SlideShare a Scribd company logo

Native client (Евгений Эльцин)

Ontico, profile picture
Ontico

Native Client allows developers to run untrusted native code securely in web browsers. It works by sandboxing native code at runtime so it can only interact with the system via defined interfaces. This close the performance gap between web and desktop apps while maintaining safety. Native Client validates code as it loads to ensure it only accesses approved parts of the system and follows expected control flows. It has implementations for x86, x86-64 and ARM, and is supported in Chrome and Firefox via plugins.

Technology
1 of 32
Downloaded 63 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Native Client Native Client Evgeny Eltsin
Overview Why Native Client? What is it? How it works? Ecosystem Developer stuff
Why Native Client? Close the gap between desktop and web apps Performance Choice of programming language Leverage legacy code
Why Native Client? Close the gap between desktop and web apps Safety Portability
Web Apps Interpreted languages (JavaScript) Safe but often slow
How to Improve? Just-In-Time compiler Faster (fast enough?) and often complex (more vulnerable ?)
Web Apps Native code "as is" (ActiveX) Fast but not safe
How to Improve? Make native code "manageable"? OS gives few options
What is Native Client? NaCl — system for safe execution of untrusted native code In a web browser … Open-source http://code.google.com/p/nativeclient
What is it Good for? Port desktop apps to web Zero install Performance close to native
What is it Good for? Enhance web apps with C/C++/... libraries (libcrypt, CGAL, ...) New high-performance code (threads, hand-coded asm, ...)
What is it Good for? Sandbox existing plugins Stop asking users to trust your code
Lunch isn't Free Must recompile from source and do some porting Part of system interfaces are unavailable Still work in progress
What is Safe? No side effects except via explicit secure interfaces
Runtime Sandbox No side effects ... No read, write or execute outside of the sandbox ... except via explicit secure interfaces "system calls"
How it Works? Runtime sandbox is created via an agreement between Code generator (untrusted) Validator and loader (trusted) Trusted part is simple
What Code Validation is? First, disassemble all executable code No overlapping instructions Run-time code generation needs special support
Control Flow Integrity Do we jump to code we know? Direct jumps are easy to validate but indirect ?
Instruction Bundles Every bundle-aligned code address is a potential jump target No instructions cross bundle boundaries Code generator pads with NOPs Bundle is 32-bytes (chosen from experiment)
Instruction Bundles Indirect jump always go to a bundle-aligned address Code generator makes code to enforce Validator checks enforcement
i386 Example call 0x1280(%eax) lea 0x1280(%eax), %eax and 0xffffffe0, %eax call *%eax
Checking Read, Write and Jump i386 Example Validator checks instructions use correct segment registers Loader sets segment registers correctly Loader protects memory accordingly
System Calls Trampoline to outer stuff Valid jump target inside the sandbox Does "context switch" and jump out of the sandbox Generated by trusted loader
Ecosystem Availability i386, x86_64, ARM Linux, Windows, MacOS chrome —enable-nacl Firefox plugin (fewer features than in Chrome, unfortunately)
Portability PNaCl - work in progress Portable representation (LLVM bitcode) Final translation on the client or translation/cache server
Deployment HTML <EMBED> Binary picked by client architecture Scripting interface
What works? Gallery at http://code.google.com/p/nativeclient And much more stuff Quake Video decoder Python
Developer Stuff ILP32 data model for all architectures Linux-like programming environment ELF binaries Netscape Plugin API/Pepper Plugin API
Native Client SDK http://code.google.com/p/nativeclient-sdk Ported Gnu toolchain gcc 4.4.3 (4.5 coming) newlib (glibc coming)
Native Client Ports http://code.google.com/p/naclports zlib cairo mesa theora expat
Developers Welcome! Lot of fun projects GTK SDL and your choice of cool stuff!
Thank You! Questions?

More Related Content

PPTX
Native client
zyc901016
 
PPTX
Introduce native client
Young-Ho Cha
 
PDF
Chromium: NaCl and Pepper API
Chang W. Doh
 
PDF
Hidden Dragons of CGO
All Things Open
 
PDF
Salt and pepper — native code in the browser Browser using Google native Client
Mayflower GmbH
 
PPTX
.Net Core
Bertrand Le Roy
 
PDF
Everything as code - Johan Siebens STS presentation 14-01-2020
tothepointIT
 
PPTX
Alberto Maria Angelo Paro - Isomorphic programming in Scala and WebDevelopmen...
Codemotion
 
Native client
zyc901016
 
Introduce native client
Young-Ho Cha
 
Chromium: NaCl and Pepper API
Chang W. Doh
 
Hidden Dragons of CGO
All Things Open
 
Salt and pepper — native code in the browser Browser using Google native Client
Mayflower GmbH
 
