App Isolation: Get the Security of Multiple Browsers with Just One
Abstract
Many browser-based attacks can be prevented by using separate browsers for
separate web sites. However, most users access the web with only one browser.
We explain the security benefits that using multiple browsers provides in terms
of two concepts: entry-point restriction and state isolation. We combine these
concepts into a general app isolation mechanism that can provide the same
security benefits in a single browser. While not appropriate for all types of
web sites, many sites with high-value user data can opt in to app isolation to
gain defenses against a wide variety of browser-based attacks. We implement
app isolation in the Chromium browser and verify its security properties using
finite-state model checking. We also measure the performance overhead of app
isolation and conduct a large-scale study to evaluate its adoption complexity
for various types of sites, demonstrating how the app isolation mechanisms are
suitable for protecting a number of high-value Web applications, such as online
banking.
separate web sites. However, most users access the web with only one browser.
We explain the security benefits that using multiple browsers provides in terms
of two concepts: entry-point restriction and state isolation. We combine these
concepts into a general app isolation mechanism that can provide the same
security benefits in a single browser. While not appropriate for all types of
web sites, many sites with high-value user data can opt in to app isolation to
gain defenses against a wide variety of browser-based attacks. We implement
app isolation in the Chromium browser and verify its security properties using
finite-state model checking. We also measure the performance overhead of app
isolation and conduct a large-scale study to evaluate its adoption complexity
for various types of sites, demonstrating how the app isolation mechanisms are
suitable for protecting a number of high-value Web applications, such as online
banking.