Researchers Say Gazelle Browser Offers Better Security

A team consisting of Microsoft Research personnel and university staff members has demonstrated a potentially more secure Web browser called Gazelle. A paper (PDF) describing the browser prototype was published at Microsoft Research Thursday.

However this research team, led by Helen J. Wang and others, appears to be doing work that's separate from Microsoft's Internet Explorer 8 team. IE8 and Google Chrome frequently appear in the paper as examples of browsers that get security wrong.

The team claims that the Gazelle browser, which ran on Windows Vista and uses Internet Explorer's Trident renderer, offers greater security by using a browser-based operating system called a "browser kernel." The browser kernel consists of approximately 5,000 lines of C# code and is "resilient to memory attacks," according to the authors. Not even IE8 offers the same protection, they contend.

"No existing browsers, including new architectures like IE 8, Google Chrome, and OP [another experimental browser], have a multi-principal OS construction that gives a browser-based OS, typically called Browser Kernel, the exclusive control to manage the protection and fair-sharing of all system resources among browser principals," the authors write.

The Gazelle browser enables Web sites (or "principals") to communicate with each other, but they do so by passing messages through the browser kernel, just as would be done via interprocess communications. The browser kernel manages security as well as the sharing of system resources.

In contrast to Google Chrome, Gazelle runs a Web page and its embedded principals in separate processes. The authors also claim that Gazelle handles tabbed browsing in a superior way to IE8.

"IE 8 uses OS processes to isolate tabs from one another. This granularity is insufficient since a user may browse multiple mutually distrusting sites in a single tab and a web page may contain an iframe with content from an untrusted site (e.g., ads)," the authors explain.

Gazelle separates same-origin domains, such as ad.datacenter.com and user.datacenter.com, whereas Google Chrome considers them from the same site. The browser kernel even manages address bars and menus in the browser, plus it controls whether or not browser plug-ins can interoperate with the operating system.

The overlay of transparent content, which can trick users into clicking on content from another origin, is thwarted by a policy that makes dynamic content-containing windows opaque.

Gazelle still has leaps and bounds to travel to get beyond its prototype stage. In many instances, Gazelle is slower than IE7 due to greater overhead, although it does start up faster than IE7.

Gazelle also may choke on the browser plug-in issue. The authors explain that "existing plugin software must be adapted (ported or binary-rewritten) to use Browser Kernel system calls to accomplish its tasks."

The authors did test Gazelle successfully on 19 of 20 Alexa-reported popular Web sites, calling the browser's performance "acceptable." Some of the overhead problems caused by "IE instrumentation" can be eliminated, the authors say.

About the Author

Kurt Mackie is online news editor, Enterprise Group, at 1105 Media Inc.

Featured

  • Abstract neural network 3D illustration

    Intel® AI EmpowerED: The AI-Ready Campus, Delivered

    Artificial intelligence is transforming higher education, prompting institutions to rethink how they manage infrastructure, security, governance, and workforce readiness. Successful adoption requires a strategic, institution-wide approach that aligns AI initiatives with educational goals, faculty enablement, and scalable operational frameworks.

  • abstract data flow

    Google Intros New Gemini Enterprise Agent Platform

    Google Cloud has announced a new platform for building and managing enterprise AI agents, as the company seeks to turn its Gemini models and Vertex AI tooling into a broader system for automating business workflows.

  • silhouette of business person facing wall of data

    Why AI Strategy Belongs in the President's Office

    Institutions that are succeeding with AI share one thing in common, and it is not a better committee, a larger budget, or a more sophisticated technology stack. It is a president who never handed off the steering wheel.

  • Man types on laptop in data center

    Point-in-Time Restore Now Generally Available for Windows 11

    Microsoft has made point-in-time restore generally available for Windows 11, giving users and IT administrators a built-in way to roll back PCs after bad updates, driver problems, app corruption, or other issues.