imchris.org

The Gazelle web browser, which was my summer project in 2008 at MSR, has been getting a lot of press lately and even has a wikipedia page now. It’s interesting to read and see what different writers say and how people have been reacting.

• A less technical article on CNET – Microsoft browser takes radical path
• More technical at OS news – Gazelle: Applying OS concepts to the browser
• From The Guardian – Google Chrome OS: is it copying Microsoft’s Gazelle or is it more like Splashtop?
• Good one from Arstechnica – Inside Gazelle, Microsoft Research’s “browser OS”
• MSR summary and description – When is a browser not a browser?

There’s two official docs from MSR on Gazelle, a tech report and the USENIX Security 2009 publication. The publication is an improved version of the TR, so I’d stick with that. If there are more, let me know (grier@imchris.org). I’ve given a couple talks on Gazelle, one at Stanford for EE 380 that is online somewhere, and anyone can email me for my slides.

The project that I designed and developed at MSR last summer is going to be at USENIX security (and was previously a tech report). It’s available as a PDF here.

Simply put, Gazelle is a browser with an OS architecture that provides greater strength against different types of attacks than other browsers. By adopting OS principles the browser is able to provide isolation for different-origin content, with additional control over display and user generated events. There’s a lot more to it and the full details are described in the paper.

Back to UIUC, we have adapted a couple of the ideas from the Gazelle paper into the OP web browser, such as the isolation of frames and the display security (and delegate-once policy), though it is a much different implementation than Gazelle.

Gazelle has been slashdotted a few times (first and second), and there’s a pretty good Arstechnica article on it.