Microsoft toughens up browser with Gazelle

 

Gallery

Posted on 24 Feb 2009 at 11:40

Microsoft Research has laid out its vision of a prototype browser called Gazelle that includes operating-system features to make it more secure.

Microsoft envisages a browser kernel that acts as a "multi-principal" operating system capable of dividing website elements, such as web pages and plugins, into their own protected processes for greater security against cross-site attacks.

It's a similar approach to that taken by Google's Chrome, however, instead of simply dividing individual web pages into their own processes, Gazelle also separates subdomains and lumps the plugins from all opened sites into their own secured sinbin.

"Just as in desktop applications where instances of an application are run in separate processes for failure containment, we run instances of principals in separate protection domains for the same purpose," the authors write in a paper pithily entitled The Multi-Principal OS Construction of the Gazelle Web Browser.

"For example, when the user browses the same URL from different tabs, it corresponds to two instances of the same principal; when a.com embeds two b.com iframes, the b.com iframes correspond to two instances of b.com; however, multiple same-origin frames in a page are in the same principal instance as the page."

The paper's authors claim to have built a prototype for Gazelle based on Internet Explorer. They claim this demonstrates "Gazelle's multi-principal OS architecture and at the same time all the backward-compatible parsing, DOM management and JavaScript interpretation that already exist in IE".

Author: Stuart Turton