From 63772b124e3ca9f30f5204aff90c9cadd859fc71 Mon Sep 17 00:00:00 2001 From: leo Date: Thu, 25 May 2023 04:06:50 +0200 Subject: [PATCH] tex: add stuff on site isolation --- tex/references.bib | 8 ++++++++ tex/text.tex | 18 ++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/tex/references.bib b/tex/references.bib index 970fd35..add7c6b 100644 --- a/tex/references.bib +++ b/tex/references.bib @@ -383,4 +383,12 @@ institution = {International Organization for Standardization} year = 2010, } +@misc{siteisolation, + author = {{The Chromium Projects}}, + year = 2023, + title = {{Chromium Security -- Site Isolation}}, + howpublished = {[online]}, + note={{Available from: \url{https://www.chromium.org/Home/chromium-security/site-isolation/} [viewed 2023-05-24]}} +} + % =========================================================================== % diff --git a/tex/text.tex b/tex/text.tex index ee7fce2..67bd8aa 100644 --- a/tex/text.tex +++ b/tex/text.tex @@ -462,6 +462,24 @@ can guide or alter the behaviour of software reading it. For instance a to signify that the client can store certain resources for some time before needing to re-fetch them, if they are not \emph{expired}. +\n{3}{Site Isolation} + +Modern browsers such as Firefox or Chromium come with a security focus in mind. +Their developers are acutely aware of the dangers that parsing untrusted code +from the internet, which is the websites, the stylesheets and the scripts, +poses. This is reflected in the way these programs are architected: instead of +the main browser process running everything, the main privileged process spawns +de-privileged child processes for each website. This extra line of defence +makes it ``harder for untrustworthy websites to access or steal information'' +from user accounts or other websites~\cite{siteisolation}, as even if the +misbehaving website manages to ``break some rules'' withing its own process, it +should find it more difficult to steal data from other sites. Firefox's version +of Site Isolation is called Project Fission +(\url{https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture/}) +but the two are very similar in both architecture and what they try to achieve. +Some Chromium users have been complaining in the past on its high memory usage, +which is partially due to Site Isolation features enabled. + \n{2}{Cross-site scripting}\label{sec:xss}