Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MS Publishes Papers For a Modern, Secure Browser

Soulskill posted more than 5 years ago | from the new-and-different dept.

The Internet 296

V!NCENT writes with an excerpt from a new publication by Microsoft: "As web sites evolved into dynamic web applications composing content from various web sites, browsers have become multi-principal operating environments with resources shared among mutually distrusting web site principals. Nevertheless, no existing browsers, including new architectures like IE 8, Google Chrome, and OP, have a multi-principal operating system construction that gives a browser-based OS the exclusive control to manage the protection of all system resources among web site principals. In this paper, we introduce Gazelle, a secure web browser constructed as a multi-principal OS. Gazelle's Browser Kernel is an operating system that exclusively manages resource protection and sharing across web site principals." Here's the full research paper (PDF).

cancel ×

296 comments

Sorry! There are no comments related to the filter you selected.

Princi-what? (2, Funny)

Anonymous Coward | more than 5 years ago | (#26949967)

Principle. Principal. ?? WTF?

Re:Princi-what? (0)

Anonymous Coward | more than 5 years ago | (#26950119)

If you're implying that principal was a typo, I'm sure it wasn't.

Re:Princi-what? (0)

Anonymous Coward | more than 5 years ago | (#26950261)

No, the use of the word "principle" was a typo -- which has since been corrected by a slashdot editor. The original writeup stated:

"....resources among web site principles."

Re:Princi-what? (4, Insightful)

Divebus (860563) | more than 5 years ago | (#26950129)

Fascinating. Microsoft murdered Netscape and Java for going in this direction a decade ago and now they're writing about it like they invented the notion.

Re:Princi-what? (1)

UnderCoverPenguin (1001627) | more than 5 years ago | (#26950285)

But Netscape / Mozilla didn't continue this.

Re:Princi-what? (5, Insightful)

Hurricane78 (562437) | more than 5 years ago | (#26950325)

No. They tried to murder them for power. Pure power. IE was the one browser to rule them all.
Fortunately they were too stupid to do anything useful with that power. They only saved the money to continue developing their web developer torture instrument called IE

Luckily, then the great Mozilla rose:

Mammon slept. And the beast reborn spread over the earth and its numbers grew legion. And they proclaimed the times and sacrificed crops unto the fire, with the cunning of foxes. And they built a new world in their own image as promised by the sacred words, and spoke of the beast with their children. Mammon awoke, and lo! it was naught but a follower.

-- from The Book of Mozilla, 11:9 (10th Edition)

And Java is as far from dead as possible. Sun won the lawsuit against MS, and Java is one of the most used server languages.

I see the good of it. Without this event, there would be no Firefox, maybe no XHTML as we know it, not such a big popularity of open source software, and not the freedom of add-ins like AdBlock Plus or Greasemonkey and Firebug.

But I do not thank Microsoft for that.

Re:Princi-what? (3, Insightful)

pyrbrand (939860) | more than 5 years ago | (#26950603)

Actually, they murdered them for competition, as Corporations tend to do (I'm pretty sure there's no one on any side of these markets that would turn away market share).

Re:Princi-what? (2)

DavoMan (759653) | more than 5 years ago | (#26950819)

Actually, they murdered them for competition, as Corporations tend to do.

Google up the difference competitive and anti-competitive. Of course MS are a corporation - but there are some things you can do to make money, and some things you cant.

One of those things you cant do is engineer ways to prevent competitors from making a better product. That is a bad thing because then the top dog won't have any reason to innovate. Hence we have IE6

(I'm pretty sure there's no one on any side of these markets that would turn away market share).

To assume corporations are faceless and any company would do what any other company would do is just silly. If that were the case, then corporations wouldn't get singled out would they? Besides, companies have unique characteristics as much as any other complex entity.

All corporations try to make money - but they make money in very complex & interesting ways.

Re:Princi-what? (5, Insightful)

Divebus (860563) | more than 5 years ago | (#26950647)

And Java is as far from dead as possible.

Only through the force of programmers who eventually detected what Microsoft was up to. Please yip in if you have experience in this era of Visual Studio 97 and Visual Studio 6.0 and what it meant to polluting Java.

Initially, Microsoft "partnered" with Sun to embrace and develop Java. They released Visual Studio which included tools to work with Java - on Microsoft's terms. Sun quickly realized that Microsoft was targeting the Java language and the JVM for destruction and sued. Microsoft was extending Java to include Windows-only system calls, violating the agreements.

By the next year (1998), Microsoft was ordered to stop producing tools which used Sun's Java - but they continued with their own implementation (J++) which essentially extended Java but stripped away all the cross platform functionality. That was a knife in Java as intended - write once, run anywhere. By that time too many developers were using Microsoft's tools and they went along for the ride.

This is why so many people run the other way when Microsoft wants to get on board the Open Source bandwagon. Your throats are scheduled to be slit next.

Re:Princi-what? (0, Flamebait)

speedtux (1307149) | more than 5 years ago | (#26950673)

And Java is as far from dead as possible. Sun won the lawsuit against MS, and Java is one of the most used server languages.

Java is dead on the client.

