skip to main content
research-article

AjaxScope: A Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications

Published:01 September 2010Publication History
Skip Abstract Section

Abstract

The rise of the software-as-a-service paradigm has led to the development of a new breed of sophisticated, interactive applications often called Web 2.0. While Web applications have become larger and more complex, Web application developers today have little visibility into the end-to-end behavior of their systems. This article presents AjaxScope, a dynamic instrumentation platform that enables cross-user monitoring and just-in-time control of Web application behavior on end-user desktops. AjaxScope is a proxy that performs on-the-fly parsing and instrumentation of JavaScript code as it is sent to users’ browsers. AjaxScope provides facilities for distributed and adaptive instrumentation in order to reduce the client-side overhead, while giving fine-grained visibility into the code-level behavior of Web applications. We present a variety of policies demonstrating the power of AjaxScope, ranging from simple error reporting and performance profiling to more complex memory leak detection and optimization analyses. We also apply our prototype to analyze the behavior of over 90 Web 2.0 applications and sites that use significant amounts of JavaScript.

References

  1. }}Aguilera, M. K., Mogul, J. C., Wiener, J. L., Reynolds, P., and Muthitacharoen, A. 2003. Performance debugging for distributed systems of black boxes. In Proceedings of the Symposium on Operating Systems Principles. 74--89. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. }}Anderson, C. and Giannini, P. 2004. Type checking for JavaScript. In Proceedings of the 2nd Workshop on Object-Oriented Development. http://www.binarylord.com/work/js0wood.pdf.Google ScholarGoogle Scholar
  3. }}Anderson, C., Giannini, P., and Drossopoulou, S. 2005. Towards type inference for JavaScript. In Proceedings of the European Conference on Object-Oriented Programming. 429--452. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. }}Atterer, R., Wnuk, M., and Schmidt, A. 2006. Knowing the user’s every move: user activity tracking for Website usability evaluation and implicit interaction. In Proceedings of the International Conference on World Wide Web. 203--212. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. }}Barham, P., Donnelly, A., Isaacs, R., and Mortier, R. 2004. Using Magpie for request extraction and workload modelling. In Proceedings of the Symposium on Operating Systems Design and Implementation. 259--272. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. }}Baron, D. 2001. Finding leaks in Mozilla. http://www.mozilla.org/performance/leak-brownbag.html.Google ScholarGoogle Scholar
  7. }}Berger, E. D. and Zorn, B. G. 2006. Diehard: Probabilistic memory safety for unsafe languages. SIGPLAN Notes 41, 6, 158--168. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. }}Bosworth, A. 2006. How to provide a Web API. http://www.sourcelabs.com/blogs/ajb/2006/08/how_to_provide_a_Web_api.html.Google ScholarGoogle Scholar
  9. }}Breen, R. 2007. Ajax performance. http://www.ajaxperformance.com.Google ScholarGoogle Scholar
  10. }}Brutlag, J. 2009. Speed matters for google Web search. http://code.google.com/speed/files/delayexp.pdf.Google ScholarGoogle Scholar
  11. }}Burtscher, M., Livshits, B., Sinha, G., and Zorn, B. G. 2010. Jszap: Compressing JavaScript code. In Proceedings of the USENIX Conference on Web Application Development. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. }}Cartwright, R. and Fagan, M. 2004. Soft typing. ACM SIGPLAN Notices 39, 4, 412--428. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. }}Chandra, R., Zeldovich, N., Sapuntzakis, C., and Lam, M. S. 2005. The Collective: A cache-based system management architecture. In Proceedings of the Symposium on Networked Systems Design and Implementation. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. }}Chilimbi, T. M. and Shaham, R. 2006. Cache-conscious coallocation of hot data streams. SIGPLAN Notes 41, 6, 252--262. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. }}Chugh, R., Meister, J. A., Jhala, R., and Lerner, S. 2009. Staged information flow for JavaScript. In Proceedings of the Conference on Programming Language Design and Implementation. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. }}Cohn, D. A., Ghahramani, Z., and Jordan, M. I. 1996. Active learning with statistical models. J. Artif. Intelli. Resear. 4, 129--145. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. }}Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., and Hinton, H. 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the Usenix Security Conference. 63--78. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. }}Crisp. 2006. String performance in Internet Explorer. http://therealcrisp.xs4all.nl/blog/2006/12/09/string-performance-in-internet-explorer/.Google ScholarGoogle Scholar
