Native Client - A Sandbox for Portable, Untrusted Native Code


Native Client is an open-source technology for running untrusted native code in web applications, with the goal of maintaining OS portability, ISA portability, and safety that people expect from web apps. Native Client uses static validation to achieve software fault isolation; and a specialized runtime to direct all system interaction and side effects through managed interfaces, notably PPAPI (Pepper). It supports performance-oriented features generally absent from web application programming environments, such as thread support, instruction set extensions such as SSE, and use of hand-coded assembler. We combine these properties in an open architecture designed to leverage existing web standards, and to encourage community review and 3rd-party tools. This talk will cover system design, in particular the memory sandbox and the static validator, and touch upon recent efforts including JIT support and ISA portability (the Portable Native Client project).

For more information and resources see

About the speaker:

Christian Stefansen works on the Native Client project at Google in Mountain View, CA. Prior to joining Google, he was a Postdoctoral Researcher at the University of Copenhagen, conducting research on Reactors, a declarative programming model for distributed computing, and on using process calculi, in particular CSP and $\pi$ calculus, to express financial contracts. Christian Stefansen received his M.Sc. and Ph.D. degrees from the University of Copenhagen. In 2004-05 he was a Fulbright Scholar at Harvard University. He also holds a degree in Business Administration from Copenhagen Business School.