How do I sandbox JavaScript and WebGL on Android and iOS?
up vote
0
down vote
favorite
I'm attempting to deploy trained neural networks to multiple platforms by using TVM to compile the models to WebGL.
We're hoping to sandbox the execution of these models within our app since
much of the data they operate on is sensitive and we'd like to be able to assure users (and ourselves) that the mysterious JavaScript we're downloading can't exfiltrate their data1
we don't want bugs in this code to interfere with the overall application
Ideally, we'd like an API like this in JS, C, C++, or Rust:
predictions, err = runInSandbox('myModel.js', canUseNetwork=False,
canUseFileSystem=False, input=mySensitiveData)
Some options I've looked into include:
- Docker. This solves sandboxing, but can't run on Android or iOS. It would also be nice to avoid installing Docker as part of installing our application.
Puppeteer. This also seems to not run on Android or iOS, and is also undesirable to bundle with an application.
Running the WebGL code in an iframe. This doesn't prevent network access, though maybe there's some clever trick to do so?- Running an embedded JavaScript or Wasm VM. This would be ideal, but I haven't found one that will run WebGL.
Any ideas for how to do this across platforms would be greatly appreciated. Approaches for particular platforms---especially Android and iOS---are also welcome, since using different approaches for different platforms is okay if there's no alternative.
1 Users are allowed to audit our native client-side source code, but it is not realistic for them to audit every change to our models / data processing pipeline.
javascript android ios webgl
add a comment |
up vote
0
down vote
favorite
I'm attempting to deploy trained neural networks to multiple platforms by using TVM to compile the models to WebGL.
We're hoping to sandbox the execution of these models within our app since
much of the data they operate on is sensitive and we'd like to be able to assure users (and ourselves) that the mysterious JavaScript we're downloading can't exfiltrate their data1
we don't want bugs in this code to interfere with the overall application
Ideally, we'd like an API like this in JS, C, C++, or Rust:
predictions, err = runInSandbox('myModel.js', canUseNetwork=False,
canUseFileSystem=False, input=mySensitiveData)
Some options I've looked into include:
- Docker. This solves sandboxing, but can't run on Android or iOS. It would also be nice to avoid installing Docker as part of installing our application.
Puppeteer. This also seems to not run on Android or iOS, and is also undesirable to bundle with an application.
Running the WebGL code in an iframe. This doesn't prevent network access, though maybe there's some clever trick to do so?- Running an embedded JavaScript or Wasm VM. This would be ideal, but I haven't found one that will run WebGL.
Any ideas for how to do this across platforms would be greatly appreciated. Approaches for particular platforms---especially Android and iOS---are also welcome, since using different approaches for different platforms is okay if there's no alternative.
1 Users are allowed to audit our native client-side source code, but it is not realistic for them to audit every change to our models / data processing pipeline.
javascript android ios webgl
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm attempting to deploy trained neural networks to multiple platforms by using TVM to compile the models to WebGL.
We're hoping to sandbox the execution of these models within our app since
much of the data they operate on is sensitive and we'd like to be able to assure users (and ourselves) that the mysterious JavaScript we're downloading can't exfiltrate their data1
we don't want bugs in this code to interfere with the overall application
Ideally, we'd like an API like this in JS, C, C++, or Rust:
predictions, err = runInSandbox('myModel.js', canUseNetwork=False,
canUseFileSystem=False, input=mySensitiveData)
Some options I've looked into include:
- Docker. This solves sandboxing, but can't run on Android or iOS. It would also be nice to avoid installing Docker as part of installing our application.
Puppeteer. This also seems to not run on Android or iOS, and is also undesirable to bundle with an application.
Running the WebGL code in an iframe. This doesn't prevent network access, though maybe there's some clever trick to do so?- Running an embedded JavaScript or Wasm VM. This would be ideal, but I haven't found one that will run WebGL.
Any ideas for how to do this across platforms would be greatly appreciated. Approaches for particular platforms---especially Android and iOS---are also welcome, since using different approaches for different platforms is okay if there's no alternative.
1 Users are allowed to audit our native client-side source code, but it is not realistic for them to audit every change to our models / data processing pipeline.
javascript android ios webgl
I'm attempting to deploy trained neural networks to multiple platforms by using TVM to compile the models to WebGL.
We're hoping to sandbox the execution of these models within our app since
much of the data they operate on is sensitive and we'd like to be able to assure users (and ourselves) that the mysterious JavaScript we're downloading can't exfiltrate their data1
we don't want bugs in this code to interfere with the overall application
Ideally, we'd like an API like this in JS, C, C++, or Rust:
predictions, err = runInSandbox('myModel.js', canUseNetwork=False,
canUseFileSystem=False, input=mySensitiveData)
Some options I've looked into include:
- Docker. This solves sandboxing, but can't run on Android or iOS. It would also be nice to avoid installing Docker as part of installing our application.
Puppeteer. This also seems to not run on Android or iOS, and is also undesirable to bundle with an application.
Running the WebGL code in an iframe. This doesn't prevent network access, though maybe there's some clever trick to do so?- Running an embedded JavaScript or Wasm VM. This would be ideal, but I haven't found one that will run WebGL.
Any ideas for how to do this across platforms would be greatly appreciated. Approaches for particular platforms---especially Android and iOS---are also welcome, since using different approaches for different platforms is okay if there's no alternative.
1 Users are allowed to audit our native client-side source code, but it is not realistic for them to audit every change to our models / data processing pipeline.
javascript android ios webgl
javascript android ios webgl
edited Nov 12 at 0:08
Shepmaster
146k11279413
146k11279413
asked Nov 11 at 23:50
dblalock
9115
9115
add a comment |
add a comment |
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53254415%2fhow-do-i-sandbox-javascript-and-webgl-on-android-and-ios%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53254415%2fhow-do-i-sandbox-javascript-and-webgl-on-android-and-ios%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown