GoingDeep: Gazelle - Operating System Architecture and Web Browser Security

Microsoft Research was in the news not too long ago regarding the innovative, outside-the-box research being done by MSR scientists on display at the annual MSR TechFest event. One of the stars of the show was a new web browser project named Gazelle.

Gazelle is a Microsoft Research prototype web browser constructed as a multi-principal OS (empahsis on research and prototype).  From the Gazelle Microsoft Research Technical Report: Gazelle’s Browser Kernel is an operating system that exclusively manages resource protection and sharing across web site principals. This construction exposes intricate design issues that no previous work has identified, such as legacy protection of cross-origin script source, and cross-principal, cross-process display and events protection.

Interesting, Captain. This really piqued our curiosity so Erik Meijer and I decided to find out the inside scoop on Gazelle. Why choose an OS architecture to model a web browser? How does it work, exactly? What does multi-principal mean in the context of execution of web pages? Aren't we talking about isolated processes? What happens when a principal is compromised? Is the browser kernel completely isolated from code executing in a principal context(is it possible to "blue screen" Gazelle)? What are the intrinsic challenges with implementing this design? How performant is a multi-principal, kernel-based web browser (what if you have 40 principal contexts running simultaneously, for example)? 

This is a great conversation with Gazelle project lead Helen Wang and Alex Moshchuk, a PhD student intern developer working on the Gazelle project. We cover a lot of ground and Erik and I are unusually curious given the fascinating model Gazelle represents for a truly secure web browser.

Enjoy! This is a birthday present from Channel 9 to you!