App Isolation: Get the Security of Multiple Browsers with Just One
Venue
18th ACM Conference on Computer and Communications Security, ACM (2011)
Publication Year
2011
Authors
Eric Y. Chen, Jason Bau, Charles Reis, Adam Barth, Collin Jackson
BibTeX
Abstract
Many browser-based attacks can be prevented by using separate browsers for separate
web sites. However, most users access the web with only one browser. We explain the
security benefits that using multiple browsers provides in terms of two concepts:
entry-point restriction and state isolation. We combine these concepts into a
general app isolation mechanism that can provide the same security benefits in a
single browser. While not appropriate for all types of web sites, many sites with
high-value user data can opt in to app isolation to gain defenses against a wide
variety of browser-based attacks. We implement app isolation in the Chromium
browser and verify its security properties using finite-state model checking. We
also measure the performance overhead of app isolation and conduct a large-scale
study to evaluate its adoption complexity for various types of sites, demonstrating
how the app isolation mechanisms are suitable for protecting a number of high-value
Web applications, such as online banking.
