9 points by iloveappleman a day ago | 4 comments
For example, Microsoft's Gazelle and Illinois Browser OS build their browsers based on a secure kernel, so why no (se)L4 microkernel/hypervisor based browser? I haven't even seen the idea. Besides, there is only old information about secure kernel/OS-based browsers in the first place, and nothing current and up-to-date. Perhaps it has failed?
jacobgorm a day ago | prev | next |
Bromium aka HP Sure Click is based on Xen. I’d argue Xen provides comparable security, along with nice to have features such as multi processor support.
I worked on Bromium, and also coauthored what I believe was the first research paper introducing the idea of a browser OS. See https://homes.cs.washington.edu/~levy/tahoma.pdf
daghamm a day ago | prev | next |
sel4 is more suited for tasks with very limited but also very sensitive functionality. For example, something like a secure element.
Technically, you _can_ add rich OS functionality (such as GUI) on top of sel4 but development will be slow and painful and the performance will be bad. And when done you haven't really improved security that much since most your assets are now outside the tiny kernel.
dwaite a day ago | next |
I thought the IBOS kernel leveraged L4 (Pistachio?)
I believe generally the push has been to better use the isolation feature in existing operating system environments - such as having separate processes for rendering and javascript execution per origin which also have unique sandboxed storage. From a platform vendor as browser vendor perspective, building what amounts to a new operating system running at the hypervisor layer is a huge effort that amounts to them now having one more internal OS to secure.
So I would instead expect this to be more of a research platform task, like perhaps something you would see on Genode.