Microsoft's Gazelle browser: A layperson's explanation

Microsoft's Gazelle browser: A layperson's explanation

Summary: Microsoft Research has published a new article that explains in more layperson-like terms exactly what its "Gazelle" Web browser is and why the company's researchers believe it's needed.


Microsoft Research has published a new article that explains in more layperson-like terms exactly what its "Gazelle" Web browser is and why the company's researchers believe it's needed.

Microsoft is slated to present a paper on Gazelle at the Usenix Security Symposium in August. At that event, the Gazelle team will describe "the design and construction of a browser that is actually a multi-principal operating system." (A copy of Microsoft's Gazelle Usenix paper is available now.)

I've had Gazelle (the project which started life as "MashupOS") explained to me a couple of times, but I never quite understood it. The new Microsoft-authored article, however, actually helped me understand more about where Microsoft is going with this project.

It's worth reiterating that Microsoft hasn't said when, how or if it plans to commercialize Gazelle. It's not accurate to call Gazelle the next version of Internet Explorer (or replacement for IE) or a future iteration of Windows. For now, it's a Microsoft Research project only. (But most Microsoft Research projects do end up ultimately becoming commercialized in some way, often times years after they first debut.)

Microsoft researchers describe Gazelle's design as that of a "multi-principal OS." What does that mean, exactly? From the new Microsoft Research article:

"In browser parlance, a principal generally equates to a Web site. Given that there is usually just one user at a time on a PC, the sharing of resources is actually across applications from different origins; in the case of Web pages, each page could consist of content from different principals, each staking out a share of computing resources. The browser is therefore the natural choice of application platform for managing principals and resource requests."

Up until the past few years, it's been assumed that applications require operating systems to run. But Web apps don't have this limitation. And because they don't, Web apps often can be less secure. Current-day browsers also don't handle resource management for devices, the new article said.

These are the driving forces behind the way Microsoft Research is architecting Gazelle's "browser kernel." The kernel -- a layer that sits between underlying operating systems and the principals -- will  protect principals from one another and from the host machine, according to the article.

The Gazelle team decided "the time has come to apply decades-old operating-system experience to the browser-design space.," the article said. "Gazelle essentially leverages the existing mechanisms of operating systems and tailors them to the needs of Web applications."

If you're interested in where the Softies are going in security, browser design and OS design, the Gazelle article is worth a read....

Topics: Microsoft, Browser, Operating Systems, Software


Mary Jo has covered the tech industry for 30 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Google Chrome already has done this.
    • IE did it before Chrome

      But, what Gazelle is doing is the next step(
      actually, some steps) further to the phenomenon
      of tab isolation. Its actually about isolating
      browser from the OS.
      • IE tab isolation is not the same as Chrome's

        IE does use multiple processes. But start IE
        restoring 8 tabs from a prior session, and
        you'll see that all 8 are loaded into just two

        More importantly, each IE process reads and
        writes to the disk and each IE process writes
        to the network. There is no security
        boundaries between the processes.

        Chrome, by contrast, has a browser process
        which governs the disk and network IO. Each
        tab gets a "sandbox", which is a restricted
        permissions OS.

        If you read the gazelle paper, they cite Chrome
        quite a lot. They're going to one more level,
        which is a little deeper. But yeah, Chrome
        really pioneered the notion of each-tab-in-a-
        separate security sandbox.

        This is why IE was hacked at pwn2own and Chrome
        was not.
        mick z
        • Actually...

          in the words of the hacker that got IE7, time was the *only* reason Chrome was not hacked... let alone the fact that Chrome was not even installed on any of the Windows PC's.

          The hacker (can't remember his name now) was asked if the same method could be used on Chrome and he said that he hadn't spent any time looking into Chrome's security holes for the hacking competition.

          Thats the point to be taken from these hacking competitions... they only want to win the prize money, theres nothing else to it. So they go with what they know.

