On the Design of a Web Browser: Lessons learned from Operating Systems Kapil Singh Wenke Lee College of Computing, Georgia Institute of Technology, Atlanta, USA E-mail: {ksingh, wenke}@cc.gatech.edu Abstract The advent of “Web 2.0” applications has changed the requirements for a web browser: it has evolved from being an application for rendering static web pages to a host of a variety of applications, where each web page represents a distinct application, such as a news feed, an email client or a video application. This new role has led to the emergence of new security holes in the web browser. While research has focused on fixing these vulnerabilities by augmenting solutions to the current browsers, limited work has been done in designing a browser from scratch considering the current and future role of the browser. The web browser is quickly evolving as a mini-OS running a huge variety of application code. Going by this thinking, we analyze the functional similarities be- tween an operating system and a web browser and pro- pose a new browser design based on a typical μ-kernel based OS. Our design is flexible and allows finer cus- tomization of the browser. The simplicity of the design shows promise in solving most of the security issues prevalent in the current generation of browsers; the fea- sibility of the design in terms of performance and ac- ceptability is being studied along with the browser im- plementation. 1 Introduction The web browser has become the centerfold applica- tion to the Internet. It has evolved from being an applica- tion for rendering static web pages to a host of a variety of applications, where each web page represents a dis- tinct application, such as a news feed, an email client or a video application. The concept of mashups has taken this requirement to the next level with these different ap- plications being aggregated into a single web page. The growing requirements for a web browser has lead to code additions, without much change in its base de- sign. The latest release of Firefox contains over 3.7 million lines of code [11]. The growing size of the browser code and the reluctance to change the design of the browser has left the browser open to a number of exploits. According to a recent report [12], Symantec documented 93 vulnerabilities in Internet Explorer, 74 in Mozilla browsers, 29 in Safari, and 11 in Opera. In addition to these browser vulnerabilities, Symantec also documented 301 bugs in browser plug-ins over the same period of time. The monolithic model for the web browser provides little security and isolation to the distinct web applica- tions. Once a part of the browser is exploited, it results in the total compromise of the applications and plug-ins running in the browser. In addition, crash of one compo- nent of the browser results in crashing of the complete browser. Research has tried to fix the security problems related to the web browsers as they evolve. The most commonly used security policy for web browsers – the same origin policy – is found to be too restrictive for Web 2.0 ap- plications. As a result, the application authors have de- veloped ad-hoc solutions to work around the same ori- gin policy, leaving the applications vulnerable to attacks. Other solutions have focused on fixing specific issues with the browser such as browser cache [7], plug-ins [11]; or to improve on the same origin policy [8]. With the ever increasing demand and development of new web applications, technologies such as AJAX and mashups have become more prominent in the new Web 2.0 revolution. The web browser is running more code now and has effectively evolved from a standalone application to a mini operating system (mini-OS) run- ning a variety of web applications. Some efforts have been made to design next generation of browsers: while Tahoma [3] uses Virtual Machine Monitors (VMMs) to provide isolation to web applications, OP web browser [6] provides isolation by running each web application as a different process. MashupOS [13] provides new ab- stractions to enable secure communication among mul- tiple principles in current browsers. The paper analyzes requirements of an operating sys- tem (OS) design from the prospect of designing a new web browser. We study the characteristics of an μ-kernel based OS to determine how they can be perceived in a web browser, and propose a new browser design that attempts to overcome the shortcomings of current web browsers. Our design is flexible to include customized policies and provides mediation between several distinct