On the server, it's increasingly turning into a niche and legacy language, kind of like COBOL

Re:Princi-what? (1)

lord_sarpedon (917201) | more than 5 years ago | (#26950831)

Applets are second/third class citizens these days - the sandboxing is a joke now too.

But it's not dying on the server. Not anytime soon.

Re:Princi-what? (1)

ady1 (873490) | more than 5 years ago | (#26950731)

There was no stupidity in their behavior.

There was no point in adding features since they already destroyed netscape and essentially, won the browser war.

Can't think of a decent car analogy for this one.

Does it really (2, Insightful)

Bromskloss (750445) | more than 5 years ago | (#26949981)

...have to be this complicated?

Re:Does it really (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26950003)

Second post!

Re:Does it really (5, Informative)

digitalunity (19107) | more than 5 years ago | (#26950099)

Highlights:

  • MS admits IE8 isn't secure.
  • Initial latency on named pipes is poor.
  • .NET based image serialization performance is poor.
  • Gazelle's plugin architecture will require software publishers to rewrite most of their plugins.
  • Using separate processes to render content on a single page causes significant latency due to process creation overhead.

Re:Does it really (4, Interesting)

harry666t (1062422) | more than 5 years ago | (#26950315)

> process creation overhead

Why does Windows have so much more overhead for creating processes? What is it about the Windows processes that makes them cost that much?

Re:Does it really (5, Funny)

isorox (205688) | more than 5 years ago | (#26950435)

What is it about the Windows processes that makes them cost that much?

License fees?

The kernel has to ensure processes are obeying any DRM and WGA restrictions

Re:Does it really (5, Informative)

beuges (613130) | more than 5 years ago | (#26950445)

Same reason that thread creation is cheap in Windows but expensive in Linux - different designs to suit different usage methodologies. In the *nix world, its very common to fork off new processes to deal with tasks, whereas in Windows, the trend is to keep everything within the same process, with multiple threads handling various tasks. Either methodology will work in either OS, and Microsoft could redesign Windows to favour processes instead of threads, and Linus et al could redesign Linux to favour threads instead of processes, but due to the way the OS's are currently used, it would be pointless.

Re:Does it really (0)

Anonymous Coward | more than 5 years ago | (#26950553)

IIRC, these days Linux uses the same mechanism for thread and process creation. So the cost is the same, modulo some differing bookkeeping.

Re:Does it really (2, Informative)

speedtux (1307149) | more than 5 years ago | (#26950599)

Thread creation in Linux is not expensive.

Re:Does it really (0)

Anonymous Coward | more than 5 years ago | (#26950617)

thread creation is expensive in Linux? How so? It just does fork() as it does with processes...

I don't know how Windows does it, though...

Re:Does it really (0)

Anonymous Coward | more than 5 years ago | (#26950641)

Threads was havey in Linux due to bad implementation until kernel 2.6. Threads, until 2.6, was just a wrapper using process. After 2.6, thread was properly implemented. Thread are, by definition, "lightweight process". They were created to be cheap. Unix in general has bad implementations. Luckly, now, Linux has a good implementation. And Windows still have very bad process implementation.

Re:Does it really (2, Informative)

ady1 (873490) | more than 5 years ago | (#26950821)

To add to this, threads are considered to be inexpensive in terms of RAM usage. Historically windows was designed for smaller computers with little amount of RAM.

Looking back its almost comical to think how much RAM each of MS OSes required. Although the architecture has significantly changed from windows 95 to windows nt/2000/xp, the requirement to make programs designed to work on older OSes kept the threading mechanism almost the same and therefore, more thread friendly environment.

that's cart before the horse. (1)

lkcl (517947) | more than 5 years ago | (#26950825)

no see my earlier posting on this subject: the use of Security Descriptors and potential checking against the PDC is what makes process creation expensive, which then makes _thread_ creation so cheap in NT, by comparison. ... you can't really secure threads from each other, so why bother, basically, was the general attitude that can clearly be seen to have been taken.

Re:Does it really (5, Informative)

lkcl (517947) | more than 5 years ago | (#26950803)

short answer: the ACL-based security model, which is transparently networked onto "NT Domain Security".

the design comprises:

* the evaluation of the security descriptor, which is a binary blob that needs to be decoded

* the creation of a process, where the parent has a security descriptor "inheritance" chain to its parent, to its parent etc. etc.

* the possibility for evaluating an individual ACE that could be on a remote machine (a PDC)

* just the _possibility_ of having to contact the remote machine (the PDC) leaves a design where the creation even of a local process requires the use of MSRPC (on "local rpc" pipes - ncalrpc) in order to not drastically overcomplicate the code any more than it already is.

goodness knows what else is going on, but it's very very powerful but unfortunately with that power and flexibility of design comes a whopping great overhead.

and no you can't cache the results very much because someone might revoke a user's right to CREATE_PROCESS and they'd get a bit unhappy about that not being obeyed.

Re:Does it really (0)

Anonymous Coward | more than 5 years ago | (#26950823)

What is it about the Windows processes that makes them cost that much?

Microsoft management thinks that selling products that cost a lot will improve their bottom line.

