A very interesting paper was just published by Microsoft Research that details a browser construction that acts more like an operating system, partitioning off resources only to those who need it.
Although our architecture may seem to be a straightforward application of multi-principal OS construction to the browser setting, it exposes intricate problems that didn’t surface in previous work, including dealing with legacy protection for cross-origin script source, display protection, and resource allocations in the face of cross-principal web service composition common on today’s web. We detail our solutions to the first two problems and leave resource allocation as future work.
In our browser design, we take the general stance that security (maintaining the multi-principal OS principles by having Browser Kernel exclusively manage the resource protection and sharing) comes before backward compatibility. We will not trade significant security risks for compatibility. Nevertheless, we will also not settle on a design that breaks many parts of the web to secure just a few sites. We present design rationales for such decisions throughout our design.
With our prototype, we successfully browsed 19 out of the 20 Alexa-reported, most popular sites that we tested. The performance of the prototype is acceptable, and a significant portion of the overhead comes from IE instrumentation, which can be eliminated in a production implementation.
I wouldn’t get too excited about being able to see an implementation soon – this was done by Microsoft Research (it doesn’t appear as if anyone from the IE team was directly involved – this was mostly an academic pursuit). Regardless, it makes for a very-interesting read with regards to much of the technology that inhabits a web browser (DOM, CSS, etc.) and the security concerns that surround them.