Newsletters Welcome, Guest Log In | Register
Blogs:

Kachina Shaw

Microsoft News and Notes

Observations about Microsoft, the world’s largest software vendor

About this Blogger RSS

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

0

Gazelle Closer to Shutting Down Browser Security Weaknesses

Posted by Kachina Shaw Aug 13, 2009 2:47:15 PM

Researchers at Microsoft are set to send out more information this week on their work developing a browser/OS combo, the components of which are named Gazelle and ServiceOS. Head researcher Helen Wang says her team is putting together ideas about the next evolution of the PC and the software folks use on it, with a particular focus on improving security. After the PC, the team expects, the same principles that ground this work will transfer to smartphones, netbooks and other portable devices, as well. Wang is scheduled to present two papers at the USENIX Security Symposium, according to IEEE Spectrum.

 

Because vulnerabilities in Web apps can cause problems not only by traveling to other Web apps, but to the operating system as well, Wang says the strategy should be to protect Web apps from each other. This contrasts with the basically failed strategy of protecting users from one another. So, the ServiceOS will sit between the apps and the OS, and manage security polices and resource allocations. Then the Gazelle browser will implement the policies, application by application.

 

One area that requires significant further research, says Wang, is compatibility with sites that run as plug-ins within a browser, such as YouTube. They simply won't work with the prototype at this point.

 

And if you're interested in more on approaches to the immediate danger from vulnerable Web apps, read Alex Meisel's article, "Safety in the Cloud: 'Vaporizing the Web Application Firewall to Secure Cloud Computing." The Art of Defence CTO writes that the current challenge is dealing with the fact that "... 'as a Service' applications are developed two ways today: by moving on-premise applications to a cloud, and by developing and operating applications directly in a cloud."

 

Those applications transferred to the cloud as-is "carry the risk of exposing protected software to Web threats it was not designed to combat." And when developed specifically for the cloud, applications become extremely complex, which is a vulnerability itself, says Meisel. He details the distributed Web application firewall concept as the best defense.

Related Content

Add a comment Leave a comment on this blog post.

There are no comments on this post

Related Content

Browse

Topic: Operating Systems

The platform on which all other software runs in a key choice for your infrastructure

Blog: Psystar Loses Gamble Against Apple

Article: Better Integration Next on Agenda for G.ho.st

News: Chrome OS 101

Related Topics

Firewall, Microsoft, Productivity Software, Research and Development, Web Applications

Featured White Papers

Browse

Lowering Your IT Costs with Oracle Database 11g Release 2

This white paper identifies the key capabilities a database management solution needs to successfully deliver more information with higher quality of service, make more efficient use of IT budgets, and reduce the risk of change in data centers.

Software Forum: Information On Demand Virtual Experience

This interactive virtual forum presents leading IT experts providing the insights you need to turn your information into a strategic driver for innovation, business optimization and competitive differentiation.

Resource Centers

Browse

Power Supply Solutions

Comprehensive power protection solutions.

Service Oriented Architecture (SOA)

Service-Oriented Architecture is the catalyst that allows today’s companies to respond to business demands faster and more effectively than ever.

Featured Whitepapers

SOA Strategy: A Comprehensive Yet Flexible Suite for a Pervasive Architecture

Security SaaS Solutions

Hosted security solutions that not only protect your data, but reduce your security management TCO, as well.

Featured Whitepapers

Why Security SaaS Makes Sense Today

Optimized Infrastructure

Hardware and software tools to create an enterprise infrastructure for data and business optimization.

Featured Whitepapers

Creating a Dynamic Infrastructure Through Virtualization

Premium Tools

Browse

Windows 7 Upgrade Project Kit

Moving to Windows 7? The Windows 7 Upgrade Project Kit is the ideal support tool for managing all phases of an organizational upgrade to Windows 7. The tools and templates in this kit will help you develop a strategy and map out the implementation tactics which link your Windows 7 deployment to your company's bottom line.

Learn more >

Optimizing Your IT Infrastructure

Download 58 Microsoft Office tools and templates to help you focus your optimization efforts, improve performance, and secure future funding for critical IT products.

Learn more >