Re:Does it really (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26950331)

"Those who can, do. Those who can't, write papers."

Re:Does it really (4, Insightful)

CodeBuster (516420) | more than 5 years ago | (#26950461)

Using separate processes to render content on a single page causes significant latency due to process creation overhead.

It reminds me of the practical problems that were encountered in the Mach kernel [wikipedia.org] implementations and which, despite great initial interest and subsequent effort, were never satisfactoraly resolved. In fact, many have concluded that the concept of independent kernel process cooperating via message passing, regardless of the tasks that they are attempting to perform, is inherently slower than single process monolithic designs and although object orientation allows greater flexability and abstraction it is always paid for in raw performance. In many cases, and particularly in user space application software, the price is worth paying. However, it turns out that OS kernels are probably NOT one of those cases. I would be highly skeptical that Microsoft has found a way around the performance problems that the Mach people missed when it comes to a "multi-prinicipal browser" operating system. In fact, it is more likely that this is yet another case of Microsoft leveraging monopoly power in the OS market to answer the renewed threat on the browser front and "cutt off the oxygen supply" of mozilla, opera, and other competing browsers.

Re:Does it really (5, Informative)

lkcl (517947) | more than 5 years ago | (#26950105)

i've done event-driven vehicle simulators; i've clean-room network-reverse-engineered MSRPC and NT domains protocols; i've ported freedce to win32; i've added glib bindings to webkit and on top of that, ported a port of GWT to python even _more_ into python by adding DOM manipulation to pywebkitgtk.

in amongst all that mindless drivel of alphabet soup you should be getting a pretty clear picture that i'm not a stranger to complexity.

i've learned that if someone says "surely it doesn't have to be as complicated as all that", it's time to run like stink as fast as possible, out of the conversation and the room, and never look back.

browsers are effectively desktop technology within a desktop (and damn good at displaying widgets), except you're letting the web site dictate what "programs" are allowed to be "run" on your desktop^H^H^H^H^H^H^Hbrowser.

browsers are no longer "just HTML displayers", they are actually executing applications - _real_ applications - that in many instances happen to be written in javascript. GWT [google.com] , Pyjamas [pyjs.org] and RubyJS [rubyforge.org] should all hammer that point home.

with that in mind, why is it so hard to then imagine that, given that the "browser" is doing everything that you can also do with desktop widget UI toolkits, why is it so hard to appreciate that you need the full range of OS technology to support that desktop^H^H^H^H^H^H^H^Hbrowser technology?

Re:Does it really (5, Insightful)

obarthelemy (160321) | more than 5 years ago | (#26950257)

Basically, since the browser already runs on top of an OS, the surprising thing is that they want to reimplement another OS within the browser.

I assume that OS could run a browser which could run an OS which could... Do we really want that ? Why ?

Re:Does it really (0)

Anonymous Coward | more than 5 years ago | (#26950453)

If you had an OS that made process creation and interprocess communication fast and cheap, the browser could simply use the OS facilities for security and privilege separation. Oh wait... we were talking about Microsoft. Never mind.

Re:Does it really (5, Insightful)

pyrbrand (939860) | more than 5 years ago | (#26950689)

The main issue right now is that a given web page often displays information from separate sources. The classic example at this point is that if I want to display ads on my web page, I have to bring in content from another source, and I essentially have to trust that content not to do tricky things with JavaScript to muck with my page - you know, display obnoxious, or worse, spoof UI, scrape user data, attack a browser vulnerability, all sorts of nastiness. Ads aren't the only example of this, the same is true of mashups ala housingmaps.com etc.

Relying on the OS is essentially what this paper is proposing as far as I can tell. They suggest that each part of a page that is relying on a different source for its content be sandboxed in its own process. However, doing this requires changes to the browser since current browsers don't do this (although Chrome and IE8 do work to isolate each tab in its own process). There are other proposals out there in the wild such as Web Sandbox discussed recently: http://tech.slashdot.org/article.pl?sid=09%2F01%2F28%2F188254&from=rss [slashdot.org] , which takes a different approach (sanitizing javascript for badness and restricting its access to the main page).

sounds great! (1)

lkcl (517947) | more than 5 years ago | (#26950843)

i always wanted to write my own desktop, like webos or the example/demo that comes with extjs, using browser-based technology. then i can throw away all the silly desktops i never liked anyway, and run all my applications from inside the web browser. and, because i know that the browser technology is actually an OS, i know it's secure and also will have process-separation so that one app crashing won't take out my entire quotes browser quotes. hooray!

Re:Does it really (4, Informative)

Vellmont (569020) | more than 5 years ago | (#26950283)


i've learned that if someone says "surely it doesn't have to be as complicated as all that", it's time to run like stink as fast as possible, out of the conversation and the room, and never look back.

So you've never encountered a situation where someone added complexity because they couldn't see a simpler way to do something? I sure have. Dismissing the idea that something is too complicated and could be made far simpler out of hand simply seems wrong to me.

why is it so hard to then imagine that, given that the "browser" is doing everything that you can also do with desktop widget UI toolkits, why is it so hard to appreciate that you need the full range of OS technology to support that desktop

I could see a case for it. I could also see a case for doing it WITHOUT modifying the full range of OS technology. Why is it so hard to see that a secure browser could be done using existing operating systems?

