Improving the Performance and Security of AJAX Web Applications

Web applications such as Facebook, Google Maps, and Hotmail have become an integral part of everyday life. These modern AJAX Web applications are distributed systems with a great deal of inherent complexity. Applications containing 100,000 lines of client—side JavaScript or more are not uncommon and emerging applications such as Office for the Web, Zimbra, and Zoho hint at more complexity still to come. This talk focuses on two projects addressing performance and security of AJAX applications.

The second project is Ripley, a replication technology for preserving computational integrity of AJAX applications. Once a portion of a Web application is moved to the client, a malicious user can subvert the client side of the computation, jeopardizing the integrity of the server-side state. In this project we propose Ripley, a system that uses replicated execution to automatically preserve the integrity of a distributed computation. Ripley observes results of the computation, both as computed on the client-side and on the server side using the replica of the client-side code. Any discrepancy is flagged as a potential violation of computational integrity. We keep the client-side code to preserve low-latency user interactions. We have built Ripley on top of Volta, a distributing compiler that translates .NET applications into JavaScript, effectively providing a measure of security by construction for Volta applications.

Additional CS events.