          BTW, Chrome does have its sandbox but it *usually* uses two tabs per process.
      • IOW, IE sucks too badly to serve web apps

        Web apps is all about standard dataformats and protocols, speed
        and security. Hmmmm..... anyone more than I who see several
        problems here with IE? I definitely see this as a reason for a new (?)
        browser, and a new codename to market it. :-)
    • No, they took a step in the right direction

      From what I understand of the comparisons is this:

      Chrome, sandboxes each WINDOW, meaning if like many you have several tabs going, some secure but some less secure, then effectively that browser instance is only as strong as the weakest link.

      The proposal with Gazelle is to sandbox at TAB level, effectively eliminating this risk.

      Now it remains to be seen if this can be achieved without putting a massive drain on system resources. As much as I'm extremely anti-Google for the constant spamming of by internet experience via so-called "sponsored links", I'll give credit where credit is due. They did take a first crucial step in the right direction.

      Also giving credit where it's due, if MS can actually pull this off, there's another step forward.
  • RE: Microsoft's Gazelle browser: A layperson's explanation

    I think all the talk about Kernel, Principal and operating system just confused everybody. After watching the video a while ago it was obvious that these terms are being used as an analogy. Put simply this is just a re-architecture of the browser to prevent cross-site scripting attacks, by using process boundaries at the site level rather than the browser tab level.

    I would hope this stays in R&D for a while - the IE team should have other priorities.
  • RE: Microsoft's Gazelle browser: A layperson's explanation

    So does IE8, if it's as far as running different browser tabs in separate processes.

    Gazelle seems to take this even a few more steps further. Even if you have a single page which is a mashup of data and JavaScript from multiple sites, it's able to isolate each asset into its own process. And the separation of the rendering with the execution of code is interesting too.
  • Will this be helpful in Midori??

    I think, this principle would lead MS closer to
    what they want for Midori, their next OS, as even
    it will be a cloud based OS.
    • Slow down a little...

      Apart from the fact that most reports (which are speculative at best seeing as MS really isn't saying that much about either Miduri or Singularity), there's no indication what-so-ever as to when it will see maturity.

      As to a cloud-based OS... the day MS move me to a fully cloud-based OS is the day I walk!! I'm simply not willing to have my PC's usability tied up with whether or not the server running my apps is reliable or not.

      From my own experience, shot of a job app via FOUR DAYS LATER it bounces back to my own email account. I'd rather just have dropped the application in person.

      Users of Google apps were stuck only a couple of months back, when Google's servers malfunctioned.

      Internet searches after Jackson's death, and back further with 911, crippled much of the internet, including many new sites, and even interfered with Google itself.

      The simple fact is that the internet as a whole is no where near its evolutionary point where a cloud-based OS is even fesible, and when it does get there, it will be interesting to see just how much of this new web build remains free.
  • What was IE doing?

    It seemed to me IE development became a very low
    priority until encroachment from Firefox and Safari,
    now all the sudden there's a lot of movement. I
    thought Firefox did tabs first, so what did IE do

    In any case, a well architected browser seems to be in
    Googles strategic interest - delivering an online
    suite of apps to compete with office. But why would
    Microsoft have any interest in that model.

    To Microsoft the way God intended software was data
    coming of Microsoft servers through the internet to
    licensed copies of Office running on licensed copies
    of Windows; not some internet web application suite.
    • Opera did tabs first

      Firefox took credit for it, since Opera never managed to grow its share to where people knew about it. So Firefox are the proud holders of "second!" on that one. Firefox has been a fabulous amalgamator of great ideas into a usable form, but there actually isn't a ton of stuff that they've pioneered.

      By contrast, IE pioneered a ton of stuff, including AJAX and much of the baseline support for CSS back in the day. (Of course, the parts they didn't get quite right have been the bane of web designers' existence since then, but all the parts that worked -- most of it -- were great leaps forward at the time.)

