[owasp-intrinsic-security] The Multi-Principal OS Construction ofthe Gazelle Web Browser

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Sun Feb 22 17:32:21 EST 2009

I've been advocating multiple per-page principals for a while because Caja, FBML, etc., don't really address "horizontal" or "data layer" access control issues in sandbox security. Those projects are all about limiting what system functions or global objects you can access, but I think we need to have a system that makes sure you can only operate on DOM elements that belong to you, or make sure code you execute doesn't allow you to get outside of your visual jail-box.
I have to study this paper to see if it's close - it sounds very ambitious.


From: owasp-intrinsic-security-bounces at lists.owasp.org on behalf of Marcin Wielgoszewski
Sent: Sun 2/22/2009 3:23 PM
To: owasp-intrinsic-security at lists.owasp.org
Subject: [owasp-intrinsic-security] The Multi-Principal OS Construction ofthe Gazelle Web Browser

A paper published by Microsoft:

Haven't had the time to go through it, but from the abstract, it talks
about the browser being its own kernel.

Marcin Wielgoszewski

owasp-intrinsic-security mailing list
owasp-intrinsic-security at lists.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-intrinsic-security/attachments/20090222/cc7242a7/attachment.html 

More information about the owasp-intrinsic-security mailing list