.Net Core
Bertrand Le Roy
 
Everything as code - Johan Siebens STS presentation 14-01-2020
tothepointIT
 
Alberto Maria Angelo Paro - Isomorphic programming in Scala and WebDevelopmen...
Codemotion
 

What's hot (20)

PDF
Import golang; struct microservice
Giulio De Donato
 
PPTX
Migrating .NET Application to .NET Core
Baris Ceviz
 
PDF
WebRTC - Brings Real-Time to the Web
Vũ Nguyễn
 
PPTX
Asynkron programmering i Visual Studio 11
MortenWennevik
 
PDF
Open Source and Secure Coding Practices
All Things Open
 
PDF
Phalcon Framework: San Antonio Web Developers Group
jdfreeman11
 
PDF
PHP - Programming language war, does it matter
Mizno Kruge
 
PPTX
Short introduction - .net core and .net standard 2.0
Mark Lechtermann
 
PPTX
Getting started with Emscripten – Transpiling C / C++ to JavaScript / HTML5
David Voyles
 
PDF
Minko - Build WebGL applications with C++ and asm.js
Minko3D
 
PDF
Dot Net Core
Amir Barylko
 
PPTX
Whats new in .net core 3
Pratik Khasnabis
 
PPTX
C++ on the Web: Run your big 3D game in the browser
Andre Weissflog
 
PPTX
A Whirldwind Tour of ASP.NET 5
Steven Smith
 
PPTX
Microsoft 2014 Dev Plataform - Roslyn -& ASP.NET vNext
Rodolfo Finochietti
 
PPTX
Developing Rich Internet Applications with Perl and JavaScript
nohuhu
 
PPTX
Node.js Web Apps @ ebay scale
Dmytro Semenov
 
PPTX
Orchard 2... and why you should care
Bertrand Le Roy
 
PDF
API Design in the Modern Era - Architecture Next 2020
Eran Stiller
 
PDF
Play Framework
Eduard Tudenhoefner
 
Import golang; struct microservice
Giulio De Donato
 
Migrating .NET Application to .NET Core
Baris Ceviz
 
WebRTC - Brings Real-Time to the Web
Vũ Nguyễn
 
Asynkron programmering i Visual Studio 11
MortenWennevik
 
Open Source and Secure Coding Practices
All Things Open
 
Phalcon Framework: San Antonio Web Developers Group
jdfreeman11
 
PHP - Programming language war, does it matter
Mizno Kruge
 
Short introduction - .net core and .net standard 2.0
Mark Lechtermann
 
Getting started with Emscripten – Transpiling C / C++ to JavaScript / HTML5
David Voyles
 
Minko - Build WebGL applications with C++ and asm.js
Minko3D
 
Dot Net Core
Amir Barylko
 
Whats new in .net core 3
Pratik Khasnabis
 
C++ on the Web: Run your big 3D game in the browser
Andre Weissflog
 
A Whirldwind Tour of ASP.NET 5
Steven Smith
 
Microsoft 2014 Dev Plataform - Roslyn -& ASP.NET vNext
Rodolfo Finochietti
 
Developing Rich Internet Applications with Perl and JavaScript
nohuhu
 
Node.js Web Apps @ ebay scale
Dmytro Semenov
 
Orchard 2... and why you should care
Bertrand Le Roy
 
API Design in the Modern Era - Architecture Next 2020
Eran Stiller
 
Play Framework
Eduard Tudenhoefner
 
Ad

Similar to Native client (Евгений Эльцин) (20)

PPT
Zerovm backgroud
UT, San Antonio
 
PDF
Native code in Android applications
Dmitry Matyukhin
 
PDF
Cldc Hotspot Architecture
zdmilan
 
PDF
Web (dis)assembly
Shakacon
 
PDF
How do I - Create a Native Interface - Transcript.pdf
ShaiAlmog1
 
PDF
NativeBoost
ESUG
 
PDF
Beyond JVM - YOW! Brisbane 2013
Charles Nutter
 
PDF
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
PROIDEA
 
PPTX
Advance Android Application Development
Ramesh Prasad
 
PDF
NDK Primer (AnDevCon Boston 2014)
Ron Munitz
 
PPT
Sandboxing (Distributed computing)
Sri Prasanna
 
PPTX
Keep Your Arms and Legs Inside the Many Platforms: Native Code Everywhere
Jim Borden
 
PPT
Writing Metasploit Plugins
amiable_indian
 
PPTX
Ruby in the Browser - RubyConf 2011
Ilya Grigorik
 
PPTX
Android ndk
Sentinel Solutions Ltd
 
PDF
Developing and-benchmarking-native-linux-applications-on-android
Elvis Jon Freddy Sitinjak
 
