E-commerce Chapter 7 case 1

E-commerce Chapter 7 case 1 - The Multi-Principal OS...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: The Multi-Principal OS Construction of the Gazelle Web Browser Helen J. Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, Herman Venter Microsoft Research, University of Illinois at Urbana-Champaign, University of Washington { helenw, pialic, hermanv } @microsoft.com, { grier, kingst } @uiuc.edu, anm@cs.washington.edu MSR Technical Report MSR-TR-2009-16 Abstract Web browsers originated as applications that people used to view static web sites sequentially. As web sites evolved into dynamic web applications composing content from various web sites, browsers have become multi-principal operating environments with resources shared among mutually distrusting web site principals . Nevertheless, no existing browsers, including new architectures like IE 8, Google Chrome, and OP, have a multi-principal operating system construction that gives a browser-based OS the exclusive control to manage the protection of all system resources among web site principals. In this paper, we introduce Gazelle, a secure web browser constructed as a multi-principal OS. Gazelles Browser Kernel is an operating system that exclusively manages resource protection and shar- ing across web site principals. This construction exposes intricate design issues that no previous work has identified, such as legacy protection of cross-origin script source, and cross-principal, cross-process display and events protection. We elaborate on these issues and provide comprehensive solutions. Our prototype implementation and evaluation experience indicates that it is realistic to turn an ex- isting browser into a multi-principal OS that yields significantly stronger security and robustness with acceptable performance. Our security policies pose some incompatibility, the cost of which requires further investigation. 1 Introduction Web browsers have evolved to be a multi-principal operating environment where a principal is a web site [39]. Similarly to a multi-principal OS, recent proposals [11,12,22,39,42] and browsers like IE 8 [30] and Firefox 3 [15] advocate and support abstractions for cross-principal communication (e.g., PostMessage ) and protection (for frames) to web programmers. Nevertheless, no existing browsers, including new archi- tectures like IE 8 [23], Google Chrome [33], and OP [20], have a multi-principal OS construction that gives a browser-based OS, typically called Browser Kernel, the exclusive control to manage the protection and fair-sharing of all system resources among browser principals. In this paper, we present a multi-principal OS construction of a secure web browser, called Gazelle. Gazelles Browser Kernel exclusively provides cross-principal protection and fair sharing of all system re- sources. In this paper, we focus on resource protection only....
View Full Document

This note was uploaded on 11/17/2010 for the course ABORKER jong hyuk taught by Professor Mr.steve during the Spring '10 term at UAA.

Page1 / 20

E-commerce Chapter 7 case 1 - The Multi-Principal OS...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online