Expert to Expert: Helen Wang and Alex Moshchuk - Inside Gazelle
- Posted: Apr 07, 2009 at 10:48 AM
- 47,791 Views
- 12 Comments
Download
How do I download the videos?
- To download, right click the file type you would like and pick “Save target as…” or “Save link as…”
Why should I download videos from Channel9?
- It's an easy way to save the videos you like locally.
- You can save the videos in order to watch them offline.
- If all you want is to hear the audio, you can download the MP3!
Which version should I choose?
- If you want to view the video on your PC, Xbox or Media Center, download the High Quality WMV file (this is the highest quality version we have available).
- If you'd like a lower bitrate version, to reduce the download time or cost, then choose the Medium Quality WMV file.
- If you have a Zune, WP7, iPhone, iPad, or iPod device, choose the low or medium MP4 file.
- If you just want to hear the audio of the video, choose the MP3 file.
Right click “Save as…”
- High Quality WMV (PC, Xbox, MCE)
- MP3 (Audio only)
- MP4 (iPod, Zune HD)
- Mid Quality WMV (Lo-band, Mobile)
- WMV (WMV Video)
Microsoft Research was in the news not too long ago regarding the innovative, outside-the-box research being done by MSR scientists on display at the annual MSR TechFest event. One of the stars of the show was a new web browser project named Gazelle.
Gazelle is a Microsoft Research prototype web browser constructed as a multi-principal OS (emphasis on research and prototype). From the Gazelle Microsoft Research Technical Report: Gazelle’s Browser Kernel is an operating system that exclusively manages resource protection and sharing across web site principals. This construction exposes intricate design issues that no previous work has identified, such as legacy protection of cross-origin script source, and cross-principal, cross-process display and events protection.
Interesting, Captain. This really piqued our curiosity so Erik Meijer and I decided to find out the inside scoop on Gazelle. Why choose an OS architecture to model a web browser? How does it work, exactly? What does multi-principal mean in the context of execution of web pages? Aren't we talking about isolated processes? What happens when a principal is compromised? Is the browser kernel completely isolated from code executing in a principal context(is it possible to "blue screen" Gazelle)? What are the intrinsic challenges with implementing this design? How performant is a multi-principal, kernel-based web browser (what if you have 40 principal contexts running simultaneously, for example)?
This is a great conversation with Gazelle project lead Helen Wang and Alex Moshchuk, a PhD student intern developer working on the Gazelle project. We cover a lot of ground and Erik and I are unusually curious given the fascinating model Gazelle represents for a truly secure web browser.
Enjoy! This is a birthday present from Channel 9 to you!
Gazelle is a Microsoft Research prototype web browser constructed as a multi-principal OS (emphasis on research and prototype). From the Gazelle Microsoft Research Technical Report: Gazelle’s Browser Kernel is an operating system that exclusively manages resource protection and sharing across web site principals. This construction exposes intricate design issues that no previous work has identified, such as legacy protection of cross-origin script source, and cross-principal, cross-process display and events protection.
Interesting, Captain. This really piqued our curiosity so Erik Meijer and I decided to find out the inside scoop on Gazelle. Why choose an OS architecture to model a web browser? How does it work, exactly? What does multi-principal mean in the context of execution of web pages? Aren't we talking about isolated processes? What happens when a principal is compromised? Is the browser kernel completely isolated from code executing in a principal context(is it possible to "blue screen" Gazelle)? What are the intrinsic challenges with implementing this design? How performant is a multi-principal, kernel-based web browser (what if you have 40 principal contexts running simultaneously, for example)?
This is a great conversation with Gazelle project lead Helen Wang and Alex Moshchuk, a PhD student intern developer working on the Gazelle project. We cover a lot of ground and Erik and I are unusually curious given the fascinating model Gazelle represents for a truly secure web browser.
Enjoy! This is a birthday present from Channel 9 to you!
Comments Closed
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation,
please create a new thread in our Forums,
or
Contact Us and let us know.
Follow the Discussion
http://dev.chromium.org/developers/design-documents/process-models
http://dev.chromium.org/developers/design-documents/multi-process-architecture
http://dev.chromium.org/developers/design-documents
C
Chromium (chromes base) is separated into two protection domains. These are a browser kernel and rendering engine. The rendering engine domain runs in a restricted sand box environment. Web pages and plugins are both executed in the rendering engine domain which means they have restricted access to your system. As with Gazelle, all communication to the kernel is done via a tight API proxied through IPC. From what I can tell, Gazelle offers no specific improvements over chrome in this area.
However Gazelle does shine! Gazelle puts serious priority on DOM and script interaction which is in desperate need of improvement in all current browsers. I definitely look forward to further information on this project in the future.
As for my chrome links, this area really interests me but companies are still fairly hush about what they're doing. Chrome is the exception to this, which is why I posted the links. There is a lot of valuable information there for anyone interested in this sort of thing.
C
If I need to redesign my website as a consequence, then so be it. With Silverlight and out of browser stuff, Gazelle offers me an extra layer of assurance. If it breaks a 10 year old website, then that is collateral damage.
C
Breaking the web seems like a worse issue than it is. Infact, IE8 already contains the solution for this. If the browser detects insecure scripting it could block the actions and indicate to the user that they may want to reload the site in compatibility mode.
@LordKain
Web browsers run on all kinds of devices today, from pcs to mobiles and fridges. Because of this there is a strong need to abstract the code from the underlying system. This means that even if you were to compile C++ for a special web environment, there would still need to be a layer of abstraction such as virtual machices or JIT. With Silverlight and Flash both having GPU support now, and the progressive increases in speed, the only advantage C++ on the web would have is language preference. Also its worth pointing out the impossibility of creating an accepted standard for how such a language would work across browsers.
This is interesting, one thing I wonder about is like.. similar to the http-only cookie (for reference, this wasn't something all browsers supported, making it a concern to use), how should developers target features then.. consider that I wanted to use http-only cookie to protect my cookie from any javascript, but gah- firefox at the time didn't support it so javascript WOULD be able to use it.
Isn't there a similar issue here, in some sense that whilst this is a really good addition, the security it helps enforce cannot be really trusted until all common browsers also do the same? perhaps this is something that should become the norm, that each browser implements this (or similar) model?
Maybe I'm missing something here. Process isolation on modern OSes are for stability rather than security. Sure - they can run under different security contexts, but that wasn't the primary driver for the model.
If we were to architect a presentation technology executing foreign code in a sandbox, would we end up with this?
Remove this comment
Remove this thread
close