Native Client Native Client Evgeny Eltsin
Overview <ul><li>Why Native Client? </li></ul><ul><li>What is it? </li></ul><ul><li>How it works? </li></ul><ul><li>Ecosys...
Why Native Client? Close the gap between desktop and web apps <ul><li>Performance </li></ul><ul><li>Choice of programming ...
Why Native Client? Close the gap between desktop and web apps <ul><li>Safety </li></ul><ul><li>Portability </li></ul>
Web Apps Interpreted languages (JavaScript) <ul><li>Safe </li></ul><ul><li>but often slow </li></ul>
How to Improve? Just-In-Time compiler <ul><li>Faster (fast enough?) </li></ul><ul><li>and often complex (more vulnerable ?...
Web Apps Native code &quot;as is&quot; (ActiveX) <ul><li>Fast </li></ul><ul><li>but not safe </li></ul>
How to Improve? Make native code &quot;manageable&quot;? <ul><li>OS gives few options </li></ul>
What is Native Client? NaCl — system for safe execution of untrusted native code <ul><li>In a web browser </li></ul><ul><l...
What is it Good for? Port desktop apps to web <ul><li>Zero install </li></ul><ul><li>Performance close to native </li></ul>
What is it Good for? Enhance web apps with <ul><li>C/C++/... libraries (libcrypt, CGAL, ...) </li></ul><ul><li>New high-pe...
What is it Good for? Sandbox existing plugins <ul><li>Stop asking users to trust your code </li></ul>
Lunch isn't Free Must recompile from source <ul><li>and do some porting </li></ul>Part of system interfaces are unavailabl...
What is Safe? No side effects except via explicit secure interfaces
Runtime Sandbox No side effects ... <ul><li>No read, write or execute outside of the sandbox </li></ul>... except via expl...
How it Works? Runtime sandbox is created via an agreement between <ul><li>Code generator (untrusted) </li></ul><ul><li>Val...
What Code Validation is? First, disassemble all executable code <ul><li>No overlapping instructions </li></ul><ul><li>Run-...
Control Flow Integrity Do we jump to code we know? <ul><li>Direct jumps are easy to validate </li></ul><ul><li>but indirec...
Instruction Bundles Every bundle-aligned code address is a potential jump target <ul><li>No instructions cross bundle boun...
Instruction Bundles Indirect jump always go to a bundle-aligned address <ul><li>Code generator makes code to enforce </li>...
i386 Example <ul><li>call 0x1280(%eax) </li></ul><ul><li>lea 0x1280(%eax), %eax </li></ul><ul><li>and 0xffffffe0, %eax </l...
Checking Read, Write and Jump i386 Example <ul><li>Validator checks instructions use correct segment registers </li></ul><...
System Calls Trampoline to outer stuff <ul><li>Valid jump target inside the sandbox </li></ul><ul><li>Does &quot;context s...
Ecosystem Availability <ul><li>i386, x86_64, ARM </li></ul><ul><li>Linux, Windows, MacOS </li></ul><ul><li>chrome —enable-...
Portability PNaCl - work in progress <ul><li>Portable representation (LLVM bitcode) </li></ul><ul><li>Final translation on...
Deployment <ul><li>HTML <EMBED> </li></ul><ul><li>Binary picked by client architecture </li></ul><ul><li>Scripting interfa...
What works? Gallery at http://code.google.com/p/nativeclient And much more stuff <ul><li>Quake </li></ul><ul><li>Video dec...
Developer Stuff <ul><li>ILP32 data model for all architectures </li></ul><ul><li>Linux-like programming environment </li><...
Native Client SDK http://code.google.com/p/nativeclient-sdk Ported Gnu toolchain <ul><li>gcc 4.4.3 (4.5 coming) </li></ul>...
Native Client Ports http://code.google.com/p/naclports <ul><li>zlib </li></ul><ul><li>cairo </li></ul><ul><li>mesa </li></...
Developers Welcome! Lot of fun projects <ul><li>GTK </li></ul><ul><li>SDL </li></ul><ul><li>and your choice of cool stuff!...
Thank You! Questions?
Upcoming SlideShare
Loading in …5
×

Native client (Евгений Эльцин)

3,671 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,671
On SlideShare
0
From Embeds
0
Number of Embeds
2,633
Actions
Shares
0
Downloads
61
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Native client (Евгений Эльцин)