  19. }}DeCandia, G., Hastorun, D., Jampani, M., Kakulapati, G., Lakshman, A., Pilchin, A., Sivasubramanian, S., Vosshall, P., and Vogels, W. 2007. Dynamo: Amazon’s highly available key-value store. In Proceedings of the 21st ACM SIGOPS Symposium on Operating Systems Principles (SOSP’07). ACM, New York, 205--220. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. }}Demsky, B., Ernst, M., Guo, P., McCamant, S., Perkins, J., and Rinard, M. 2006. Inference and enforcement of data structure consistency specifications. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA). Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. }}ECMA. 1999. ECMAScript Language Specification 3rd Ed. http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf.Google ScholarGoogle Scholar
  22. }}Guarnieri, S. and Livshits, B. 2009. Gatekeeper: Mostly static enforcement of security and reliability policies for javascript code. In Proceedings of the Usenix Security Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. }}Guarnieri, S. and Livshits, B. 2010. Gulfstream: Incremental static analysis for streaming JavaScript applications. In Proceedings of the USENIX Conference on Web Application Development. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. }}Haeberlen, A., Kouznetsov, P., and Druschel, P. 2007. Peerreview: Practical accountability for distributed systems. In Proceedings of the 21st ACM SIGOPS Symposium on Operating Systems Principles (SOSP’07). ACM, New York, 175--188. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. }}Haldar, V., Chandra, D., and Franz, M. 2005. Dynamic taint propagation for Java. In Proceedings of the Annual Computer Security Applications Conference. 303--311. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. }}Hauswirth, M. and Chilimbi, T. M. 2004. Low-overhead memory leak detection using adaptive statistical profiling. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems. 156--164. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. }}Internet Explorer development team. IE+JavaScript performance recommendations part 2: JavaScript code inefficiencies. http://therealcrisp.xs4all.nl/blog/2006/12/09/string-performance-in-internet-explorer/.Google ScholarGoogle Scholar
  28. }}Jensen, S. H., Møller, A., and Thiemann, P. 2009. Type analysis for JavaScript. In Proceedings of the 16th International Static Analysis Symposium (SAS’09). Lecture Notes in Computer Science, vol. 5673. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. }}Lawrence, E. 2007. Fiddler: Web debugging proxy. http://www.fiddlertool.com/fiddler/.Google ScholarGoogle Scholar
  30. }}Liblit, B., Naik, M., Zheng, A. X., Aiken, A., and Jordan, M. I. 2005. Scalable statistical bug isolation. In Proceedings of the Conference on Programming Language Design and Implementation. 15--26. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. }}Liu, C., Fei, L., Yan, X., Han, J., and Midkiff, S. P. 2006. Statistical debugging: A hypothesis testing-based approach. IEEE Trans. Softw. Engin. 32, 10, 831--848. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. }}Liu, C. and Han, J. 2006. Failure proximity: A fault localization-based approach. In Proceedings of the International Symposium on Foundations of Software Engineering. 46--56. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. }}Livshits, B. and Ding, C. 2007. Code splitting for network bound Web 2.0 applications. Tech. rep., Microsoft Research.Google ScholarGoogle Scholar
  34. }}Livshits, B. and Kıcıman, E. 2008. Doloto: Code splitting for network-bound Web 2.0 applications. In Proceedings of the ACM SIGSOFT International Symposium on Foundations of Software Engineering. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. }}Martin, M., Livshits, B., and Lam, M. S. 2005. Finding application errors and security vulnerabilities using PQL: A program query language. In Proceedings of the Conference on Object-Oriented Programming, Systems, Languages, and Applications. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. }}Martin, M., Livshits, B., and Lam, M. S. 2006. SecuriFly: Runtime vulnerability protection for Web applications. Tech. rep., Stanford University.Google ScholarGoogle Scholar
  37. }}Meyerovich, L. and Livshits, B. 2010. ConScript: Specifying and enforcing fine-grained security policies for JavaScript in the browser. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. }}Michalakis, N., Soule, R., and Grimm, R. 2007. Ensuring content integrity for untrusted peer-to-peer content distribution networks. In Proceedings of the 4th USENIX Symposium on Networked Systems Design and Implementation. 145--158. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. }}Microsoft Live Labs. 2008. Live Labs Websandbox. http://Websandbox.org.Google ScholarGoogle Scholar
