A New Model for Web-Based Executable Code
Georgia Tech College of Computing Faculty Fellowship Award
Proposal
Mark Guzdial
Problem
Current models for executable code based on Web pages (e.g., Java,
SafeTcl, Python applets in Grail) are at the wrong level in comparison
with what real use is. All of the existing models provide a virtual
machine model that is comparable to any non-Web-based processor
or language model. This flexibility allows us to have, for example,
a word-processor or spreadsheet program built into a Java applet.
There are two significant problems with this approach:
- Full applications are not the common use of Java applets or
similar executable code. Typically, users are building multimedia
documents of various kinds where the executable code presents
dynamic visualizations or multimedia representations.
- Because the virtual machines are so powerful, they are very
difficult to make secure, especially with respect to Denial of
Service attacks.
Proposal
I propose to develop a new virtual machine for network distributable
executable code, which we are calling the MuVM.
- MuVM will be at a much higher level than existing models.
The primitives of the machine will mostly support the display
of multiple media. The underlying architecture will be based on
an object-oriented (e.g., to limit the ways in which the multimedia
can be manipulated) and functional (e.g., no mutation operators)
rather than an imperative model, to more easily insure the security
of the client.
- MuVM will be purposefully incomplete. If someone can
build a word-processor in MuVM, we will have failed.
- MuVM will, however, be extensible. Our plan is to
use a Forth-like, threaded interpretive language approach. Instructions
to the VM will be pointers to executable code running on the client.
New executable code can be downloaded from a secure server to
extend the core VM's instruction set.
How This Is Different Than What I've Done Before
In the last year, my work in computer-supported collaborative
learning environments has led me to work at more infrastructure
building than I have previously. For example, my current environments
(e.g., CoWeb/Swiki) are built on a Webserver that I have built
myself. One of these new kinds of environments allows students
to easily place executable code on the server (an "Active
Swiki"), to allow for sharing of interactive multimedia documents
(such as graphical simulations). The problems that we have faced
are all the traditional problems of distributable code, but at
a different level. For example, security is a problem, but not
from "hacker attacks." Students are rarely malicious
in the "Active Swiki", but because they are students,
they make mistakes which often result in Denial of Service problems,
such as infinite loops or consuming too much memory. These results
led to an investigation of current models for distributable code,
and the determination that the current models are inadequate for
these relatively common purposes.
Thus, this work will lead me much more deeply into issues of Systems
and Information Security than I have previously.
Plan
- We (PhD student Lex Spoon and I) have already begun exploring
the creation of the MuVM in Squeak (http://squeak.cs.uiuc.edu).
Squeak is appropriate for this purpose because it is already
highly portable (with greater compatibility on more platforms
than Java), it already supports a wide range of multimedia primitives
(such as color bitblt, sound recording and playback, MIDI synthesis),
and the complete source (including the Squeak VM) is freely available
on all platforms.
- Our initial focus in the MuVM is to define the core, secure
high-level primitives; and to develop mechanisms for safely serializing
and transporting MuVM objects and programs.
- We plan to build our own MuClient to begin with, but to later
create a plug-in for existing Netscape and Internet Explorer Web
clients.
- We also plan to build a set of editing tools that will enable
users easily to create MuVM executable documents.
- Within the year, we hope to be able to show a proof-of-concept
prototype, write a paper on our experience, and present it at
a relevant conference. The conference trip is a critical piece
of this project since it's there that we will learn better the
current issues in the field and the hot questions.
We do believe that there will be opportunities for greater funding
of this project, once an initial VM is completed and proof-of-concept
prototype can be demonstrated.
Budget
- One quarter 3/8-time RA to develop the MuVM: $4800
- Purchase of a new development machine for the PI: $3000
- Conference travel for PI and RA: $2200