| By Maureen O'Gara |
Article Rating: |
|
| July 10, 2009 07:45 AM EDT |
Reads: |
7,535 |
Google's not the only one spouting the old Netscape line about the browser as platform or trying to evolve it into an operating system that can support an increasingly sophisticated web environment. Microsoft, which has yet to dignify word of Google's proposed Chrome OS with a response, has similar ideas.
As part of a long-term project meant to bring web applications into functional and quality parity with desktop apps, Microsoft Research has been working on a browser code-named Gazelle that it will describe next month at the Usenix Security Symposium in Montreal.
Microsoft says it's the first time a browser has been implemented as a so-called multi-principal operating system but insists it's just research, not a product prototype.
In browser-speak a principal is a web site. So multi-principals are web pages that consist of content from different principals, each demanding 
resources that are unmanaged because the traditional browser's not up to it.
That means "an ad containing malicious or poorly written code could hog the network connection, degrade performance, freeze the entire page, or crash the browser."
But "in a browser operating system, a ‘bad' principal would not be allowed to affect other principals, the browser, or the host machine."
Gazelle's kernel is an operating system that "exclusively manages resource protection and sharing across web site principals."
In Microsoft's history of creation, "Web browsers originated as applications that people used to view static web sites sequentially. As web sites evolved into dynamic web applications composing content from various web sites, browsers have become multi-principal operating environments with resources shared among mutually distrusting web site principals. Nevertheless, no existing browsers, including new architectures like IE8, Google Chrome and OP, have a multi-principal operating system construction that gives a browser-based OS the exclusive control to manage the protection of all system resources among web site principals."
Microsoft says "this construction exposes intricate design issues that no previous work has identified, such as legacy protection of cross-origin script source, and cross-principal, cross-process display and events protection."
It believes its prototype implementation "indicates that it is realistic to turn an existing browser into a multi-principal OS that yields significantly stronger security and robustness with acceptable performance and backward compatibility" with existing web applications.
"In the Gazelle model, the browser-based OS, typically called the browser kernel, protects principals from one another and from the host machine by exclusively managing access to computer resources, enforcing policies, handling inter-principal communications, and providing consistent, systematic access to computing devices."
It puts each principal including plug-in content in a separate protection domain by using an OS process.
The hard part's evidently dealing with the "cross-origin" elements embedded in a web site.
Microsoft says "Gazelle's architecture cleanly separates between the act of rendering Web content and the policies of how to display the content. This cross-principal display protection is in stark contrast to commodity browsers that enable these two functions to intermingle, leading to security vulnerabilities."
See http://research.microsoft.com/apps/pubs/default.aspx?id=79655 for the white paper The Multi-Principal OS Construction of the Gazelle Web Browser.
Subscribe to Open Web Email News Alerts
Subscribe via RSS
