Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is There Room For a Secure Web Browser?

Posted by Soulskill on from the you-can-have-ie's-spot dept.

An anonymous reader points out an eWeek story about researchers from the University of Illinois at Urbana-Champaign who are designing a new web browser based on security. The new software, code-named OP for Opus Palladianum, will separate various components of the browser into subsystems which are monitored and managed by the browser kernel. Quoting: "'We believe Web browsers are the most important network-facing application, but the current browsers are fundamentally flawed from security perspective,' King said in an interview with eWEEK. 'If you look at how the Web was originally designed, it was an application with static Web pages as data. Now, it has become a platform for hosting all kinds of important data and businesses, but unfortunately, [existing] browsers haven't evolved to deal with this change and that's why we have a big malware problem.' The idea behind the OP security browser is to partition the browser into smaller subsystems and make all communication between subsystems simple and explicit."

24 of 222 comments (clear)

  1. Yes, you can download one already... by Anonymous Coward · · Score: 1, Funny

    http://www.microsoft.com/windows/products/winfamily/ie/default.mspx

  2. In other news... by ruinevil · · Score: 4, Funny

    ...emacs is getting a browser. Still no word on the implementation of a usable editor.

    1. Re:In other news... by Constantine+XVI · · Score: 2, Funny

      Everyone always seems to forget viper-mode

      --
      "I think an etch-a-sketch with an ethernet port would beat IE7 in web standards compliance."
  3. Re:Somewhat pointless? by al0ha · · Score: 2, Funny

    "The internet's main problem is between the monitor and keyboard " I definitely have to agree with this statement. However I am a little less pessimistic about wide-spread acceptance of a truly secure browser. As an Information Security professional, I definitely welcome the idea and think they are on the right track. Separation of duties and data validation in and out. Once completed, you could count me as being on board in trumpeting its use. Now if we could only do something about the Internet's main problem. ;-)

    --
    Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
  4. I've got a secure web browser by dudeman2 · · Score: 3, Funny

    Lynx.

  5. Don't overlook the potential for abuse. by inTheLoo · · Score: 2, Funny

    Just think of what Microsoft would like to do with UAC for your browser. "This website is not Microsoft signed, Cancel or Allow?"

    --
    No calls now, I'm ...
  6. Such a great idea by rudy_wayne · · Score: 3, Funny

    Divide your software into subsystems managed by a kernel. That's certainly guaranteed to make things more secure -- just look how well it worked for Windows.

  7. What I want to know is... by jemenake · · Score: 4, Funny

    What the hell makes these UIUC people think that they know how to make a browser? You'd think they'd leave this kind of thing to people who've done it before. Sheesh! :)

    1. Re:What I want to know is... by rthille · · Score: 2, Funny

      Next thing you know, CERN will want to produce one!

      --
      Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
  8. The super-duper-secure safe OS by sweet_petunias_full_ · · Score: 4, Funny

    OK, if you really want a truly secure safe OS (and by extension, to a browser mapped to the same address space), this is what you need in your OS:

    Not one microkernel, for extra safety you need redundant nanokernels, with a microkernel over those, then the user kernel. To prevent buffer overruns, all messages passed between these are sent as emails, with spamassassin checking lest any of them get any ideas about sending spams.

    OK, next you need lots of verification. Every time you write to disk there should be a second process to verify that what was written is correct. Then you need a process to check that the verifier process is checking things correctly. If memory doesn't run out while doing this, a body of processes should vote democratically as to whether the whole thing finished correctly. In case of collusion between the processes, some of them will be strictly dice rolls.

    The least trusted part of the computer is the user, otherwise known as the "owner" of said computer. Thus, that person should not be allowed to do anything because that is a sure way to introduce problems. Harass that person with questions and popups at every opportunity. That will make sure they go out and read a book and not get in the way of the important things that the operating system is trying to do.

    To prevent hardware from crashing any of the kernels, they must be separated by a special interface layer that works a lot like a chat room (IRC). What this means is that devices that speak the protocol correctly can connect and be listened to by the kernel(s). Those that misbehave or that use foul language are kicked off by the watchdog process. The watchdog process is watched by a bulldog process. Sometimes the bulldog just barks, other times the two are wrestling it out on the ground while the rest of the system waits for them to sort out their differences. Alas, such is the price of progress.

