Scribd
Upload
64 views

Introduction To Browser Isolation

The document discusses browser isolation and Chromium's security architecture. It describes how the browser enforces a security policy through sandboxing components like the rendering engine. The rendering engine runs in separate processes with restricted access control through the use of OS mechanisms like restricted tokens and job objects. This isolation approach aims to balance security, compatibility, and usability.

Uploaded by

Harpreet Singh
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
64 views

Introduction To Browser Isolation

The document discusses browser isolation and Chromium's security architecture. It describes how the browser enforces a security policy through sandboxing components like the rendering engine. The rendering engine runs in separate processes with restricted access control through the use of OS mechanisms like restricted tokens and job objects. This isolation approach aims to balance security, compatibility, and usability.

Uploaded by

Harpreet Singh
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

Module 4.

5
Introduction to Browser Isolation
Web browser: an analogy

Operating system Web browser


Subject: Processes Subject: web content (JavaScript)
Has User ID (UID, SID) Has Origin
Discretionary access control Mandatory access control
Objects Objects
File Document object model
Network Frames
Cookies / localStorage
Vulnerabilities Vulnerabilities
Untrusted programs Cross-site scripting
Buffer overflow Implementation bugs

The web browser enforces its own internal policy. If
the browser implementation is corrupted, this
Components of security policy
Frame-Frame relationships
canScript(A,B)
Can Frame A execute a script that manipulates
arbitrary/nontrivial DOM elements of Frame B?
canNavigate(A,B)
Can Frame A change the origin of content for Frame B?
Frame-principal relationships
readCookie(A,S), writeCookie(A,S)
Can Frame A read/write cookies from site S?
Chromium Security Architecture
Browser ("kernel")
Full privileges (file system,
networking)
Rendering engine
Up to 20 processes
Sandboxed
One process per plugin
Full privilegesof browser
Chromium
Communicating
sandboxed
components

See: http://dev.chromium.org/developers/design-documents/sandbox/
Design Decisions
Compatibility
Sites rely on the existing browser security policy
Browser is only as useful as the sites it can render
Rules out more clean slate approaches
Black Box
Only renderer may parse HTML, JavaScript, etc.
Kernel enforces coarse-grained security policy
Renderer to enforces finer-grained policy decisions
Minimize User Decisions
Task Allocation
Leverage OS Isolation
Sandbox based on four OS mechanisms
A restricted token
The Windowsjobobject
The Windowsdesktopobject
Windows Vista only: integrity levels
Specifically, the rendering engine
adjusts security token by converting SIDS to DENY_ONLY,
adding restricted SID, and calling AdjustTokenPrivileges
runs in a Windows Job Object, restricting ability to create
new processes, read or write clipboard, ..
runs on a separate desktop, mitigating lax security checking
of some Windows APIs
See: http://dev.chromium.org/developers/design-documents/sandbox/
Evaluation: CVE count
Total CVEs:

Arbitrary code execution vulnerabilities:


Summary
Security principles
Isolation
Principle of Least Privilege
Qmail example
Access Control Concepts
Matrix, ACL, Capabilities
OS Mechanisms
Unix
File system, Setuid
Windows
File system, Tokens, EFS
Browser security architecture
Isolation and least privilege example
Lecture 4: Module-wise Summary
Total 5 Modules on Secure System Architecture
and Access Control
Module 4.1: Secure Architecture Principles: Isolation
and Least Privilege
Module 4.2: Access Control Concepts
Module 4.3: Unix and Windows Access Control
Summary
Module 4.4: Other issues in Access Control
Module 4.5: Introduction to Browser Isolation

You might also like