Is There Room For a Secure Web Browser? 222
An anonymous reader points out an eWeek story about researchers from the University of Illinois at Urbana-Champaign who are designing a new web browser based on security. The new software, code-named OP for Opus Palladianum, will separate various components of the browser into subsystems which are monitored and managed by the browser kernel. Quoting:
"'We believe Web browsers are the most important network-facing application, but the current browsers are fundamentally flawed from security perspective,' King said in an interview with eWEEK. 'If you look at how the Web was originally designed, it was an application with static Web pages as data. Now, it has become a platform for hosting all kinds of important data and businesses, but unfortunately, [existing] browsers haven't evolved to deal with this change and that's why we have a big malware problem.' The idea behind the OP security browser is to partition the browser into smaller subsystems and make all communication between subsystems simple and explicit."
Somewhat pointless? (Score:5, Interesting)
"Our policy removes the burden of security from plug-in writers, and gives plug-ins the flexibility to use innovative network architectures to deliver content while still maintaining the confidentiality and integrity of our browser, even if attackers compromise the plug-in," he said.
Great! :)
But even if it works as planned...this new browser is going to enter the market and who is going to download it? A tiny percentage of internet users--those would be part of the same minority who would also know how to use Firefox (and other browsers) quite safely *right now*.
So who is this product for? Seems interesting from a design point of view, but unelss one of the big browsers adopts it, could it really make even a tiny dent on the security of the internet?
I predict no. The internet's main problem is between the monitor and keyboard ;-)
*iza
Re:Somewhat pointless? (Score:0, Interesting)
Re:Somewhat pointless? (Score:5, Interesting)
link to the paper:
http://www.cs.uiuc.edu/homes/kingst/Research_files/grier08.pdf [uiuc.edu]
Doomed by Expediency (Score:3, Interesting)
Next.
Seriously, yes, I'd love to see a secure browser I could recommend for my family's computers, but it's alot of hard ground-up work. (It might actually be faster to write a tool to port the current Gecko/Webkit tree to another language automatically than to start in on a whole new rendering engine in a secure language).
Get started now and the silicon will be fast enough by time the browser is ready.
Re:Somewhat pointless? (Score:5, Interesting)
Mozilla, Safari, and Opera gained market traction by having features that users or developers wanted that were not otherwise available. Security is a feature that many users, developers, and particularly network administrators desire. Say you have a choice between deploying your workstations with Firefox or with Secure Firefox, which one do you pick?
We're nearly to the stage where interface features (bookmarks, tabs, toolbars, javascript, flash, java) are reasonably complete and rendering speed and quality (Acid2, Acid3) is reasonably complete. So we can assume that any modern browser (including this new one) will be fully-featured and acid-compliant when released. It would be inane to do otherwise. So how do you improve browsers from here? Security *is* still an issue with browsers because they are *the* platform of the decade. Why not improve that?
Prove to me that security in IE, Firefox, Opera, and Safari is "good enough".
Re:Somewhat pointless? (Score:3, Interesting)
Re:Somewhat pointless? (Score:4, Interesting)
Re:part of the solution.... (Score:4, Interesting)
Run the browser in a Virtual Machine along with its plugins. When you close it flush all changes to the binaries and keep the changes to the history and cache.
You might not even need VMware to do this, just virtualize the files available to the browser and the memory available to the process. I dont think this will have a performance hit.
Re:Somewhat pointless? (Score:3, Interesting)
Re:Somewhat pointless? (Score:3, Interesting)
Re:Somewhat pointless? (Score:5, Interesting)
On a browse through I don't see anything directly tied to Trusted Computing in there. So maybe I jumped the gun, but this group *is* deep into the Trusted Computing stuff, and the Palladium-esque name sure seems like more than a coincidence, and looking the paper it is exactly the sort of design you'd want to adapt into a Trusted Computing browser.
So I'm still rather suspicious of the intent and connections behind it, but I will retract my positive tagging that it *does* explicitly intend to involve Trusted Computing.
-
anchient debate (Score:3, Interesting)
Re:The less functionality the better (Score:3, Interesting)
[...]
> This approach is known to work - it's similar to the approach used by operating system kernels.
Unfortunately, this approach is also known to have several big problems. Take a quick spin through google for the "confused deputy" problem and you will see one of the primary complaints of ACL-based security. Capability-security researchers think they have a solution and in fact created a capability-secure browser called CapDesk several years ago. If anyone is actually interested in the problem they should check it out.