Microsoft eyes ditching browser for secure Web apps
The company is developing Embassies, a more secure client-side architecture using Internet addresses for external communications
By Antone Gonsalves
April 15, 2013 — CSO — Microsoft researchers have developed the prototype of a client-side architecture that would replace the Web browser with a much more secure virtualized environment that isolates Web applications.
Called Embassies, the technology would have applications run in low-level, native-code containers that would use Internet addresses for all external communications with applications. The architecture is based on the notion of a "pico-datacenter," a client-side version of a shared server datacenter.
"Since the datacenter model is designed to be robust to malicious tenants, it is never dangerous for the user to click a link and invite a possibly hostile party onto the client," Microsoft researchers said in a paper presented this month at the USENIX Symposium on Networked System Design and Implementation.
The problem Microsoft is trying to solve is the insecurity of today's browsers, brought on by their complexity. In the 1990s, when browsers were introduced, the software was mostly responsible for formatting Web pages that were text, links and simple graphics.
Today's browsers have many more application programming interfaces (APIs) that are used for far more complicated tasks, such as video, animation and 3D graphics. This high level of complexity has brought a never-ending string of vulnerabilities that hackers can exploit.
"I think [Embassies is] an interesting idea and shows enough promise to be worth additional investigation and investment," Jason Taylor, chief technology officer of Security Innovation, said on Friday. "The premise of strong isolation for each Web application versus isolation for the browser itself is intriguing."
Embassies is Microsoft's attempt to present a simpler alternative than the browser. The architecture would provide a simple execution environment that would use only 30 functions in interacting with the client's execution interface (CEI). Displaying content would essentially be a screencast from the container to the user's screen.
The simplicity of the environment would require developers to do more than they do now in building applications for a browser, which provides lots of libraries through the APIs.With Embassies, developers would be responsible for packaging their own libraries with their applications, a difficult process that in effect would hand security responsibilities to the developer. If malicious code gets in, the container would theoretically prevent it from infecting the computer.
[Also see: Patch Tuesday leaves IE zero-day untouched]
That approach has its skeptics. "The problem with the idea is that developers of web applications are often terrible at security and the idea that you are going to make them the ones responsible for the security instead of the web browser developer just seems like out of the frying pan and into the fire," said Peter Bybee, president and chief executive of Security On-Demand. "I think this is more about wishful thinking and less on realistic change."
Wolfgang Kandek, chief technology officer of Qualys, said the added responsibilities would likely overwhelm most developers, but he believed that the process of packaging libraries could eventually be automated within development tools.
"It is an architecture that will require lots of changes on the client side and on the developer side, which is probably why this is not something that will happen overnight," Kandek said.
Indeed, the authors of the paper, Microsoft researchers Jon Howell, Bryan Parno and John R. Douceur, acknowledged that Embassies would require dramatic changes in application development and adoption of the architecture would take years.
While Microsoft described the architecture as a browser replacement, the company also believed it could become a more secure alternative to desktop operating system apps. Shlomo Kramer, president and chief executive of Imperva, said Embassies was "promising in theory," but believed it would not scale to that level.
"The main reason is that it makes collaboration, workflows, sharing of data and transacting across virtual machines very cumbersome," Kramer said.
Matthew Neely, director of research at SecureState, said rather than replace today's browsers, security could be dramatically improved just by developers treating it as an integral part of the development process.
"A lot of people like to focus on new technology to fix something when really if you just apply the basics to what we have already, you can usually get more impact," Neely said.
Read more about application security in CSOonline's Application Security section.