In search of better Web security: Three approaches
It feels as if we've been waiting forever for Microsoft Internet Explorer 8, which is why the fuss a few days back over Microsoft Research's "Gazelle" project -- ZOMG NEW BROWSER MAYBE!!!! -- was sort of refreshing and fun, if pretty far removed from reality as we know it.
The confusion came down to some observers' misunderstanding of the relationship between Microsoft Research and the parts of the company that actually ship products. Microsoft Research is, of course, a research facility; they think interesting thoughts, they test their theories, and after that maybe their ideas are taken up and maybe they're not.
That said, anyone interested in better security -- or fewer reboots -- can find some interesting parallels in what we know about the Gazelle project and what we see today in IE8, as well as in competing browsers such as Mozilla Firefox 3 and Google Chrome. More importantly, we're at a point in the browser-development process where we have a pretty good idea what the future will look like...or where the researchers thinking we're heading, anyway.
IE8, Chrome, and Firefox 3 each tackle, in different respects, the problem of allowing Web sites to draw content from multiple sources while keeping all those activities (and the system resources they require) from causing trouble more broadly. That's a nontrivial problem, and users of either Firefox 2 or IE7 will remember how those browsers struggled to juggle all the pins, especially where resource allocation was concerned. (Google would probably acknowledge that being the youngest of the three browsers has worked to Chrome's advantage, since it started life with a clear idea of managing resources in the modern era.)
That pretty much describes how the major browsers have chosen to tackle the existing problem. Going forward, though, we know a few things: We know that we'll all be doing more, not less, through our browsers. We know that the pages we visit and use are likely to increase in complexity. We know that malware purveyors will likely continue to target attack surfaces exposed by bad browser and/or page and/or code behavior. And we know that not only with the Web continuing to get bigger, it'll expand its "eternal now" -- that is, pages built using the very freshest HTML / JavaScript / not-even-invested-yet techniques will co-exist with pages that haven't changed since someone slapped them online back in the mid-90s.
That's a lot to cope with. Presently, there are three research efforts tackling this problem that you need to know about. All posit that the way forward lies in a "browser kernel" or "browser operating system" -- a means of structuring the browser's activities so the browser itself can behave like an OS and manage browser activity accordingly. The Gazelle project embodies one line of browser-OS thinking; OP, a project from the University of Illinois at Urbana-Champaign, describes another; and Tahoma, from the University of Washington, maps a third.
Old-timers may remember UIUC as the school that gave us Mosaic, the first graphical browser; if so, you'll be amused to hear that "OP" stands for opus palladianum, a Latin term describing the work of assembling the pieces of which a mosaic is made. Tahoma, meanwhile, is named for the same native tribe that gave its name to Seattle's neighboring city of Tacoma. (The name was mangled when it was applied to the town, but if you know Tacoma you understand that this is utterly appropriate. What it means for the browser... well, read on.)
OP is a browser designed from the ground up to be secure. In contract, Gazelle's tech is designed to sit atop an existing browser, and Tahoma lays down a BOS (browser OS) and essentially sets up virtual machines to contain applications the browser is running.
Now, understand that the research teams that think through these things aren't working in isolation chambers. In fact, two of the three researchers on "Secure web browsing with the OP web browser" (PDF available here) are also listed as contributors on "The multi-principal OS construction of the Gazelle Web browser" (PDF available here). Likewise, all hands are familiar with "A safety-oriented platform for web applications" (PDF available here), the Tahoma paper, which predates the other two.
To figure out where things may be heading, therefore, let's look at the basic premises and conclusions for each. All three papers include copious detail and will provide absorbing reading for security and/or programming nerds, but if you need the water-cooler version, you've come to the right place.
Next: Tahoma: Box it and block it...