Microsoft Proposes a More Secure Browser

Microsoft Research, in conjunction with researchers at several prominent technology-oriented universities, has published a thesis on what a new secure Web browser should look like. The paper addresses a number of security issues that have dogged browsers from day one, and gives hints at a possible future direction for Internet Explorer.

The Gazelle Web browser, as it’s codenamed, is a “secure web browser constructed as a multi-principal OS,” according to the report. It’s the outcome of a project under development at Microsoft Research called “MashupOS,” which Microsoft has discussed publicly.

In that paper, Microsoft researchers noted that the evolution of the browser “has led to an inadequate security model that forces Web applications to choose between security and interoperation.” MashupOS is “a set of abstractions that isolate mutually-untrusting web services within the browser, while allowing safe forms of communication.”

The problem, as Microsoft outlined, is that in a Web 2.0 world, you have to choose between convenience or security. The convenience of running mashups has to be countered against the security question of visiting one trusted Web site that may be pulling in applications and services from multiple unknown, untrusted Web sites.

The aim of MashupOS is to provide cross-domain protection that prevents code in one domain from compromising the integrity of other domains, controlling the communication lines between domains, and making minimal changes to the existing Web API to maintain backwards compatibility.

The authors noted that no existing browsers have a multi-principal operating system construction that gives the browser exclusive control to manage the protection of all system resources. In other words, browsers use the operating system’s kernel.

Turning the browser into an operating system

The Gazelle browser uses its own kernel, effectively turning the app into an operating system. This allows it to examine and identify traffic as it’s passed through the browser’s subsystems and lets it react to anything malicious with far more control than browser have previously had.

The report, written by some of the authors of the MashupOS paper as well as researchers from University of Washington and the University of Illinois at Urbana-Champaign, says that Gazelle is “an IE-based prototype that realizes Gazelle’s multi-principal OS architecture and at the same time utilizes all the backward-compatible parsing, DOM management, and JavaScript interpretation that already exist in IE.”

But don’t hold your breath for a new Gazelle-based browser. Microsoft officials say this is, for now, strictly a research project and there are no plans to productize Gazelle anytime soon.