| By Sam Johnston |
Article Rating: |
|
| September 15, 2008 06:50 AM EDT |
Reads: |
5,895 |
Sam Johnston's Blog
Rather than blathering on to the blogosphere about the superficial features of Google's new Chrome browser I've spent the best part of my day studying the available material and [re]writing a comprehensive Wikipedia article on the subject which I intend for anyone to be free to reuse under a Creative Commons Attribution 3.0 license (at least this version anyway) rather than Wikipedia's usual strong copyleft GNU Free Documentation License (GFDL). This unusual freedom is extended in order to foster learning and critical analysis, particularly in terms of security.
My prognosis is that this is without doubt big news for cloud computing, and as a CISSP watching with disdain at the poor state of web browser security big news for the security community too. Here's why.
Surfing the Internet today is like unprotected sex with strangers; Chrome is the condom of the cloud
The traditional model of a monolithic browser is fundamentally and fatally flawed (particularly with the addition of tabs). Current generation browsers lump together a myriad trusted and untrusted software (yes, many web sites these days are more software than content) running in the same memory address space. Even with the best of intentions this is intolerable as performance problems in one area can cause problems (and even data loss) in others. It's the web equivalent of the bad old days where one rogue process would take down the whole system. Add nefarious characters to the mix and it's like living in a bad neighbourhood with no locks.
Current generation browsers are like jails without cells
Chrome introduces a revolutionary new software architecture, based on components from other open source software, including WebKit and Mozilla, and is aimed at improving stability, speed and security, with a simple and efficient user interface.
The first intelligent thing Chrome does is split each task into a separate process ('sandbox'), thus delegating to the operating system which has been very good at process isolation since we introduced things like pre-emptive multitasking and memory protection. This exacts a fixed per-process resource cost but avoids memory fragmentation issues that plague long-running browsers. Every web site gets its own tab complete with its own process and WebKit rendering engine, which (following the principle of least privilege) runs with very low privileges. If anything goes wrong the process is quietly killed and you get a sad mac style sad tab icon rather than an error reporting dialog for the entire browser.
Chrome enforces a simple computer security model whereby there are two levels of multilevel security (user and sandbox) and the sandbox can only respond to communication requests initiated by the user. Plugins like Flash which often need to run at or above the security level of the browser itself are also sandboxed in their own relatively privileged processes. This simple, elegant combination of compartments and multilevel security is a huge improvement over the status quo, and it promises to further improve as plugins are replaced by standards (eg HTML 5 which promises to displace some plugins by introducing browser-native video) and/or modified to work with restricted permissions. There are also (publicly accessible) blacklists for warning users about phishing and malware and an "Incognito" private browsing mode.
Tabs deplace windows as first class citizens and can migrate between them like an archipelago of islands
The user interface follows the simplification trend, and much of the frame or "browser chrome" (hence the name) can be hidden altogether so as to seamlessly blend web applications (eg Gmail) with the underlying operating system. Popups are confined to their source tab unless explicitly dragged to freedom, the "Omnibox" simplifies (and remembers) browsing habits and searches and the "New Tab Page" replaces the home page with an Opera style speed dial interface along with automatically integrated search boxes (eg Google, Wikipedia). Gears remains as a breeding ground for web standards and the new V8 JavaScript engine promises to improve performance of increasingly demanding web applications with some clever new features (most notably dynamic compilation to native code).
Just add Linux and cloud storage and you've got a full blown Cloud Operating System ("CloudOS")
What is perhaps most intersting though (at least from a cloud computing point of view) is the full-frontal assault on traditional operating system functions like process management (with a task manager that allows users to "see what sites are using the most memory, downloading the most bytes and abusing (their) CPU"). Chrome is effectively a Cloud Operating Environment for any (supported) operating system in the same way that early releases of Windows were GUIs for DOS. All we need to do now is load it on to a (free) operating system like Linux and wire it up to cloud storage (ala Mozilla Weave) for preferences (eg bookmarks, history) and user files (eg uploads, downloads) and we have a full blown Cloud Operating System!
Chrome URLs:
Note: Predicted based on return codes (403 Forbidden vs 404 Not Found), should be live in a few hours.
Subscribe to Open Source Magazine Email News Alerts
Subscribe via RSS