Re:Does it really (3, Interesting)

UnderCoverPenguin (1001627) | more than 5 years ago | (#26950437)

Why is it so hard to see that a secure browser could be done using existing operating systems?

My quess would be that is it more palatable to call something completely new more secure than anything we currently have than it would be to concede a competitor is more secure (even if you are not MS).

definition of an Operating System (5, Interesting)

lkcl (517947) | more than 5 years ago | (#26950719)


why is it so hard to then imagine that, given that the "browser" is doing everything that you can also do with desktop widget UI toolkits, why is it so hard to appreciate that you need the full range of OS technology to support that desktop

I could see a case for it. I could also see a case for doing it WITHOUT modifying the full range of OS technology. Why is it so hard to see that a secure browser could be done using existing operating systems?

sorry, i assumed it would be clear. applications running within the browser are becoming more like _real_ applications - _real_ "desktop" applications, especially with downloadable-executable-code ( "plugins" such as as adobe ) having been thrown into the mix.

and you have multiple of "applications" running simultaneously.

therefore, you have security implications, application stability implications, and much more [i recently had firefox crash out-of-memory on linux, and i have 2gb of ram and 3gb of swap space].

therefore, you need to start looking at isolating the applications from each other, whilst also allowing them access across a common API to a central set of protected resources (screen, keyboard, mouse, other devices, memory, networking), to be able to communicate across that boundary without impacting any other applications or the central resource management layer itself.

and i think you'll find that if you look closely, that's pretty much the definition of an OS.

so, working from the requirements - the expectation that good, hostile, rogue or simply badly designed applications all need to be given a chance to run, you arrive naturally at the rather unfortunately-logical conclusion that the only decent way to fulfil the requirements is with an actual full-blown operating system.

to believe that anything else can fulfil the requirements, to provide multi-tasked application stability and security, really is sheer delusion, or is... like... expecting a 1980s apple mac OS with a 68000 CPU and no Virtual Memory support, to be "secure". ... actually, there _is_ one other possibility: Security-Enhanced Linux (specifically, the FLASK security model behind SE/Linux). and we know what people think of _that_, despite SE/Linux being incredibly good at its job.

Re:Does it really (1)

unlametheweak (1102159) | more than 5 years ago | (#26950371)

why is it so hard to then imagine that, given that the "browser" is doing everything that you can also do with desktop widget UI toolkits, why is it so hard to appreciate that you need the full range of OS technology to support that desktop^H^H^H^H^H^H^H^Hbrowser technology?

I have an operating system to run applications, that's why I don't need to run drive-bye applications on the Internet.

Re:Does it really (1, Insightful)

Firehed (942385) | more than 5 years ago | (#26950501)

Browser-based applications, while certainly not as powerful as most desktop apps (I've seen some web apps that are, but of course those tend to be the exception to the rule), are totally platform-independent*. When you write for the desktop, you're writing for a specific platform, and quite possibly a specific set of versions for that single platform. Web apps require no installation and will run on Windows, Mac, and Linux no problem. When someone creates an agreed-upon framework that's cross-platform, let me know; for now, that framework appears to be the haphazard combination of HTML, CSS, and JavaScript. Yes, there's always the Java VM option, but the web-based approach is still preferable for many things for a number of reasons. Maybe OpenCL or some derivative of it will take over eventually, but that day isn't today.

*Ignoring IE6 and earlier anyways. IE7 is usually close enough, and IE8 has behaved pretty predictably for me.

Re:Does it really (1)

vtcodger (957785) | more than 5 years ago | (#26950545)

***why is it so hard to appreciate that you need the full range of OS technology to support that desktop^H^H^H^H^H^H^H^Hbrowser technology?*** And the result is not going to be a security nightmare? I'm wrong sometimes, and I haven't really understood an OS since about 1966. But complicated almost certainly means lots of exploits and defects. I'm betting that handing over complete control of PC resources to a sociopathic teenager in Misnk will not end well in many cases.

Re:Does it really (1)

D. Taylor (53947) | more than 5 years ago | (#26950569)

i've done event-driven vehicle simulators; i've clean-room network-reverse-engineered MSRPC and NT domains protocols; i've ported freedce to win32; i've added glib bindings to webkit and on top of that, ported a port of GWT to python even _more_ into python by adding DOM manipulation to pywebkitgtk.

in amongst all that mindless drivel of alphabet soup you should be getting a pretty clear picture that i'm not a stranger to complexity.

i've learned that if someone says "surely it doesn't have to be as complicated as all that", it's time to run like stink as fast as possible, out of the conversation and the room, and never look back.

"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." -- Albert Einstein

Re:Does it really (1)

speedtux (1307149) | more than 5 years ago | (#26950655)

with that in mind, why is it so hard to then imagine that, given that the "browser" is doing everything that you can also do with desktop widget UI toolkits, why is it so hard to appreciate that you need the full range of OS technology to support that desktop^H^H^H^H^H^H^H^Hbrowser technology?