PPTX
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
LibbySchulze
 
PPTX
Android NDK
Sentinel Solutions Ltd
 
PDF
109842496 jni
Vishal Singh
 
PDF
WebAssembly. Neither Web Nor Assembly, All Revolutionary
C4Media
 
Zerovm backgroud
UT, San Antonio
 
Native code in Android applications
Dmitry Matyukhin
 
Cldc Hotspot Architecture
zdmilan
 
Web (dis)assembly
Shakacon
 
How do I - Create a Native Interface - Transcript.pdf
ShaiAlmog1
 
NativeBoost
ESUG
 
Beyond JVM - YOW! Brisbane 2013
Charles Nutter
 
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...
PROIDEA
 
Advance Android Application Development
Ramesh Prasad
 
NDK Primer (AnDevCon Boston 2014)
Ron Munitz
 
Sandboxing (Distributed computing)
Sri Prasanna
 
Keep Your Arms and Legs Inside the Many Platforms: Native Code Everywhere
Jim Borden
 
Writing Metasploit Plugins
amiable_indian
 
Ruby in the Browser - RubyConf 2011
Ilya Grigorik
 
Android ndk
Sentinel Solutions Ltd
 
Developing and-benchmarking-native-linux-applications-on-android
Elvis Jon Freddy Sitinjak
 
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
LibbySchulze
 
Android NDK
Sentinel Solutions Ltd
 
109842496 jni
Vishal Singh
 
WebAssembly. Neither Web Nor Assembly, All Revolutionary
C4Media
 
Ad

More from Ontico (20)

PDF
One-cloud — система управления дата-центром в Одноклассниках / Олег Анастасье...
Ontico
 
PDF
Масштабируя DNS / Артем Гавриченков (Qrator Labs)
Ontico
 
PPTX
Создание BigData-платформы для ФГУП Почта России / Андрей Бащенко (Luxoft)
Ontico
 
PDF
Готовим тестовое окружение, или сколько тестовых инстансов вам нужно / Алекса...
Ontico
 
PDF
Новые технологии репликации данных в PostgreSQL / Александр Алексеев (Postgre...
Ontico
 
PDF
PostgreSQL Configuration for Humans / Alvaro Hernandez (OnGres)
Ontico
 
PDF
Inexpensive Datamasking for MySQL with ProxySQL — Data Anonymization for Deve...
Ontico
 
PDF
Опыт разработки модуля межсетевого экранирования для MySQL / Олег Брославский...
Ontico
 
PPTX
ProxySQL Use Case Scenarios / Alkin Tezuysal (Percona)
Ontico
 
PPTX
MySQL Replication — Advanced Features / Петр Зайцев (Percona)
Ontico
 
PDF
Внутренний open-source. Как разрабатывать мобильное приложение большим количе...
Ontico
 
PPTX
Подробно о том, как Causal Consistency реализовано в MongoDB / Михаил Тюленев...
Ontico
 
PPTX
Балансировка на скорости проводов. Без ASIC, без ограничений. Решения NFWare ...
Ontico
 
PDF
Перехват трафика — мифы и реальность / Евгений Усков (Qrator Labs)
Ontico
 
PPT
И тогда наверняка вдруг запляшут облака! / Алексей Сушков (ПЕТЕР-СЕРВИС)
Ontico
 
PPTX
Как мы заставили Druid работать в Одноклассниках / Юрий Невиницин (OK.RU)
Ontico
 
PPTX
Разгоняем ASP.NET Core / Илья Вербицкий (WebStoating s.r.o.)
Ontico
 
PPTX
100500 способов кэширования в Oracle Database или как достичь максимальной ск...
Ontico
 
PPTX
Apache Ignite Persistence: зачем Persistence для In-Memory, и как он работает...
Ontico
 
PDF
Механизмы мониторинга баз данных: взгляд изнутри / Дмитрий Еманов (Firebird P...
Ontico
 
One-cloud — система управления дата-центром в Одноклассниках / Олег Анастасье...
Ontico
 
Масштабируя DNS / Артем Гавриченков (Qrator Labs)
Ontico
 
Создание BigData-платформы для ФГУП Почта России / Андрей Бащенко (Luxoft)
Ontico
 
Готовим тестовое окружение, или сколько тестовых инстансов вам нужно / Алекса...
Ontico
 
Новые технологии репликации данных в PostgreSQL / Александр Алексеев (Postgre...
Ontico
 
PostgreSQL Configuration for Humans / Alvaro Hernandez (OnGres)
Ontico
 
Inexpensive Datamasking for MySQL with ProxySQL — Data Anonymization for Deve...
Ontico
 
Опыт разработки модуля межсетевого экранирования для MySQL / Олег Брославский...
Ontico
 
ProxySQL Use Case Scenarios / Alkin Tezuysal (Percona)
Ontico
 
MySQL Replication — Advanced Features / Петр Зайцев (Percona)
Ontico
 
Внутренний open-source. Как разрабатывать мобильное приложение большим количе...
Ontico
 
