WebC: toward a portable framework for deploying legacy code in web browsers

Jie Yin, Gang Tan, Xiao Long Bai, Shi Min Hu

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


For security, most web applications are developed in some type-safe language, such as JavaScriptor Java. However, there is a huge amount of legacy codes developed in unsafe languages, which provide richfunctionality and are more efficient than their type-safe counterparts. To allow browsers to incorporate type-safecomponents in a secure way, previous approaches use the software-based fault isolation (SFI) to isolate untrustedlegacy code. The SFI approach performs machine-code transformation for security, but the downside is the lossof architecture independence. We propose WebC, a system that allows legacy code transmitted over the web viathe Low Level Virtual Machine (LLVM) bitcode format. The untrusted bitcode is transformed by WebC intocode in the WebC security language, which enforces both memory isolation and control-flow integrity. Comparedwith previous approaches, WebC is more portable, provides stronger security, and allows more flexible memorymanagement. Experimental results show that the average runtime overhead of WebC is modest.

Original languageEnglish (US)
Pages (from-to)1-15
Number of pages15
JournalScience China Information Sciences
Issue number7
StatePublished - Jul 1 2015

All Science Journal Classification (ASJC) codes

  • General Computer Science


Dive into the research topics of 'WebC: toward a portable framework for deploying legacy code in web browsers'. Together they form a unique fingerprint.

Cite this