Case Study: Xml External Entities
Comparing Browser Architectures and Security Measures
Keywords:
Chromium's architecture, neural network browsers, monolithic architecture, rendering engine, browser kernel, operating system protection domain, unpatched vulnerability, attacker privileges, protected mode, low integrity process, virtual machine, isolation, user's file system, confidential documentsAbstract
We compareChromium's architecture to the architectures of other neural networkbrowsers. Monolithic traditionally,browsers are implemented with a monolithic architecture that combines therendering engine and the browser kernel into a single process image. Forexample, Internet Explorer 7, Firefox 3, and Safari 3.1 each execute in asingle operating system protection domain. If an attacker can exploit anunpatched vulnerability in one of these browsers, the attacker can gain all theprivileges of the entire browser. In typical con_gurations of Firefox 3 andSafari 3.1, these privileges include the full privileges of the current user.Internet Explorer 7 on Windows Vista can run in aprotected mode" [23],which runs the browser as a low integrity process. Running in protected mode,the browser is restricted from writing to the user's _le system, but anattacker exploits a vulnerability can still read the user's file system andex-filtrate confidential documents. The VMware browser appliance [26] hostsFirefox inside a virtual machine with limited rights. The virtual machineprovides a layer of isolation that helps prevent an attacker who exploits avulnerability in the browser from reading or writing the user's _le system.Downloads
Download data is not yet available.
Published
2012-02-01
Issue
Section
Articles