You do need the full range of OS technology, you just don't need to re-implement it. You don't need to reimplement it because it is the purpose of operating systems to provide this functionality to application programs and they are very good at that; that is, after all, the purpose of operating systems.

i've learned that if someone says "surely it doesn't have to be as complicated as all that", it's time to run like stink as fast as possible, out of the conversation and the room, and never look back.

That's probably because you know they are right and don't want to experience the well-deserved tongue lashing that follows next.

Re:Does it really (1)

thethibs (882667) | more than 5 years ago | (#26950805)

I'm going to guess that you were never asked to document your work.

Re:Does it really (1, Insightful)

Nakoruru (199332) | more than 5 years ago | (#26950123)

I have two answers.

The snarky answer is that when one writes a paper one has to make simple things sound as complicated as possible in order to make the paper look like you've discovered something interesting.

More likely it really does have to be this complicated considering that handling security when combining content from multiple sources cannot be made simple unless you make it trivial (no trust or complete trust).

It's not that complicated (1, Funny)

Anonymous Coward | more than 5 years ago | (#26950429)

The network is not trusted. Trust noone. As soon as you start building assumptions of trust of remote systems outside of your sphere of control into your model for operations to perform on the local machine, you're doing it wrong.

This is bot.NET: a system and method for pre-organizing zombie nodes for rapid assimilation by preparing trusted malware transmission vectors.

Re:Does it really (1)

unlametheweak (1102159) | more than 5 years ago | (#26950321)

...have to be this complicated?

If you want your browser to be a platform to run computer applications (java, javascript, flash, etc), then yes it makes sense for the browser to be an operating system. If you want a browser to be a Web browser (document viewer) then people should be happy with Lynx, or Firefox with all the scripting and pre-installed plug-ins turned off.

Are you... (1)

Hurricane78 (562437) | more than 5 years ago | (#26950367)

... that guy [failblog.org] ?

Hello, I just installed Ubuntu... (0, Offtopic)

Anonymous Coward | more than 5 years ago | (#26949997)

It has changed my life and made me happy. Please mod me informative or insightful. Thank you.

Re:Hello, I just installed Ubuntu... (0)

Anonymous Coward | more than 5 years ago | (#26950081)

You didn't say what version.

Re:Hello, I just installed Ubuntu... (1)

binarylarry (1338699) | more than 5 years ago | (#26950093)

I hope it's Tokin' Turtle.

I've had my EYE on that release for a while.

Re:Hello, I just installed Ubuntu... (0)

Anonymous Coward | more than 5 years ago | (#26950427)

it was anal-rape ape.

I am not reading TFA... (4, Funny)

NotQuiteReal (608241) | more than 5 years ago | (#26950001)

I was told my browser can't be trusted to read PDF fils.

Re:I am not reading TFA... (2, Funny)

Anonymous Coward | more than 5 years ago | (#26950333)

Your spell checker is broken as well.

Server already down? (1)

mattMad (1271832) | more than 5 years ago | (#26950037)

I am disappointed, Microsoft!

Re:Server already down? (2, Informative)

Anonymous Coward | more than 5 years ago | (#26950703)

Get the facts, you FUD-spewing Linux zealot! Downtime is good! It gives the servers time to rest!

Can't even get basic text right (0, Troll)

Yvan256 (722131) | more than 5 years ago | (#26950079)

Why is the part "among web site principals." on its own line? Can't Microsoft even do simple paragraphs right?

Re:Can't even get basic text right (1, Troll)

Yvan256 (722131) | more than 5 years ago | (#26950149)

What moron modded me troll? Not only I'm not lying about it, it's Microsoft's own fault. Go check the source of the page, "among web site principals." really is a single paragraph although it's clearly the end of the paragraph preceding it.

Re:Can't even get basic text right (2, Funny)

unlametheweak (1102159) | more than 5 years ago | (#26950485)

What moron modded me troll?

Troll is the new Funny.

Re:Can't even get basic text right (0)

Anonymous Coward | more than 5 years ago | (#26950649)

I don't have mod points, but everyone mod parent troll!

Re:Can't even get basic text right (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26950671)

because your comment sucked ass.

Err (1, Troll)

circlingthesun (1327623) | more than 5 years ago | (#26950087)

This might be a good idea bit seeing that this is coming from microsoft, I'll just play it safe and avoid this technology at all cost.

Re:Err (2, Informative)

John Hasler (414242) | more than 5 years ago | (#26950451)

Actually, seeing as it is from Microsoft research, there is little chance that it will ever be implemented.

Microsoft promising a secure system? (1, Insightful)

Stephen Samuel (106962) | more than 5 years ago | (#26950091)

I still remember when they had the big PR to-do about how they were no longer going to treat security as a PR issue.

I don't think I'll be rushing to buy tickets to on this boat.

Re:Microsoft promising a secure system? (2, Funny)

binarylarry (1338699) | more than 5 years ago | (#26950219)

Why not? Microsoft is a ship built so big its nigh unsinkable!

Re:Microsoft promising a secure system? (0)

Anonymous Coward | more than 5 years ago | (#26950351)

You know what else was nigh unsinkable?

