Multi-Principal OS Construction of the Gazelle Web Browser

By way of Jonathan Allen's post on InfoQ: "Microsoft’s Web Browser-Based OS: Gazelle", I came across this Microsoft Research paper "The Multi-Principal OS Construction of the Gazelle Web Browser" [MSR Page]. The abstract states:

Web browsers originated as applications that people used to view static web sites sequentially. As web sites evolved into dynamic web applications composing content from various web sites, browsers have become multi-principal operating environments with resources shared among mutually distrusting web site principals. Nevertheless, no existing browsers, including new architectures like IE 8, Google Chrome, and OP, have a multi-principal operating system construction that gives a browser-based OS the exclusive control to manage the protection of all system resources among web site principals.

 

In this paper, we introduce Gazelle, a secure web browser constructed as a multi-principal OS. Gazelle’s Browser Kernel is an operating system that exclusively manages resource protection and sharing across web site principals. This construction exposes intricate design issues that no previous work has identified, such as legacy protection of cross-origin script source, and cross-principal, cross-process display and events protection. We elaborate on these issues and provide comprehensive solutions.

 

Our prototype implementation and evaluation experience indicates that it is realistic to turn an existing browser into a multi-principal OS that yields significantly stronger security and robustness with acceptable performance. Our security policies pose some incompatibility, the cost of which requires further investigation.

[Excerpt from: MSR Technical Report MSR-TR-2009-16]

Given all the talk surrounding another browser-based OS being developed, this is really an interesting and relavant read.