Microsoft's 'Gazelle' Browser: More Secure?
A new approach to coding the browser may help Microsoft offer more security than has ever been possible with Internet Explorer.
Microsoft Research, in conjunction with researchers at several prominent technology-oriented universities, has published a thesis on what a new secure Web browser should look like. The paper addresses a number of security issues that have dogged browsers from day one, and gives hints at a possible future direction for Internet Explorer.
The Gazelle Web browser, as it's codenamed, is a "secure web browser constructed as a multi-principal OS," according to the report. It's the outcome of a project under development at Microsoft Research called "MashupOS," which Microsoft has discussed publicly.
In that paper, Microsoft researchers noted that the evolution of the browser "has led to an inadequate security model that forces Web applications to choose between security and interoperation." MashupOS is "a set of abstractions that isolate mutually-untrusting web services within the browser, while allowing safe forms of communication."
The aim of MashupOS is to provide cross-domain protection that prevents code in one domain from compromising the integrity of other domains, controlling the communication lines between domains, and making minimal changes to the existing Web API to maintain backwards compatibility.
The authors noted that no existing browsers have a multi-principal operating system construction that gives the browser exclusive control to manage the protection of all system resources. In other words, browsers use the operating system's kernel.
This article was first published on InternetNews.com.