Re:Microsoft promising a secure system? (1)

larry bagina (561269) | more than 5 years ago | (#26950449)

Fannie Mae. Freddie Mac. Bank of America. Citigroup. GM. Chrysler.

Re:Microsoft promising a secure system? (0)

Anonymous Coward | more than 5 years ago | (#26950759)

Certainly not you, as your density is a bit higher than water's.

Re:Microsoft promising a secure system? (0)

Anonymous Coward | more than 5 years ago | (#26950369)

Why not? Microsoft is a ship built so big its nigh unsinkable!

Well, if the water is less shallow than the boat is tall...

Re:Microsoft promising a secure system? (0)

Anonymous Coward | more than 5 years ago | (#26950539)

(Score:2, Troll)

Wow. Just wow.

Dear MS, (5, Insightful)

BitZtream (692029) | more than 5 years ago | (#26950097)

If you can't secure your basic OS, why exactly do you expect me to believe, or in fact even read a paper you wrote about a domain in which you absolutely suck?

Re:Dear MS, (1, Insightful)

ZouPrime (460611) | more than 5 years ago | (#26950281)

"Dear MS"? Who's MS? Microsoft has close to 100k employees in more than one hundred countries, working on completely different products and technologies. Do you think they somewhat are a monolithic entity, that all these employees share the same skills and areas of expertise? That somehow, every security experts Microsoft ends up hiring turn into incompetents?

I can't believe this was moded insightful. Oh, wait, this is slashdot!

Re:Dear MS, (1)

BarryNorton (778694) | more than 5 years ago | (#26950291)

MS Research are not the ones behind the production operating systems. That's like refusing to program in C because your phone line's unreliable.

Re:Dear MS, (4, Informative)

Anonymous Coward | more than 5 years ago | (#26950293)

This is a paper co-authored by security researchers from MS *Research*, UIUC, and UWash. It is *not* a white paper let alone some kind of release announcement from MS. Security for web browsers in light of Web 2.0 technology is a major research topic, and I've seen a number of papers which propose similar ideas. What happens at MS Research (which has some darn good scientists) does not have to and often doesn't make it into a MS product. For example there is a lot of impressive research on privacy done by Cynthia Dwork at MS Research: haven't seen it or heard of it being implemented or even considered for implementation.

So, chill out - this is a research paper, not news about MS's new browser.

Re:Dear MS, (1)

nebulus4 (799015) | more than 5 years ago | (#26950317)

Because they suck at implementation, not the research. So reading it wouldn't heart anyone.

Will this be Windows 9? (4, Interesting)

zappepcs (820751) | more than 5 years ago | (#26950125)

Grammar problems aside, TFA blurb is difficult to read and talks about MS offering a web browser that is an OS Kernel.... that is secure... and backward compatible!

I can only conclude that this website has been hacked, and this is a huge joke. Seriously, this sounds like MS PR machine trying to pour salt directly in the wounds of the boardmembers, or this was written by a person suffering delirium after being hit in the head by a flying chair. Well, perhaps it's just MS Marketing department trying reverse psychology?

In any case, it's rather surreal to read those words.

I'm off to check that there are no foreign substances in my coffee.

Re:Will this be Windows 9? (0)

Anonymous Coward | more than 5 years ago | (#26950289)

I can see the future of MS fanboy flame wars:

"IE is the *kernel*, not the web browser"

Re:Will this be Windows 9? (1)

pyrbrand (939860) | more than 5 years ago | (#26950725)

Really? To me it sounds like a typical pie-in-the-sky, "we haven't actually implemented this but we think it should work with just a little more effort" typical research paper to me. MSR is often more tied to academia than it is to product development although they've been working to better push ideas to the development side of the R&D slider.

Whatever this "thing" is eventually called, (1)

awfar (211405) | more than 5 years ago | (#26950739)

Microsoft has to have something to sell, and as they have in the past, selling you *another* OS is not out of the question.

And even if they are not new-product ready and profitable, I think it would be even more financially urgent to attempt adding complexity to the current technology mix to hold them over until they do. New browser, methods, new development envs., IDE's, New Serverxxx w/extensions, SPs, patches, everything that keeps their juggernaut running.

Secure, just like (0)

Anonymous Coward | more than 5 years ago | (#26950147)

ActiveX [milw0rm.com] probably.

Haha where is your [citation needed] now? (0)

Anonymous Coward | more than 5 years ago | (#26950217)

Hey J.delanoy, Raul654, RexNL and $pacebirdy, you have been citation needed on reference 19!

Willy on Haggers, telling the wikitruth since August 20 2004!

Gazelle's Browser Kernel .. (1)

viralMeme (1461143) | more than 5 years ago | (#26950241)

"In this paper, we introduce Gazelle, a secure web browser constructed as a multi-principal OS. Gazelle's Browser Kernel is an operating system that exclusively manages resource protection and sharing across web site principals"

Is this similar to Googles Chrome and its ability to run native X86 code [ezinearticles.com] , and what's Microsofts' definition of 'multi-principal', and is a working copy of Gazelle out yet?

wtf is a browser-based OS (1)

Gothmolly (148874) | more than 5 years ago | (#26950249)

A browser runs IN an OS, not the other way 'round, and despite the blurring of app and kernel in MS-land. If you're talking a browser-based UI, or an "operating environment" like Windows used to have decency to call itself, that's another story.