  1. 1. Native Client Native Client Evgeny Eltsin
  2. 2. Overview <ul><li>Why Native Client? </li></ul><ul><li>What is it? </li></ul><ul><li>How it works? </li></ul><ul><li>Ecosystem </li></ul><ul><li>Developer stuff </li></ul>
  3. 3. Why Native Client? Close the gap between desktop and web apps <ul><li>Performance </li></ul><ul><li>Choice of programming language </li></ul><ul><li>Leverage legacy code </li></ul>
  4. 4. Why Native Client? Close the gap between desktop and web apps <ul><li>Safety </li></ul><ul><li>Portability </li></ul>
  5. 5. Web Apps Interpreted languages (JavaScript) <ul><li>Safe </li></ul><ul><li>but often slow </li></ul>
  6. 6. How to Improve? Just-In-Time compiler <ul><li>Faster (fast enough?) </li></ul><ul><li>and often complex (more vulnerable ?) </li></ul>
  7. 7. Web Apps Native code &quot;as is&quot; (ActiveX) <ul><li>Fast </li></ul><ul><li>but not safe </li></ul>
  8. 8. How to Improve? Make native code &quot;manageable&quot;? <ul><li>OS gives few options </li></ul>
  9. 9. What is Native Client? NaCl — system for safe execution of untrusted native code <ul><li>In a web browser </li></ul><ul><li>… </li></ul>Open-source http://code.google.com/p/nativeclient
  10. 10. What is it Good for? Port desktop apps to web <ul><li>Zero install </li></ul><ul><li>Performance close to native </li></ul>
  11. 11. What is it Good for? Enhance web apps with <ul><li>C/C++/... libraries (libcrypt, CGAL, ...) </li></ul><ul><li>New high-performance code (threads, hand-coded asm, ...) </li></ul>
  12. 12. What is it Good for? Sandbox existing plugins <ul><li>Stop asking users to trust your code </li></ul>
  13. 13. Lunch isn't Free Must recompile from source <ul><li>and do some porting </li></ul>Part of system interfaces are unavailable Still work in progress
  14. 14. What is Safe? No side effects except via explicit secure interfaces
  15. 15. Runtime Sandbox No side effects ... <ul><li>No read, write or execute outside of the sandbox </li></ul>... except via explicit secure interfaces <ul><li>&quot;system calls&quot; </li></ul>
  16. 16. How it Works? Runtime sandbox is created via an agreement between <ul><li>Code generator (untrusted) </li></ul><ul><li>Validator and loader (trusted) </li></ul>Trusted part is simple
  17. 17. What Code Validation is? First, disassemble all executable code <ul><li>No overlapping instructions </li></ul><ul><li>Run-time code generation needs special support </li></ul>
  18. 18. Control Flow Integrity Do we jump to code we know? <ul><li>Direct jumps are easy to validate </li></ul><ul><li>but indirect ? </li></ul>
  19. 19. Instruction Bundles Every bundle-aligned code address is a potential jump target <ul><li>No instructions cross bundle boundaries </li></ul><ul><li>Code generator pads with NOPs </li></ul>Bundle is 32-bytes (chosen from experiment)
  20. 20. Instruction Bundles Indirect jump always go to a bundle-aligned address <ul><li>Code generator makes code to enforce </li></ul><ul><li>Validator checks enforcement </li></ul>
  21. 21. i386 Example <ul><li>call 0x1280(%eax) </li></ul><ul><li>lea 0x1280(%eax), %eax </li></ul><ul><li>and 0xffffffe0, %eax </li></ul><ul><li>call *%eax </li></ul>
  22. 22. Checking Read, Write and Jump i386 Example <ul><li>Validator checks instructions use correct segment registers </li></ul><ul><li>Loader sets segment registers correctly </li></ul><ul><li>Loader protects memory accordingly </li></ul>
  23. 23. System Calls Trampoline to outer stuff <ul><li>Valid jump target inside the sandbox </li></ul><ul><li>Does &quot;context switch&quot; and jump out of the sandbox </li></ul><ul><li>Generated by trusted loader </li></ul>
  24. 24. Ecosystem Availability <ul><li>i386, x86_64, ARM </li></ul><ul><li>Linux, Windows, MacOS </li></ul><ul><li>chrome —enable-nacl </li></ul><ul><li>Firefox plugin (fewer features than in Chrome, unfortunately) </li></ul>
  25. 25. Portability PNaCl - work in progress <ul><li>Portable representation (LLVM bitcode) </li></ul><ul><li>Final translation on the client </li></ul><ul><li>or translation/cache server </li></ul>
  26. 26. Deployment <ul><li>HTML <EMBED> </li></ul><ul><li>Binary picked by client architecture </li></ul><ul><li>Scripting interface </li></ul>
  27. 27. What works? Gallery at http://code.google.com/p/nativeclient And much more stuff <ul><li>Quake </li></ul><ul><li>Video decoder </li></ul><ul><li>Python </li></ul>
  28. 28. Developer Stuff <ul><li>ILP32 data model for all architectures </li></ul><ul><li>Linux-like programming environment </li></ul><ul><li>ELF binaries </li></ul><ul><li>Netscape Plugin API/Pepper Plugin API </li></ul>
  29. 29. Native Client SDK http://code.google.com/p/nativeclient-sdk Ported Gnu toolchain <ul><li>gcc 4.4.3 (4.5 coming) </li></ul><ul><li>newlib (glibc coming) </li></ul>
  30. 30. Native Client Ports http://code.google.com/p/naclports <ul><li>zlib </li></ul><ul><li>cairo </li></ul><ul><li>mesa </li></ul><ul><li>theora </li></ul><ul><li>expat </li></ul>
  31. 31. Developers Welcome! Lot of fun projects <ul><li>GTK </li></ul><ul><li>SDL </li></ul><ul><li>and your choice of cool stuff! </li></ul>
  32. 32. Thank You! Questions?

×