Native Client allows developers to run untrusted native code securely in web browsers. It works by sandboxing native code at runtime so it can only interact with the system via defined interfaces. This close the performance gap between web and desktop apps while maintaining safety. Native Client validates code as it loads to ensure it only accesses approved parts of the system and follows expected control flows. It has implementations for x86, x86-64 and ARM, and is supported in Chrome and Firefox via plugins.

1. Native Client Native Client Evgeny Eltsin

2. Overview Why Native Client? What is it? How it works? Ecosystem Developer stuff

3. Why Native Client? Close the gap between desktop and web apps Performance Choice of programming language Leverage legacy code

4. Why Native Client? Close the gap between desktop and web apps Safety Portability

5. Web Apps Interpreted languages (JavaScript) Safe but often slow

6. How to Improve? Just-In-Time compiler Faster (fast enough?) and often complex (more vulnerable ?)

7. Web Apps Native code "as is" (ActiveX) Fast but not safe

8. How to Improve? Make native code "manageable"? OS gives few options

9. What is Native Client? NaCl — system for safe execution of untrusted native code In a web browser … Open-source http://code.google.com/p/nativeclient

10. What is it Good for? Port desktop apps to web Zero install Performance close to native

11. What is it Good for? Enhance web apps with C/C++/... libraries (libcrypt, CGAL, ...) New high-performance code (threads, hand-coded asm, ...)

12. What is it Good for? Sandbox existing plugins Stop asking users to trust your code

13. Lunch isn't Free Must recompile from source and do some porting Part of system interfaces are unavailable Still work in progress

14. What is Safe? No side effects except via explicit secure interfaces

15. Runtime Sandbox No side effects ... No read, write or execute outside of the sandbox ... except via explicit secure interfaces "system calls"

16. How it Works? Runtime sandbox is created via an agreement between Code generator (untrusted) Validator and loader (trusted) Trusted part is simple

17. What Code Validation is? First, disassemble all executable code No overlapping instructions Run-time code generation needs special support

18. Control Flow Integrity Do we jump to code we know? Direct jumps are easy to validate but indirect ?

19. Instruction Bundles Every bundle-aligned code address is a potential jump target No instructions cross bundle boundaries Code generator pads with NOPs Bundle is 32-bytes (chosen from experiment)

20. Instruction Bundles Indirect jump always go to a bundle-aligned address Code generator makes code to enforce Validator checks enforcement

21. i386 Example call 0x1280(%eax) lea 0x1280(%eax), %eax and 0xffffffe0, %eax call *%eax

22. Checking Read, Write and Jump i386 Example Validator checks instructions use correct segment registers Loader sets segment registers correctly Loader protects memory accordingly

23. System Calls Trampoline to outer stuff Valid jump target inside the sandbox Does "context switch" and jump out of the sandbox Generated by trusted loader

24. Ecosystem Availability i386, x86_64, ARM Linux, Windows, MacOS chrome —enable-nacl Firefox plugin (fewer features than in Chrome, unfortunately)

25. Portability PNaCl - work in progress Portable representation (LLVM bitcode) Final translation on the client or translation/cache server

26. Deployment HTML <EMBED> Binary picked by client architecture Scripting interface

27. What works? Gallery at http://code.google.com/p/nativeclient And much more stuff Quake Video decoder Python

28. Developer Stuff ILP32 data model for all architectures Linux-like programming environment ELF binaries Netscape Plugin API/Pepper Plugin API

29. Native Client SDK http://code.google.com/p/nativeclient-sdk Ported Gnu toolchain gcc 4.4.3 (4.5 coming) newlib (glibc coming)

30. Native Client Ports http://code.google.com/p/naclports zlib cairo mesa theora expat

31. Developers Welcome! Lot of fun projects GTK SDL and your choice of cool stuff!

32. Thank You! Questions?