Gazelle: Applying Operating System Concepts to the Browser

Web browsers have become ever more important for our computers. Instead of the browser displaying static HTML pages, they now handle complex web applications, ranging from social networking to text editors to online banking, and everything in between. While some browsers have finally started treating the browser more like an operating system (Chrome and Internet Explorer 8), those are just baby steps. The real thing is coming with Microsoft’s Gazelle, a research project which applies operating system concepts to the browser.

We’ve talked about Gazelle before on OSAlert, but the past few weeks, this Microsoft Research project made its way around the web again because the Systems and Networking group, those working on Gazelle, will be presenting a paper about Gazelle at the Usenix Security Symposium. As such, let’s take a look at what Gazelle is tying to achieve, and how.

A core concept that you need to understand in order to grasp Gazelle is the principal. Most websites today offer content from different web principals at the same time, on one page. For instance, a page for a YouTube video draws content from YouTube itself, but also from various subdomains, such as the video content, advertisements, and so on. All these different principals live within the same process and protected domains, and this could potentially be dangerous. What if a browser manages such principals and the resources they demand like an operating system?

What you’d end up with is a browser where a piece of bad code drawn from an ad domain can no longer hog or even crash the page – or worse, the entire browser or operating system. “In the Gazelle model, the browser-based OS, typically called the browser kernel, protects principals from one another and from the host machine by exclusively managing access to computer resources, enforcing policies, handling interprincipal communications, and providing consistent, systematic access to computing devices.” This is basically Chrome’s and IE8’s process-per-tab model taken to the extreme, with additional functionality.

Basically, Gazelle has a browser kernel that sits on top of the operating system. This browser kernel manages the principals, treating them like entities that are dangerous to one another; each principal gets its own sandboxed operating system process. So if an ad box has bad code in it, it won’t affect the rest of the page. Plugins are managed as principals, so they get the same benefits. This is a massive stride forward compared to current web browsers.

It is important to note that the team behind Gazelle wasn’t happy with the media presenting Gazelle as a product prototype; instead, they state it is “strictly research”, just another milestone in an ongoing effort. It follows from a Microsoft Research project from 2007, called MashupOS, which first explored the ideas behind the multi-principal OS. “The work in MashupOS was about identifying and designing the multi-principal OS abstractions that a browser should expose to programs, while Gazelle is all about constructing the browser as a multi-principal OS: How should a browser-based OS provide protection and resource management to its applications?” says Helen J. Wang, senior researcher at the Systems and Networking group.

Research project or no, Gazelle can correctly render 19 of Alexa’s top 20 web sites, but it uses Internet Explorer rendering technology to get there. As a research project, it’s also quite slow. Still, Wang believes this is the way to go. “I think this is the right way to go and I think this can be practical,” Wang said, “It will also take a lot of work.”

I’m personally very interested in Gazelle and what it could mean for the world of web browsing. Even though there is no information whatsoever on the future prospects of Gazelle as a product, if Microsoft were to turn this into a product as the successor to Internet Explorer, they’d turn the browser world upside down. It would put Microsoft at the very, very, very top of browser innovation.

That would be weird.

11 Comments

  1. 2009-07-07 11:32 pm
    • 2009-07-08 12:36 am
      • 2009-07-08 6:11 am
        • 2009-07-08 10:12 am
  2. 2009-07-08 12:32 am
    • 2009-07-08 3:12 am
    • 2009-07-08 9:42 pm
  3. 2009-07-08 4:57 am
    • 2009-07-08 9:47 pm
    • 2009-07-12 10:49 pm
  4. 2009-07-08 9:48 pm