Embassies: Refactoring the Web
The Embassies monitors (CEI) and application-porting framework for POSIX applications.

Web browsers ostensibly provide strong isolation for the client-side components of web applications. Unfortunately, this isolation is weak in practice; as browsers add increasingly rich APIs to please developers, these complex interfaces bloat the trusted computing base and erode cross-app isolation boundaries.

We reenvision the web interface based on the notion of a pico-datacenter, the client-side version of a shared server datacenter. Mutually untrusting vendors run their code on the user's computer in low-level native code containers that communicate with the outside world only via IP. Just as in the cloud datacenter, the simple semantics makes isolation tractable, yet native code gives vendors the freedom to run any software stack. Since the datacenter model is designed to be robust to malicious tenants, it is never dangerous for the user to click a link and invite a possibly-hostile party onto the client.

Related publications are available here: http://research.microsoft.com/embassies/

At https://goo.gl/RGz7Az you'll find a prepackaged virt-manager virtual machine image with Embassies and the Abiword app prebuilt, so you can see everything working before you slog through the make (or if you want to compare your broken build to a reference build).

Last edited Dec 1, 2015 at 10:50 PM by howell, version 8