Although recent advances in browser architectures have improved protection among web services, the problem of resource management has been largely unaddressed. Existing browsers rely on resource access control and sharing mechanisms built into traditional OSes. Unfortunately, such mechanisms are ill-suited for many complex web services, such as those embedding mashups of other web services.
In this paper, we present ServiceOS, a platform that tightly integrates a multi-principal browsing architecture with the underlying OS. ServiceOS provides a centralized, fine-grained resource access control model, and uses recursive web-oriented algorithms for sharing system resources. ServiceOS also introduces new abstractions that allow a web service to explicitly allocate and manage resources for any helper services they embed (e.g., via iframes). A key challenge that ServiceOS solves is managing resources in the face of complex web service composition.
We have built a ServiceOS prototype that manages a wide range of resources, including CPU, memory, storage, network bandwidth, as well as peripheral devices like cameras, GPS, or microphones. Our evaluation shows that resource management in ServiceOS is more fair and more efficient than that of existing browsers.