« Practical Example of csSQLi Using (Google) Gears Via XSS | Main | CERT Advisory VU#435052: An Architectural Flaw Involving Transparent Proxies »

The Multi-Principal OS Construction of the Gazelle Web Browser

I was reading slashdot and saw that Microsoft has released a paper outlining a new secure browser architecture. From the abstract

"Web browsers originated as applications that people used to view static web sites sequentially. As
web sites evolved into dynamic web applications composing content from various web sites, browsers
have become multi-principal operating environments with resources shared among mutually distrusting
web site principals. Nevertheless, no existing browsers, including new architectures like IE 8, Google
Chrome, and OP, have a multi-principal operating system construction that gives a browser-based OS the
exclusive control to manage the protection of all system resources among web site principals.
In this paper, we introduce Gazelle, a secure web browser constructed as a multi-principal OS.
Gazelle’s Browser Kernel is an operating system that exclusively manages resource protection and sharing
across web site principals. This construction exposes intricate design issues that no previous work
has identified, such as legacy protection of cross-origin script source, and cross-principal, cross-process
display and events protection. We elaborate on these issues and provide comprehensive solutions.
Our prototype implementation and evaluation experience indicates that it is realistic to turn an existing
browser into a multi-principal OS that yields significantly stronger security and robustness with
acceptable performance and backward compatibility."

Read more: http://research.microsoft.com/pubs/79655/gazelle.pdf
More: Info: http://research.microsoft.com/apps/pubs/default.aspx?id=79655


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!