An article by the Chrome Security lead giving a good summary of these different approaches to web browser security.
Posted here as food for thought for SAFE Browser, and anyone and SAFEnetwork sorry to other browsers.
Spot on. Chrome, with its isolation based security, has a more robust approach by default. From personal experience: it’s easier to build a barricade around my laptop than to guard my nephew continuously.
Interestingly, the seccomp thing he mentions is conceptually related to capability based access control which, for example, is used by all the microkernels that Genode can run on top of. From the seccomp wikipedia article:
[…] seccomp allows a process to make a one-way transition into a “secure” state where it cannot make any system calls except
exit(),sigreturn(),read()andwrite()to already-open file descriptors.
An “already-open file descriptor” is pretty much equivalent to a capability: an opaque reference to a resource, and the rights we have for them.
4 Likes
Excellent analogy, and it also consumes less energy.
1 Like