[LINK] Firefox Security

[Glen Turner]

Roger Clarke wrote:
> 
> > ... separate the memory space of different sites ...
> 
> This is presented by Mozilla as a new idea.

Hi Roger

The idea is pretty obvious. But it's also plain that an implementation
within a web browser -- with its single user interface -- is difficult
once the design moves beyond handwaving.

The situation isn't helped by operating systems, which outside the
concept of a process, don't provide isolation features strong enough to
defeat CPU covert channels.  There's currently no OS facility which
assists the situation web browsers and many application servers find
themselves: wanting isolation between users without the difficulty and
cost of inter-process communication.

Firefox have bit the bullet and gone to the trouble to using processes.
Good on them. There's some industry criticism of the memory overhead of
this, but my view is that's a criticism of the operating system more
than of Firefox.

Applications which want to avoid process-per-user have to be coded with
deep knowledge of CPU covert channels, and compiled with a compiler
with similar knowledge. As that knowledge changes with both research
and with CPU hardware then the application and compiler has to be
updated. The situation is currently unsatisfactory if you want to
isolate users with low overhead.

Cheers, glen