Coffeehouse Thread

10 posts

Microsoft Research - Embassies

Back to Forum: Coffeehouse
  • exoteric

    Interesting research from Microsoft Research about how to secure the browser.

    Microsoft Research page
    http://research.microsoft.com/en-us/projects/embassies/

    Usenix presentation
    https://www.usenix.org/conference/nsdi13/embassies-radically-refactoring-web

    Web browsers ostensibly provide strong isolation for the client-side components of web applications. Unfortunately, this isolation is weak in practice; as browsers add increasingly rich APIs to please developers, these complex interfaces bloat the trusted computing base and erode cross-app isolation boundaries.

    We reenvision the web interface based on the notion of a pico-datacenter, the client-side version of a shared server datacenter. Mutually untrusting vendors run their code on the user's computer in low-level native code containers that communicate with the outside world only via IP. Just as in the cloud datacenter, the simple semantics makes isolation tractable, yet native code gives vendors the freedom to run any software stack. Since the datacenter model is designed to be robust to malicious tenants, it is never dangerous for the user to click a link and invite a possibly-hostile party onto the client.

     

  • felix9

    To me security is just one aspect of Embassies, whats more interesting is use native api as the web DPI, POSIX or DrawBridge, and deliver native app image through Missive. This aspect works more like NaCl, in fact Embassies is largely based on Xax, which is considered a NaCl-like project.

    We have seen the theory in the NSDI presentation, but we haven't seen the demo, especially running Windows application through DrawBridge in Embassies browser. Smiley

  • eddwo

    Sounds like what Alan Kay has been arguing for for years.

     

  • fanbaby

    @felix9: It seems to me that Microsoft and the web didn't mix well up to now. Don't get me wrong, I think that IE4 was much much better then NS4, i know that innerHTML did come from Microsoft and so did xhrequest, but Microsoft contribution to the web and its standards is minute. Why do you think that is (if at all)?

  • exoteric

    @felix9:True, it's about much more than security but that's what they appear to use as the main selling point. They also reference NaCl in the paper, as you allude to.

    I wasn't aware of Missive; I guess you mean this?
    http://research.microsoft.com/apps/pubs/default.aspx?id=183460

    Perhaps Charles can interview these guys. Smiley

  • PopeDai
  • exoteric

    In (kind of) related news, an aspect of NaCl I've always wondered about - processor-architechture-independence - appears to have been solved now, with Portable NaCl (PNaCl).

  • felix9

    another video presentation:

    How to Run POSIX Apps in a Minimal Picoprocess by Jon Howell

    https://www.usenix.org/conference/atc13/how-run-posix-apps-minimal-picoprocess

  • Ray7

    , fanbaby wrote

    @felix9: It seems to me that Microsoft and the web didn't mix well up to now. Don't get me wrong, I think that IE4 was much much better then NS4, i know that innerHTML did come from Microsoft and so did xhrequest, but Microsoft contribution to the web and its standards is minute. Why do you think that is (if at all)?

    i would hardly call the Ajax protocol 'minute'. 

  • evildictait​or

    , Ray7 wrote

    *snip*

    i would hardly call the Ajax protocol 'minute'. 

    also the impact of innerHTML (and outerHTML) is pretty big too - but for the wrong reasons. It is the cause of a huge number of XSS bugs.

    HTML should be there to build the DOM that your page inherits when the page first loads - nothing more. If your JavaScript is writing HTML (not to be confused with interacting with the DOM or even creating or adding new elements to the DOM - which is safe and fine) at runtime then you're Doing It Wrong TM and you probably need to take a good long look at some books that can teach you how to write production quality websites.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.