Zap: Securing and Optimizing Modern Lightweight JavaScript VMs

Overview:

JavaScript, a widely used programming language initially developed for Web, is increasingly being deployed in resource-constrained scenarios, such as edge computing, microcontrollers, and Internet-of-Things (IoT). The unique resource-constrained characteristics of these scenarios call for the development lightweight JavaScript engines. As a result, many lightweight JavaScript engines (e.g., QuickJS, JerryScript, Duktape, and MuJS) have been developed and are gaining increasing popularity. Such lightweight JavaScript engines (LJEs) should be secure and efficient to be useful in such scenarios.

Unfortunately, despite their increasing popularity, LJEs suffer from security and efficiency problems, due to the unique characteristics of resource-constrained scenarios: 1) low memory, 2) 7*24 online nature; and 3) poor standard compliance.

The Zap project investigates the security and optimization opportunities of modern LJEs. Specifically, this project aims to:

investigate unique security challenges of LJEs and their mitigations;
improve robustness and trustworthiness of LJEs; and
optimization opportunities (e.g., JITs, PGOs, or LTOs) to improve performance.

Publications:

Members:

Jiang Hao
Baojian Hua
Si Wu

Computer Systems & Security Group, USTC