Presentation on theme: "On the Design of a Web Browser: Lessons learned from Operating Systems Kapil Singh and Wenke Lee Georgia Institute of Technology Web 2.0 Security and Privacy."— Presentation transcript:
On the Design of a Web Browser: Lessons learned from Operating Systems Kapil Singh and Wenke Lee Georgia Institute of Technology Web 2.0 Security and Privacy – 2008
2 Motivation Browser has evolved from rendering static web pages to a host of variety of applications. Browser size has grown and is running much more application code. Effectively building up into a mini-OS. … so why not think of browser design based on known OS designs?
3 What we have today? All browser components run in one isolation boundary. Minimum or no isolation among components Problem of plug-ins increased code size Source of increasing browser vulnerabilities bad maintainability lack of flexibility Not much freedom to customize your browser
4 …Have we already seen these issues somewhere? Monolithic kernel design suffers from similar limitations! Can we do something better? Micro-kernel, Exokernel, SpinOS… Can the lessons from OS be applied to the browser design?
5 Design Principles Isolation between browser components Integrity of communication channels Separation between policy and mechanism Customization and Flexibility
6 Browser Design Goal: To leverage known OS designs to develop a secure and flexible web browser. Utilize the μ-kernel OS design [Leitdke95] Layered architecture with a kernel mode and a user mode. β-kernel provides complete mediation. All applications run on the layer on top of the β- kernel.
7 Browser from an OS view μ-kernel based OS β-kernel based browser
8 β-kernel: primitives Address space Communication between browser components Identity of browser components
9 β-kernel primitives: Address Space Enable isolation and customized access control. Memory management module owns complete address space at browser startup. Grant, Map and Flush operations. Applicable to browser cache and file system.
10 Example: Same Origin Policy X.com Memory Management Access Control grant Request Y.com Request Access X.com X map β-kernel Access Y.com X
11 Design Directions Single process browser better performance and memory management Intra-address space isolation [Ford08, Chiueh99] Vx32 provides lightweight sandbox for guest code in the host address space. Can control the systems calls from the guest code.
12 Single process: Performance (?)
13 Tackling browser extensions Browser design allows flexibility to develop your own memory management, access control, etc. on top of the kernel. Installation of new extensions mediated by the β-kernel. Communication interfaces verified according to the user policies. Execution verification and isolation Intra-process sandboxing
14 Conclusions Presented a new browser design based on the learnings from a μ-kernel design. Design shows potential, feasibility depends on performance and usability. Attempt to bridge the gap between OS designs and browser designs. Might be useful to utilize other experiences from the OS field.