Researchers Say Gazelle Browser Offers Better Security
Researchers at various universities are working with Microsoft Research to develop a more secure Web browser code-named Gazelle. The researchers recently demonstrated Gazelle on Windows Vista and with Internet Explorer's Trident renderer, and have also published a paper describing the project. Gazelle uses a browser-based operating system, a browser kernel that consists of approximately 5,000 lines of C# code and can withstand memory attacks. No existing browsers, including new architectures like IE 8, Google Chrome, and OP [another experimental browser], have a multi-principal OS construction that gives a browser-based OS, typically called browser kernel, the exclusive control to manage the protection and fair-sharing of all system resources among browser principals.
A team consisting of Microsoft Research personnel and university staff members has demonstrated a potentially more secure Web browser called Gazelle. A paper (PDF) describing the browser prototype was published at Microsoft Research Thursday.
However this research team, led by Helen J. Wang and others, appears to be doing work that's separate from Microsoft's Internet Explorer 8 team. IE8 and Google Chrome frequently appear in the paper as examples of browsers that get security wrong.
The principals, or Web sites, communicate with each other by passing messages through the browser kernel, which manages security and the sharing of system resources. The browser uses separate processes to run a Web page and its embedded principals. Still in the prototype stage, Gazelle is slow because of its level of overhead, and the team also will have to address the browser plug-in issue.