|By Maureen O'Gara||
|July 10, 2009 07:45 AM EDT||
Google's not the only one spouting the old Netscape line about the browser as platform or trying to evolve it into an operating system that can support an increasingly sophisticated web environment. Microsoft, which has yet to dignify word of Google's proposed Chrome OS with a response, has similar ideas.
As part of a long-term project meant to bring web applications into functional and quality parity with desktop apps, Microsoft Research has been working on a browser code-named Gazelle that it will describe next month at the Usenix Security Symposium in Montreal.
Microsoft says it's the first time a browser has been implemented as a so-called multi-principal operating system but insists it's just research, not a product prototype.
In browser-speak a principal is a web site. So multi-principals are web pages that consist of content from different principals, each demanding resources that are unmanaged because the traditional browser's not up to it.
That means "an ad containing malicious or poorly written code could hog the network connection, degrade performance, freeze the entire page, or crash the browser."
But "in a browser operating system, a ‘bad' principal would not be allowed to affect other principals, the browser, or the host machine."
Gazelle's kernel is an operating system that "exclusively manages resource protection and sharing across web site principals."
In Microsoft's history of creation, "Web browsers originated as applications that people used to view static web sites sequentially. As web sites evolved into dynamic web applications composing content from various web sites, browsers have become multi-principal operating environments with resources shared among mutually distrusting web site principals. Nevertheless, no existing browsers, including new architectures like IE8, Google Chrome and OP, have a multi-principal operating system construction that gives a browser-based OS the exclusive control to manage the protection of all system resources among web site principals."
Microsoft says "this construction exposes intricate design issues that no previous work has identified, such as legacy protection of cross-origin script source, and cross-principal, cross-process display and events protection."
It believes its prototype implementation "indicates that it is realistic to turn an existing browser into a multi-principal OS that yields significantly stronger security and robustness with acceptable performance and backward compatibility" with existing web applications.
"In the Gazelle model, the browser-based OS, typically called the browser kernel, protects principals from one another and from the host machine by exclusively managing access to computer resources, enforcing policies, handling inter-principal communications, and providing consistent, systematic access to computing devices."
It puts each principal including plug-in content in a separate protection domain by using an OS process.
The hard part's evidently dealing with the "cross-origin" elements embedded in a web site.
Microsoft says "Gazelle's architecture cleanly separates between the act of rendering Web content and the policies of how to display the content. This cross-principal display protection is in stark contrast to commodity browsers that enable these two functions to intermingle, leading to security vulnerabilities."
- Google’s Enterprise Problem
- Building Video Calling with PubNub and WebRTC
- DataStax Announces New Startup Programme Offering Free Software, As Well As Free Training Courses For Cassandra Users And New Developer Tool
- Get Ready to Think Out (C)loud With Cloud Sherpas’ Upcoming Webinar Series
- Evaluation Report on Virtual Backup Software
- New PubNub App Template for WebRTC
- Strategic Enough to Matter, Code Halos and Mobile Apps
- GAMA : Quatre acteurs clefs, quatre stratégies différentes !
- 7 Christmas Gifts For Your Business
- Box and NSI Partnership Brings the Cloud to Businesses in the Middle East
- Wowza Joins Google Cloud Platform with Google Compute Engine
- The Master Plan for Enterprise Mobility
- WebRTC Summit at Cloud Expo Agenda Announced
- OneLogin Raises $13M to Power Expansion
- Cloud Security Alliance Releases Cloud Controls Matrix, Version 3.0
- Survey Finds Large Enterprises Adopting WebRTC
- WebRTC Summit | WebRTC: Test then Disrupt
- WebRTC Summit Speaker Submissions Open
- WSO2 Expands Identity Management Capabilities Across Cloud, Mobile and Web Applications With the Launch of WSO2 Identity Server 4.5
- Twilio and LiveOps to Deliver WebRTC Deployments
- BMC Software to Exhibit at Cloud Expo Silicon Valley
- Oracle Demonstrates WebRTC Solution with CounterPath's Bria
- OpenStack for the Enterprise – Showcasing the OpenStack Ecosystem
- GENBAND Showcases WebRTC and Cloud
- Where Are RIA Technologies Headed in 2008?
- The Top 250 Players in the Cloud Computing Ecosystem
- Dolphin Announces Open API With Over 50 Add-ons Including Dropbox and Wikipedia
- Personal Branding Checklist
- AJAXWorld 2006 West Power Panel with Google's Adam Bosworth
- Why Microsoft Loves Google's Android
- Google's OpenSocial: A Technical Overview and Critique
- Cloud Expo New York Call for Papers Now Open
- Wal-Mart To Sell $399 Ubuntu Linux-based Laptop with Google Operating System
- i-Technology Blog: Google Trends on Java, McNealy, AJAX, and SOA Give Pause For Thought
- i-Technology Blog: Is There Life Beyond Google?
- Android: Who Hates Google Over the Phone?