  40. }}Microsystems, S. 2009. Dtrace. http://www.sun.com/bigadmin/content/dtrace/index.jsp.Google ScholarGoogle Scholar
  41. }}Miller, B. P., Callaghan, M. D., Cargille, J. M., Hollingsworth, J. K., Irvin, R. B., Karavanic, K. L., Kunchithapadam, K., and Newhall, T. 1995. The ParaDyn parallel performance measurement tool. IEEE Comput. 28, 11, 37--46. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. }}Miller, M. S. 2009. Is it possible to mix ExtJS and google-caja to enhance security. http://extjs.com/forum/showthread.php?p=268731#post268731.Google ScholarGoogle Scholar
  43. }}Miller, M. S., Samuel, M., Laurie, B., Awad, I., and Stay, M. 2007. Caja: Safe active content in sanitized JavaScript. http://google-caja.googlecode.com/files/caja-2007.pdf.Google ScholarGoogle Scholar
  44. }}Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., and Evans, D. 2005. Automatically hardening Web applications using precise tainting. In Proceedings of the IFIP International Information Security Conference.Google ScholarGoogle Scholar
  45. }}Reis, C., Dunagan, J., Wang, H. J., Dubrovsky, O., and Esmeir, S. 2006. BrowserShield: Vulnerability-driven filtering of dynamic HTML. In Proceedings of the Symposium on Operating Systems Design and Implementation. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. }}Rider, S. 2005. Recent changes that may break your gadgets. http://microsoftgadgets.com/forums/1438/ShowPost.aspx.Google ScholarGoogle Scholar
  47. }}Rinard, M., Cadar, C., Dumitran, D., Roy, D. M., Leu, T., and William S. Beebee, J. 2004. Enhancing server availability and security through failure-oblivious computing. In Proceedings of the Symposium on Operating Systems Design and Implementation. 303--316. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. }}Rubin, S., Bodik, R., and Chilimbi, T. 2002. An efficient profile-analysis framework for data-layout optimizations. SIGPLAN Notes 37, 1, 140--153. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. }}Schlueter, I. Z. 2006. Memory leaks in Microsoft Internet Explorer. http://isaacschlueter.com/2006/10/msie-memory-leaks/.Google ScholarGoogle Scholar
  50. }}Shaham, R., Kolodner, E. K., and Sagiv, M. 2002. Estimating the impact of heap liveness information on space consumption in Java. In Proceedings of the International Symposium on Memory Management. 64--75. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. }}Sirer, E. G., Grimm, R., Gregory, A. J., and Bershad, B. N. 1999. Design and implementation of a distributed virtual machine for networked computers. In Proceedings of the 17th ACM Symposium on Operating Systems Principles (SOSP’99). ACM, New York, 202--216. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. }}Squid Developers. 2006. Squid Web proxy cache. http://www.squid-cache.org.Google ScholarGoogle Scholar
  53. }}Thiemann, P. 2005. Towards a type system for analyzing JavaScript programs. In Proceedings of the European Symposium on Programming. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. }}Tucek, J., Lu, S., Huang, C., Xanthos, S., and Zhou, Y. 2006. Automatic on-line failure diagnosis at the end-user site. In Proceedings of the Workshop on Hot Topics in System Dependability. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. }}Wall, L., Christiansen, T., and Schwartz, R. 1996. Programming Perl. O’Reilly and Associates, Sebastopol, CA.Google ScholarGoogle Scholar
  56. }}Yu, D., Chander, A., Islam, N., and Serikov, I. 2007. JavaScript instrumentation for browser security. In Proceedings of the Symposium on Principles of Programming Languages. 237--249. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. }}Yue, C. and Wang, H. 2009. Characterizing insecure JavaScript practices on the Web. In Proceedings of the International World Wide Web Conference. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. }}Yumerefendi, A. R. and Chase, J. S. 2007. Strong accountability for network storage. In Proceedings of the 5th USENIX Conference on File and Storage Technologies. 77--92. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. }}Zakas, N. C., McPeak, J., and Fawcett, J. 2006. Professional Ajax. Wrox.Google ScholarGoogle Scholar

Index Terms

  1. AjaxScope: A Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on the Web
        ACM Transactions on the Web  Volume 4, Issue 4
        September 2010
        173 pages
        ISSN:1559-1131
        EISSN:1559-114X
        DOI:10.1145/1841909
        Issue’s Table of Contents

        Copyright © 2010 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 1 September 2010
        • Accepted: 1 June 2010
        • Revised: 1 April 2010
        • Received: 1 September 2008
        Published in tweb Volume 4, Issue 4

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Research
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!