface, also included, provides functions such as compute, audio, native 2D, and other plug-in accessibility features. Common POSIX file I/O is available, but limited to communications channels & web-based read-only content.
So what I went and did was create a small NaCl module project for myself. It’s nothing more than a qui
Also included in the test are the results of the same C++ algorithm when executed on the command line in Linux. The executable was compiled and linked by the GCC compiler provided with Linux, not with the NaCl runtime, thus does not contain any of the NaCl libraries or optimizations.
For the test, I used the following parameters:
Test Cycles: 2
Low Bound: 100
Upper Bound: 100,000
Include Native Call in Time: Yes
Native Client Performance Test Page:
Native Client Performance Test C++ Source Code:
NOTE: This code is not production ready and makes a ton of assumptions. I include it here primarily for reference.
Test Results Data:
- “Native Client: A Sandbox for Portable, Untrusted x86 Native Code”, Bennet Yee, David Sehr, Greg Dardyk, Brad Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, Nicholas Fullagar, IEEE Symposium on Security and Privacy (Oakland’09), 2009. http://research.google.com/pubs/pub34913.html
- Kroeker, K.. “Toward Native Web Execution. ” Association for Computing Machinery. Communications of the ACM 52.7 (2009): 16. ABI/INFORM Global, ProQuest. Web. 24 Mar. 2011. http://cacm.acm.org/magazines/2009/7/32081-toward-native-web-execution/fulltext
- Paul Krill. “Google advances Native Client Web browser technology. ” InfoWorld.com 18 Feb. 2011: ABI/INFORM Trade & Industry, ProQuest. Web. 24 Mar. 2011. http://www.infoworld.com/print/152178
- Wikipedia contributors. “Merge sort.” Wikipedia, The Free Encyclopedia. Wikipedia, The Free Encyclopedia, 12 Mar. 2011. Web. 23 Mar. 2011. http://en.wikipedia.org/wiki/Mergesort