    To further prevent buffer overruns, a new character encoding is introduced where a previously one-byte code now needs ten bytes to encode it. This means that buffers have to be ten times bigger and thus there is a lot more space before an overrun occurs.

    Let me know if you can think of any more features to add to this future super-OS.

    --
    You can't send a takedown notice to an already printed newspaper.
    1. Re:The super-duper-secure safe OS by Zebra_X · · Score: 3, Funny

      With all those kernels lying around all you are going to get out that design is *popcorn*

  9. Re:Somewhat pointless? by RuBLed · · Score: 4, Funny

    I predict no. The internet's main problem is between the monitor and keyboard ;-)
    The internet's main problem is a cup of coffee?
  10. Re:Somewhat pointless? by Corwn+of+Amber · · Score: 4, Funny

    An other web browser that no one willl use, for the reasons you mention.

    Like it's that hard to securely receive and render webpages. It's a trivial task. Anyone who says the contrary should get a reality check. It's very possible to program without bugs. That's what correctness tests are for. An if your tolkit sucks so much it has security holes, code your own lib from scratch.

    --
    Making laws based on opinions that stem up from false informations leads to witch hunts.
  11. Man, if only Samuel L Jackson were here... by Anonymous Coward · · Score: 3, Funny

    He'd know what to say...

    Whiny-bitch-free version of the motherfucking link provided by parent.

    or

    Really fucking easy, which is why we don't need a karma whoring bitch such as yourself providing the motherfucking thing.

    or

    About as easy as shutting your editorializing bitchass mouth motherfucker.

  12. Re:Yeah, right. by calebt3 · · Score: 2, Funny

    Then they would blame 3rd party attackers.

  13. Re:Somewhat pointless? by Dahamma · · Score: 4, Funny

    or Opera back in the IE 5/6 heydays.

    Or Opera in the IE 7/8 heydays, for that matter...

  14. Re:Somewhat pointless? by ModernGeek · · Score: 2, Funny

    What is between the monitor and keyboard that causes issues with the internet?

    --
    Sig: I stole this sig.
  15. Re:Somewhat pointless? by Echelon+One · · Score: 2, Funny

    The internet's main problem is between the monitor and keyboard So, what, the speakers? The empty bottle of Gatorade that's been sitting on my desk for a week? I think you meant PEBKAC ;)
  16. Re:Firefox = Money for kid that can't program by junner518 · · Score: 2, Funny

    Oprah is definitely better than all other web browsers :p. Good talk show too...

  17. Re:Somewhat pointless? by lymond01 · · Score: 4, Funny

    What we need is less bloated browsers, those that don't use up 100+ MB of RAM

    Ask not what else your 100 MB of RAM could have done for you, but what you could do with your other 1900 MB of RAM.

    Like government, browsers could me more efficient with their resources. But think of your computer as a country in renaissance -- instead of worrying why you paid $100 for that hammer, question instead what the hammer may allow you to do whatever its cost.

    (I'm only half-joking because I'm a satirist, not a realist...then I'd be half-serious.)

  18. Re:We do not have a malware problem. by willyhill · · Score: 2, Funny
    All he needs now is to invite the other two sockpuppets and they can have a party.

    Never mind

    --
    The twitter monologues. Click on my homepage and be amazed.
  19. Re:Government model by jhol13 · · Score: 2, Funny

    Free market!

    Let all the processes be fully independent, evolving and with absolutely no regulations whatsoever. Give them 100 bucvk (virtual money). They will, according to economists, evolve into free market practically immediately. After that the free market will solve every problem in the most efficient way possible. Security will therefore be better than is possible with any other method.

  20. Re:Somewhat pointless? by amRadioHed · · Score: 2, Funny

    Ahh yes, bluetooth and Wi-Fi. The answer to all our security problems :)

    --
    We hope your rules and wisdom choke you / Now we are one in everlasting peace
  21. Re:anchient debate by nitehawk214 · · Score: 2, Funny

    >It's all about the micro-browser now. Just you watch. The Hirp of Internet Replacing Plugins (HIRP) browser will be what drives all of our web needs in the next 2-5 years/decades. You'll see.

    I HURD that this project got delayed.

    --
    I'm a good cook. I'm a fantastic eater. - Steven Brust