Re:wtf is a browser-based OS (0)

Anonymous Coward | more than 5 years ago | (#26950405)

They want to make a browser that tries to be an OS for the apps it runs.

If you do not rtfs, at least rtf comments.

Now... (1)

jamesmcm (1354379) | more than 5 years ago | (#26950255)

Now if only they could make one!

Virtual Machine (2, Interesting)

nurb432 (527695) | more than 5 years ago | (#26950273)

Stick a full VM into the browser. Problem solved. Except of course for the huge resources needed to view even the simplest of pages.

The entire push over the last few years to transferring processing load back onto the client is the wrong direction in my opinion, and the browser should remain a THIN client like the original intent. Keeping it a thin client by nature would be secure.

Right idea, wrong source (3, Insightful)

RichMan (8097) | more than 5 years ago | (#26950301)

Thought #1:
Microsoft forced the registry, DLL hell, and activeX on the world when they started with a really the nice VMS security model as the basis for NT.

Thought #2:
Java is an application language with structured layered protections. And Java is pretty much now an open standard and embedded in modern browsers.

Summary:
Sure the idea is right. Why don't we all just work on making Java better?

Caution:
From Microsoft this message sounds like a joke. They fought against Java and invented all that other crap that led to the creation of the Viris protection industry. If they had done it right 10 years ago we would not be here now.

Re:Right idea, wrong source (2, Insightful)

magamiako1 (1026318) | more than 5 years ago | (#26950377)

#1. Registry is fine. What about "library hell" and "dependency hell" that other operating systems have? or "conf hell"? There are many "hells" we can talk about that exist in all systems. It's the complex nature of how the applications work.

#2. Java is not embedded in modern browsers. You need to download an extra java client to run java applications. If you're talking about javascript, that is a different story.

#3. Viruses predate Microsoft's modern operating systems. First virus/worm: The Creeper virus was first detected on ARPANET, the forerunner of the Internet in the early 1970s.[3] Creeper was an experimental self-replicating program written by Bob Thomas at BBN in 1971.[4] Creeper used the ARPANET to infect DEC PDP-10 computers running the TENEX operating system. Creeper gained access via the ARPANET and copied itself to the remote system where the message, "I'm the creeper, catch me if you can!" was displayed. - Wikipedia.

Re:Right idea, wrong source (1)

pyrbrand (939860) | more than 5 years ago | (#26950771)

Actually, Sun essentially forced MS to fight against Java by not letting MS devs take the idea and run with it (which in a sense, is understandable since one of the goals of Java is interoperability). This meant that if an MS dev wanted to play with the language runtime idea, they had to do it on their own and thus the CLR was born, and C#, and Anders etc. In my mind this kind of competition is a good thing, especially as I watch the evolution of C# vs Java which started from a similar base. Java seems to be going down the path of conceptual purity and simplicity when it comes to the language while C# is introducing all sorts of convenience features such as LINQ, closures and other craziness (which in my mind just makes hard to read code, but then, there's always disagreements about where to draw the line).

Of all the companies out there, surely Microsoft (0, Flamebait)

unity100 (970058) | more than 5 years ago | (#26950311)

IS the one to put out a paper outlining guidelines for any secure software. we have decades of safe computer using and internet surfing to thank them for.

the short version .. (3, Informative)

viralMeme (1461143) | more than 5 years ago | (#26950349)

"Browser Kernel runs in a separate OS process, directly interacts with the underlying OS, and exposes a set of system calls for browser principals. We draw the isolation boundary across the existing browser principal1 defined by the same-origin policy (SOP) [34], namely, the triple of , using sandboxed OS processes"

Run the OS in a separate process using a restricted set of system calls and sandbox from the rest of the system. In other words don't do what we did with Internet Explorer and embed it into the core OS kernel.

Re:the short version .. (2, Insightful)

magamiako1 (1026318) | more than 5 years ago | (#26950399)

My question to you is what parts of Internet Explorer were "embedded into the kernel", and more importantly, what exploits and viruses/worms have access to the "kernel" of the operating system through IE.

I'm no Windows kernel expert, but if you are I'd love to learn some more.

Most of the problems I've seen with IE have more to do with users installing ActiveX applications rather than flat browser exploits. While browser exploits do exist and are important to guard against, a vast majority of problems that exist out there are user-initiated.

What worms or trojans hook into the kernel of the OS?

In other news... (0, Redundant)

jamesmcm (1354379) | more than 5 years ago | (#26950381)

In other news Fannie Mae publishes a paper on financial stability, Congress publishes a paper on honesty in politics and Dick Cheney publishes a paper on foreign policy and diplomacy.

Principals, Principals, Principals! (0)

Anonymous Coward | more than 5 years ago | (#26950395)

Ah, Microsoft research papers! The fine art of embracing, extending and extinguishing the dictionary, one word at a time.

simpler solution (0)

Anonymous Coward | more than 5 years ago | (#26950407)

Run the browser in X without a Window Manager. That's as secure as you're going to get right now.
 

