Designing and implementing secure web browsers

Original web browsers were designed to view static content. As web sites evolved into dynamic applications composing content from multiple web sites, browsers have become application platforms responsible for securely running applications that deal with sensitive content.

In this talk, I will discuss the design of two web browsers, OP and Gazelle. OP was designed to prevent, contain and recover from browser based attacks, while Gazelle is a new web browser designed and constructed as a multi-principal operating system. Both browsers were built from the ground up with the goal of providing secure web browsing to end users without modifying the web. The task of constructing secure web browsers has lead to new security and design issues and I'll talk about how browsers are able to deal with these issues and provide strong levels of security. A paper on OP was in last years IEEE Symposium on Security and Privacy and Gazelle will be appearing in USENIX Security later this year.
Chris Grier is an about-to-graduate student at the University of Illinois in the Electrical and Computer Engineering department. He has developed two browsers, OP and Gazelle, as part of his research in web and browser security. Gazelle was developed last summer while at Microsoft Research.