Newsletters Welcome, Guest Log In | Register
Blogs:

Kachina Shaw

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

0

Gazelle Closer to Shutting Down Browser Security Weaknesses

Posted by Kachina Shaw Aug 13, 2009 2:47:15 PM

Researchers at Microsoft are set to send out more information this week on their work developing a browser/OS combo, the components of which are named Gazelle and ServiceOS. Head researcher Helen Wang says her team is putting together ideas about the next evolution of the PC and the software folks use on it, with a particular focus on improving security. After the PC, the team expects, the same principles that ground this work will transfer to smartphones, netbooks and other portable devices, as well. Wang is scheduled to present two papers at the USENIX Security Symposium, according to IEEE Spectrum.

 

Because vulnerabilities in Web apps can cause problems not only by traveling to other Web apps, but to the operating system as well, Wang says the strategy should be to protect Web apps from each other. This contrasts with the basically failed strategy of protecting users from one another. So, the ServiceOS will sit between the apps and the OS, and manage security polices and resource allocations. Then the Gazelle browser will implement the policies, application by application.

 

One area that requires significant further research, says Wang, is compatibility with sites that run as plug-ins within a browser, such as YouTube. They simply won't work with the prototype at this point.

 

And if you're interested in more on approaches to the immediate danger from vulnerable Web apps, read Alex Meisel's article, "Safety in the Cloud: 'Vaporizing the Web Application Firewall to Secure Cloud Computing." The Art of Defence CTO writes that the current challenge is dealing with the fact that "... 'as a Service' applications are developed two ways today: by moving on-premise applications to a cloud, and by developing and operating applications directly in a cloud."

 

Those applications transferred to the cloud as-is "carry the risk of exposing protected software to Web threats it was not designed to combat." And when developed specifically for the cloud, applications become extremely complex, which is a vulnerability itself, says Meisel. He details the distributed Web application firewall concept as the best defense.

More from our Network

Google Gives Operating System to Open Source Masses  CTO Edge

Add a comment Leave a comment on this blog post.

There are no comments on this post

Related Content

Browse

Topic: Operating Systems

The platform on which all other software runs in a key choice for your infrastructure

Blog: Psystar Appeals Injunction in Apple Infringement Case

Article: Software Appliances – Mass Customized Applications for Physical, Virtual and Cloud Environments

News: Microsoft Helps Discover Flaw in Google Plug-In for IE

Related Topics

Firewall, Microsoft, Productivity Software, Research and Development, Web Applications

Featured White Papers

Browse

De-Risking Data Migration: The Case for Data Quality Technology

This white paper provides practical advice that will help the reader understand the pivotal role data quality technology must play in a data migration, including clear evidence for the need to — and the benefits of — adopting the right data quality approach in data migration projects.

Web Security SaaS: The Next Generation of Web Security

This white paper describes the next generation of Web security and identifies the critical elements that make for lower-cost and easier-to-manage Web security solutions.

Resource Centers

Browse

Applications for Mid-size Businesses

Applications that mid-sized businesses can use to improve operational efficiency, accelerate growth, and maintain profitability.

Featured Whitepapers

Leveling the Field: Powerful Software Solutions for Midsize Companies

Data Center Management

Indispensable technologies and best practices to maintain your organization's most valuable asset.

Featured Whitepapers

Management Strategy for Network-Critical Physical Infrastructure

Service Oriented Architecture (SOA)

Service-Oriented Architecture is the catalyst that allows today’s companies to respond to business demands faster and more effectively than ever.

Featured Whitepapers

SOA Strategy: A Comprehensive Yet Flexible Suite for a Pervasive Architecture

Business Intelligence

Best-practice tools, strategies and technologies for determining and managing the data you need to make better business decisions.

Featured Whitepapers

Why Midsize Companies Need Business Intelligence Solutions in this Uncertain Global Economy

Premium Tools

Browse

Windows 7 Upgrade Project Kit

Moving to Windows 7? The Windows 7 Upgrade Project Kit is the ideal support tool for managing all phases of an organizational upgrade to Windows 7. The tools and templates in this kit will help you develop a strategy and map out the implementation tactics which link your Windows 7 deployment to your company's bottom line.

Learn more >

Optimizing Your IT Infrastructure

Download 58 Microsoft Office tools and templates to help you focus your optimization efforts, improve performance, and secure future funding for critical IT products.

Learn more >