Check out the new USENIX Web site. next up previous
Next: Browser Log-in Daemon Up: The Browser Architecture Previous: The Threat

Modular Approach

  In our architecture we address the two security problems of Web browsers:

1.
Helper applications running with the user's privileges.
2.
Web pages that carry active content that is interpreted by the browser.

To address these problems we will use the mechanisms provided by the SubOS-capable operating system, as well as a modular Web browser architecture. We divide the Web browser into three parts, according to its functionality. The first part is responsible for down-loading objects over the network, the second is responsible for displaying the content, and the last is a set of helper applications/interpreters used to process the content of the down-loaded objects. The design is presented in Figure [*]


  
Figure: The Web browser is comprised of three parts. The first part is responsible for down-loading objects from the net and assigning sub-user id's to them. The second provides the user interface of the browser. Finally the third is a set of processes that interpret the active code that is carried by the incoming objects.
\begin{figure} \centerline{ \psfig {figure=browser.eps,height=2.0in,width=3.0in} }\medskip \hrule\end{figure}

We decided against using an existing Web browser since that would require significant modification to its architecture. Down-loading and authentication of objects could be easily achieved by using a proxy, however execution of embedded code in HTML web pages would be a lot more challenging, since it would have to execute in a separate address space to maintain its security properties, as we discussed in Section [*].


 
next up previous
Next: Browser Log-in Daemon Up: The Browser Architecture Previous: The Threat
Sotiris Ioannidis
4/28/2001