      Microsoft is interested in that model because (1) they don't want Google to own the browser, and (2) they know a ton about operating systems (duh), and leveraging that effectively is a competitive advantage both for their browser and for their OS.
    • RE: Microsoft's Gazelle browser: A layperson's explanation

      @HollywoodDog <br><br>I remember microsoft saying that IE did not need tabs. Then of course <a href="">sohbet</a> they had <br>to "innovate" later to copy Firefox. Then they have been beaten up for years <br>about security yet they don't rearchitect their browser. Google give the world <br>Chrome and now Microsoft "innovate" <a href="">chat</a> again buy starting an R&d project called <br>Gazelle. <a href="">portal</a> Wow that's news: fat incumberant player plays me-to yet <a href="">forum</a> again. Yawn.
  • Gazelle? Fascinating. Just Fascinating.

    Dietrich T. Schmitz
    • This is an oringinal

      I remember microsoft saying that IE did not need tabs. Then of course they had
      to "innovate" later to copy Firefox. Then they have been beaten up for years
      about security yet they don't rearchitect their browser. Google give the world
      Chrome and now Microsoft "innovate" again buy starting an R&d project called
      Gazelle. Wow that's news: fat incumberant player plays me-to yet again. Yawn.
  • In other MS browser news

    Seems this has been missed by ZDnet:

    "The ad [by MS], starring former Superman actor Dean
    Cain, depicts a woman spewing uncontrollably after
    apparently finding hardcore pornography on her husband's
    computer. The man then slips over on the mess before his
    wife continues to vomit on top of him...
    Cain then steps into the foreground telling viewers that
    none of this would have happened if the man had used
    Internet Explorer 8, which includes a feature called
    "InPrivate Browsing" that lets users browse without leaving
    a trace."

    Such a nice company. Sorry back to ZDNet fawning;-)
    Richard Flude
    • In other MS browser news

      You must have missed the video. Whether it
      reflects that MS is or is not a "nice company"
      is a matter of personal taste, not your judgment
      and not mine. I rather liked it. Those who found
      it distasteful seem to be humor-challenged.

      Do you watch American movies made in Hollywood?
      Do you think that they're nice? How about
      American TV shows? Think they're nice? How about
      Japanese anim?? Think they're nice? Maybe you
      prefer American politicians, especially all
      those recently racist displays by both Democrats
      and Republicans alike? Think they're nice? How
      about Apple, the company that won't allow its
      users to legally run the Mac OS on anything
      other than a Mac? Think they're nice?

      Companies are never nice or not nice, only
      people and dogs are. Capitalists are known for
      being not nice -- only rationally self-
      interested (since when is narcissism rational?).
      Only dogs are really nice, except for pit bulls,
      of course.

      Besides, what has this remark got to do with
      Mary Jo's article? Nothing. You just HAD to
      express your insignificant and self-righteous
      disdain for Microsoft. That's what the holier-
      than-thou IT crowd can't keep itself from doing.

      If you don't like freedom of expression, be like
      Oedipus: poke out your eyes (and burst your
      eardrums). Then the world will be a nicer place
      -- for you, at least. Instantly and eternally.
  • I wondered why the minwin had an http engine

    now I know. they're building an interface for hand-held devices that's ultra small because it's just enough to interface between the hardware and the browser. Pretty smart. If they can do it, I'm betting a LOT of people would want to use it.
    • Not quite

      MinWin doesn't contain an HTML rendering engine - it contains an HTTP communication stack so that MinWin based systems can call web services.

      I think it safe to say that in the future, Microsoft will continue to harden the security surrounding IE "pages" and lighten the cost of creating new pages in new isolated threads/fibers.
  • "Browser Kernel"

    Contrary to the understanding presented in this article, my takeaway after reading the referenced MS article, is that the "Browser Kernel" runs on top of Windows (meaning: Windows has its own kernel, UI, etc...)

    So my assumption is that other apps run in parallel to the "browser kernel", but what remains to be seen is how 32-bit (or 64-bit) apps that use web parts interact with the "broswer kernel". They used to just invoke IE directly through object instantiation.

    Plus, one "browser kernel" instance STILL means
    a) risk of disclosing information between privileged and unprivileged sessions via the "kernel"

    b) a "kernel" crash still kills all of your IE windows. A graceful crash would be if what they call a "principal" (read: applet) dies, but the possibility still exists for an applet to take the kernel out with it. E.g., think about where virus protection should sit in this model.