Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:The less functionality the better (Score 2, Interesting) 222

by Jim McCoy (#22894916) Attached to: Is There Room For a Secure Web Browser?
> This approach allows for complex browsers to actually become safer, by simplifying them. The browser is broken up into a set of components. Each component runs in a separate process, completely isolated (by the operating system) from the other components. In addition, each component is isolated from the rest of the system using mandatory access controls (SELinux in this case) which prevent the component from doing anything that it doesn't need to do.
[...]
> This approach is known to work - it's similar to the approach used by operating system kernels.

Unfortunately, this approach is also known to have several big problems. Take a quick spin through google for the "confused deputy" problem and you will see one of the primary complaints of ACL-based security. Capability-security researchers think they have a solution and in fact created a capability-secure browser called CapDesk several years ago. If anyone is actually interested in the problem they should check it out.

Is your job running? You'd better go catch it!

Working...