2006 IEEE Symposium on Security and Privacy (S&P'06) (2006)
May 21, 2006 to May 24, 2006
pp: 15 pp.-364
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.2006.4
R.S. Cox , Dept. of Comput. Sci. & Eng., Washington Univ., USA
This paper describes the architecture and implementation of the Tahoma Web browsing system. Key to Tahoma is the browser operating system (BOS), a new trusted software layer on which Web browsers execute. The benefits of this architecture are threefold. First, the BOS runs the client-side component of each Web application (e.g., on-line banking, Web mail) in its own virtual machine. This provides strong isolation between Web services and the user's local resources. Second, Tahoma lets Web publishers limit the scope of their Web applications by specifying which URLs and other resources their browsers are allowed to access. This limits the harm that can be caused by a compromised browser. Third, Tahoma treats Web applications as first-class objects that users explicitly install and manage, giving them explicit knowledge about and control over downloaded content and code. We have implemented a prototype of Tahoma using Linux and the Xen virtual machine monitor. Our security evaluation shows that Tahoma can prevent or contain 87% of the vulnerabilities that have been identified in the widely used Mozilla browser. In addition, our measurements of latency, throughput, and responsiveness demonstrate that users need not sacrifice performance for the benefits of stronger isolation and safety
Application software, Computer architecture, Delay, Service oriented architecture, Operating systems, Banking, Postal services, Virtual machining, Web services, Uniform resource locators
R. Cox, J. Hansen, S. Gribble and H. Levy, "A safety-oriented platform for Web applications," 2006 IEEE Symposium on Security and Privacy (S&P'06)(SECPRI), Berkeley/Oakland, CA, 2009, pp. 15 pp.-364.