Web browser operating system
First Claim
1. A method for securely managing Web applications on a computing device that is coupled in communication with a network, comprising the steps of:
- (a) providing a browser operating system to service communications with remote Web sites over the network, the browser operating system being employed for controlling operation of the computing device at least in regard to communication over the network, wherein the browser operating system manages each of one or more browser instances executing on the computing device and mediates all network interactions between each browser instance and remote Web sites;
(b) enabling a user to selectively initiate implementation of one or more Web applications while communicating with one or more remote Web sites from within the browser operating system, and as each instance of a Web application is implemented by the user during communication with a remote Web site, spawning a virtual machine with the browser operating system only for that instance of the Web application, wherein each virtual machine that is spawned has its own browser instance and separate set of virtual resources, and wherein the browser operating system routes input events to a browser instance in an appropriate one of the virtual machines; and
(c) substantially precluding direct communication between the virtual machines that have been spawned, between the Web applications, and between each Web application and the main operating system, and precluding sharing of the resources between the virtual machines, so that Web applications are protected from each other and so that the main operating system is protected from the Web applications and from security threats on the network.
6 Assignments
0 Petitions
Accused Products
Abstract
A Web browsing system using a browser operating system (BOS), which provides a trusted software layer on which Web browsers execute. The BOS runs the client-side component of each Web application (e.g., on-line banking, and Web mail) in its own virtual machine, which provides strong isolation between Web services and the user'"'"'s local resources. Web publishers can thus limit the scope of their Web applications by specifying the URLs and other resources that their browsers are allowed to access, which limits the harm that can be caused by a compromised browser. Web applications are treated as first-class objects that users explicitly install and manage, giving them explicit knowledge about and control over downloaded content and code. An initial embodiment implemented using Linux and the Xen virtual machine monitor has been shown to prevent or contain about 87% of the vulnerabilities that have been identified in a conventional web browser environment.
88 Citations
27 Claims
-
1. A method for securely managing Web applications on a computing device that is coupled in communication with a network, comprising the steps of:
-
(a) providing a browser operating system to service communications with remote Web sites over the network, the browser operating system being employed for controlling operation of the computing device at least in regard to communication over the network, wherein the browser operating system manages each of one or more browser instances executing on the computing device and mediates all network interactions between each browser instance and remote Web sites; (b) enabling a user to selectively initiate implementation of one or more Web applications while communicating with one or more remote Web sites from within the browser operating system, and as each instance of a Web application is implemented by the user during communication with a remote Web site, spawning a virtual machine with the browser operating system only for that instance of the Web application, wherein each virtual machine that is spawned has its own browser instance and separate set of virtual resources, and wherein the browser operating system routes input events to a browser instance in an appropriate one of the virtual machines; and (c) substantially precluding direct communication between the virtual machines that have been spawned, between the Web applications, and between each Web application and the main operating system, and precluding sharing of the resources between the virtual machines, so that Web applications are protected from each other and so that the main operating system is protected from the Web applications and from security threats on the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system coupled in communication over a network, for securely managing Web applications that are executed with the system, comprising:
-
(a) a network interface for communicating with remote Web sites over a network; (b) a user input device; (c) a memory that stores data and machine instructions; and (d) a processor that is connected to the network interface, the user input device, and the memory, the processor executing the machine instructions to carry out a plurality of functions, including; (i) providing a browser operating system to service communications with the remote Web sites over the network, wherein the browser operating system manages each of one or more browser instances executing on the system and mediates all network interactions between each browser instance and the remote Web sites; (ii) enabling a user to selectively initiate implementation of one or more Web applications while communicating with one or more remote Web sites from within the browser operating system, and as each instance of a Web application is implemented by the user during communication with a remote Web site, spawning a virtual machine with the browser operating system, for use only by that instance of the Web application, wherein each virtual machine that is spawned has its own browser instance and separate set of virtual resources, wherein the browser operating system enables users to manipulate virtual screens of each browser instance; and (iii) substantially precluding direct communication between the virtual machines that have been spawned, between the Web applications, and between each Web application and the main operating system, and precluding sharing of the resources between the virtual machines, so that Web applications are protected from each other and so that the main operating system is protected from the Web applications and from security threats on the network. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for isolating each of a plurality of Web applications within a “
- sandbox,”
to avoid direct interaction between the Web applications executing on a computing device on which the Web applications are being executed and which is coupled in communication with a network, comprising the steps of;(a) executing a browser operating system that runs as an interface between the Web applications, and between each Web application and the main operating system, wherein the browser operating system manages each of one or more browser instances executing on the computing device and mediates all network interactions between each browser instance and the remote Web sites; (b) enabling a user to selectively initiate implementation of one or more Web applications while communicating with one or more remote Web sites from within the browser operating system; (c) using the browser operating system, creating a virtual machine for use by a Web application as the Web application is being initiated by the user, the Web application executing within the virtual machine and being provided with resources that are separate from resources provided to other Web applications, each virtual machine that is spawned having its own browser instance and separate set of virtual resources, wherein the browser operating system routes input events to a browser instance in an appropriate one of the virtual machines; and (d) enabling communication over the network by each Web application only through the browser operating system, so that each Web application is generally isolated in a “
sandbox”
comprising the virtual machine in which it is executed, to protect against security threats made using one of the Web applications and directed toward the other Web applications. - View Dependent Claims (25, 26, 27)
- sandbox,”
Specification