Because they cant make a secure os (1)

scientus (1357317) | more than 5 years ago | (#26950465)

chrome is the best thing out there, and the only thing that has actually been done. of couse it kinda defeats the point when you are sending everything back to the mothership The Google, but if you use srware iron [srware.net] (a recompiled version with all the privacy stuff taken out) you a bit better off. (of course this is still sans inportant features non-existing in chromium like cookie permissions, script permissions, etc, that exist much better in firefox.)

First microsoft is saying that their own OS is not secure and that using the OS user sandbox is not secure, which it may be for Windows but isnt for other OS's

Second, Microsoft is saying that they have to put this in the kernel which is to everybodies disadvantage. from a security standpoint 1)It makes bugs in the application kernel bugs, 2)it makes it where you cant turn it off, and go to say a more secure browser 3)it means more kernel bloat. Then from a user standpoint it just means more incompatibilities between Microsoft's browser and a complete losing of choice.

Microsoft can go ahead and say its user model is broken, but that doesn't mean it doesn't work in other operating systems. Chromium is a quite decent model, and its only weakness is 1)it offers no protection from cookies, and actively gives information to The Google, 2) it cant work with plugins, for the same reason firefox cant control the permission of Flash cookies, chromium cant control plugins either, its the way they are designed. hopefully the element and HTML5 element are adopted and it becomes possible again to browse without ugly plugins.

and trashes Google Chrome .. (3, Insightful)

viralMeme (1461143) | more than 5 years ago | (#26950535)

"Process models 1 and 2 of Google Chrome are insecure since they don't provide memory or other resource protection across multiple principals in a monolithic process or browser instance. Model 4 doesn't provide failure containment across site instances [32].

Google Chrome's process-per-site-instance model is the closest to Gazelle's two processes-per-principal-instance model, but with several crucial differences: 1) Chrome's principal is site (see above) while ">Gazelle's [slashdot.org] principal is the same as the SOP principal
"

" Chrome's decision is to allow a site to set document:domain to a postfix domain (ad.socialnet.com set to socialnet. com). We argue in Section 3 that this practice has significant security risks. 2) A parent page's principal and its embedded principals co-exist in the same process in Google Chrome, whereas Gazelle places them into separate processes"

" Tahoma doesn't provide protection to existing browser principals. In contrast, Gazelle's Browser Kernel protects browser principals first hand "

Classic bait and switch, compare Chrome running on Windows to Gazelle running on some imaginary secure other OS. MS.memo: Googles Chrome is eating our lunch, quick rush out a 'research paper' trashing it, and pretend Chrome is playing catch-up with Gazelle. Like, if Chrome was so bad, then why expend time in criticizing it.

Re:and trashes Google Chrome .. (5, Funny)

Too Much Noise (755847) | more than 5 years ago | (#26950667)

" Tahoma doesn't provide protection to existing browser principals."

That's it. I'm switching to Comic Sans.

Re:and trashes Google Chrome .. (1)

sagematt (1251956) | more than 5 years ago | (#26950743)

" Tahoma doesn't provide protection to existing browser principals.

Well, I should switch to another font then. What do you recommend, Comic Sans?

How comforting (1)

Runaway1956 (1322357) | more than 5 years ago | (#26950555)

After what? 25 years of practicing and beta testing, Microsoft has finally drawn up a white paper on a "secure browser" ?? WTF?!?!?! MS should just send the bastards responsible for Internet Explorer to school at Google, Opera, Firefox, Aurora, Konqueror, etc.......

The next gen OS? (0)

Anonymous Coward | more than 5 years ago | (#26950589)

There was a recent article in Wired magazine in which the newest CEO was interviewed (by a reporter that seemed a bit too awestruck by the man, imho). In any case, the article was entitled something like 'How will turn MS around'. I'm sure you could find it on Wired.com with a search if you looked.

In any case, they spoke a fair amount of MS's new plan to make a future OS that functions "within in the cloud". The main idea was that the OS would not be a thing native to the machine it was being run on, but instead something that was provided by a link to 'the cloud' (read: internet).

I thought it was pretty foolish at the time much like many of the PC games DRM's demanding a link to the net. I know more than a few people that refused to buy Halflife 2 for that reason, and only that reason (thought of lack of replay-ability in say, 10 years time due to lack of server support). I'm wondering if this news is MS's first public step towards that end.

It would be great, too. Loosing the vast majority of the usefulness of your PC to a freak storm that takes down your internet connection or a mistake by your ISP. And how would that tax the already 'clogged intertubes'. And this whole net-netrality thing suddenly gets murkier... so many crazy things that i'm sure are just drawing the rest of us to charishing such a move.

And to top it off it would force people to continue to either rent an OS or even upgrade as the OS would be a MS server, not a product. No more "Vista? No thanks" arguements in the future...

Congrats to Microsoft on their latest invention (1)

haruchai (17472) | more than 5 years ago | (#26950785)

The Virtual Machine!! What's the patent number on this one?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?