Trustworthy Systems

Native OKL4 web browser

Authors

Josh Matthews

    School of Computer Science and Engineering
    UNSW,
    Sydney 2052, Australia

Abstract

The rapid growth of both the mobile and cloud computing industries heralds a trend towards the convergence of embedded and web technologies. While the client-side of today's mobile ecosystem is dominated by rich operating systems and relatively heavyweight application stacks, this trend raises the possibility of utilizing only web technologies on the client. Palm's WebOS and Google's Chrome OS are proof of the viability of such an approach.

However, this approach has major security implications; the web is inherently a hostile environment. Recent advances in secure browser architectures have relied on operating system fundamentals and mechanisms, such as the separation of each web application into its own process and the creation of centralized "browser kernels". Such techniques, in practice, still depend on an underlying rich OS for their implementation, with the resultant impact on security posture: the architecture is only as secure as the OS.

An alternative approach is to implement the browser architecture on a microkernel, which has the potential to provide two advantages: the minimization of the trusted computing base (TCB), and the ability to strongly isolate components of the browser architecture by utilizing underlying security primitives (such as capabilities) in the implementation.

This thesis provides the fundamental basis for the investigation of this concept. We port the WebKit browser architecture to OKL4 4.0, a third-generation microkernel that provides a capability-based security architecture, strong isolation between subsystems, and a minimal footprint. We prove the viability of the approach by displaying basic web pages on the implementation, using the Beagle Board development platform.

BibTeX Entry

  @mastersthesis{Matthews:be,
    address          = {Sydney, Australia},
    author           = {Josh Matthews},
    month            = jun,
    paperUrl         = {https://trustworthy.systems/publications/theses_public/10/Matthews%3Abe.pdf},
    school           = {School of Computer Science and Engineering},
    title            = {Native {OKL4} Web Browser},
    year             = {2010}
  }

Download