Подробно о том, как Causal Consistency реализовано в MongoDB / Михаил Тюленев...
Ontico
 
Балансировка на скорости проводов. Без ASIC, без ограничений. Решения NFWare ...
Ontico
 
Перехват трафика — мифы и реальность / Евгений Усков (Qrator Labs)
Ontico
 
И тогда наверняка вдруг запляшут облака! / Алексей Сушков (ПЕТЕР-СЕРВИС)
Ontico
 
Как мы заставили Druid работать в Одноклассниках / Юрий Невиницин (OK.RU)
Ontico
 
Разгоняем ASP.NET Core / Илья Вербицкий (WebStoating s.r.o.)
Ontico
 
100500 способов кэширования в Oracle Database или как достичь максимальной ск...
Ontico
 
Apache Ignite Persistence: зачем Persistence для In-Memory, и как он работает...
Ontico
 
Механизмы мониторинга баз данных: взгляд изнутри / Дмитрий Еманов (Firebird P...
Ontico
 

Recently uploaded (20)

PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
A Presentation on Artificial Intelligence
memembruh336
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
August Patch Tuesday
Ivanti
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 

Native client (Евгений Эльцин)

  • 1. Native Client Native Client Evgeny Eltsin
  • 2. Overview Why Native Client? What is it? How it works? Ecosystem Developer stuff
  • 3. Why Native Client? Close the gap between desktop and web apps Performance Choice of programming language Leverage legacy code
  • 4. Why Native Client? Close the gap between desktop and web apps Safety Portability
  • 5. Web Apps Interpreted languages (JavaScript) Safe but often slow
  • 6. How to Improve? Just-In-Time compiler Faster (fast enough?) and often complex (more vulnerable ?)
  • 7. Web Apps Native code &quot;as is&quot; (ActiveX) Fast but not safe
  • 8. How to Improve? Make native code &quot;manageable&quot;? OS gives few options
  • 9. What is Native Client? NaCl — system for safe execution of untrusted native code In a web browser … Open-source http://code.google.com/p/nativeclient
  • 10. What is it Good for? Port desktop apps to web Zero install Performance close to native
  • 11. What is it Good for? Enhance web apps with C/C++/... libraries (libcrypt, CGAL, ...) New high-performance code (threads, hand-coded asm, ...)
  • 12. What is it Good for? Sandbox existing plugins Stop asking users to trust your code
  • 13. Lunch isn't Free Must recompile from source and do some porting Part of system interfaces are unavailable Still work in progress
  • 14. What is Safe? No side effects except via explicit secure interfaces
  • 15. Runtime Sandbox No side effects ... No read, write or execute outside of the sandbox ... except via explicit secure interfaces &quot;system calls&quot;
  • 16. How it Works? Runtime sandbox is created via an agreement between Code generator (untrusted) Validator and loader (trusted) Trusted part is simple
  • 17. What Code Validation is? First, disassemble all executable code No overlapping instructions Run-time code generation needs special support
  • 18. Control Flow Integrity Do we jump to code we know? Direct jumps are easy to validate but indirect ?
  • 19. Instruction Bundles Every bundle-aligned code address is a potential jump target No instructions cross bundle boundaries Code generator pads with NOPs Bundle is 32-bytes (chosen from experiment)
  • 20. Instruction Bundles Indirect jump always go to a bundle-aligned address Code generator makes code to enforce Validator checks enforcement
  • 21. i386 Example call 0x1280(%eax) lea 0x1280(%eax), %eax and 0xffffffe0, %eax call *%eax
  • 22. Checking Read, Write and Jump i386 Example Validator checks instructions use correct segment registers Loader sets segment registers correctly Loader protects memory accordingly
  • 23. System Calls Trampoline to outer stuff Valid jump target inside the sandbox Does &quot;context switch&quot; and jump out of the sandbox Generated by trusted loader
  • 24. Ecosystem Availability i386, x86_64, ARM Linux, Windows, MacOS chrome —enable-nacl Firefox plugin (fewer features than in Chrome, unfortunately)
  • 25. Portability PNaCl - work in progress Portable representation (LLVM bitcode) Final translation on the client or translation/cache server
  • 26. Deployment HTML <EMBED> Binary picked by client architecture Scripting interface
  • 27. What works? Gallery at http://code.google.com/p/nativeclient And much more stuff Quake Video decoder Python
  • 28. Developer Stuff ILP32 data model for all architectures Linux-like programming environment ELF binaries Netscape Plugin API/Pepper Plugin API
  • 29. Native Client SDK http://code.google.com/p/nativeclient-sdk Ported Gnu toolchain gcc 4.4.3 (4.5 coming) newlib (glibc coming)
  • 30. Native Client Ports http://code.google.com/p/naclports zlib cairo mesa theora expat
  • 31. Developers Welcome! Lot of fun projects GTK SDL and your choice of cool stuff!