Microsoft unveils code for 'high-security' Sandbox

02 Feb 2009

1

Microsoft last week released the source code for its Web Sandbox virtualisation technology, offering Web developers a new method for protecting the contents of a web page from malicious exploits and code injections.

The project has been released under the Apache 2.0 license, a source no doubt familiar to Microsoft, as the company began sponsoring the Apache Software Foundation to the tune of $100,000 annually last July.

The Sandbox technology is designed to isolate the different parts of a web page from each other via virtualisation, thus enhancing security. Additionally, it will work with most browsers – not just Microsoft's.

Microsoft released a community technology preview of Web Sandbox at its Professional Developers Conference (PDC) in Los Angeles in late October. However, more visible projects – for instance, Windows 7 and Windows Azure - got much more attention at the PDC, and Web Sandbox was lost in the noise.

While the Apache Software Foundation isn't sponsoring or endorsing Sandbox - Microsoft was careful to point out that the project is not sanctioned or sponsored by Apache, and it is just using the software license  - the move is nevertheless the second time Apache and Microsoft are tying up this year. Microsoft announced its intentions to donate code to Apache's Stonehenge project on 19 January.

"Modern web pages are made up of pieces that may be served from different locations - maps, visit counters, affiliate programmes that run scripts on your page, gadgets built by outside developers, and more," says a statement on the Live Labs Web Sandbox page.

With so much going on the scenes, Live Labs developers were looking for a way to isolate processes that should not be allowed to communicate directly, if at all, with each other. The key is to virtualise each component to more tightly control what it can do to other components or what they could do to it. Thus the term 'sandbox', the statement adds.

Although Microsoft is urging developers to put the Web Sandbox through its paces and try to break through its security, and thus help strengthen its protection, officials are not recommending that anyone build production Web sites with it yet. It's still under development.

Microsoft started up Live Labs almost exactly three years ago as a move "to enable rapid innovations of Internet technologies," according to the organisation's charter.

Web Sandbox features technology for mashing up code while maintaining process isolation, quality of service protection, and security. It is intended to address a problem in which Web gadgets, mashup components, advertisements, and other third-party content on Web sites either run full trust alongside content or are isolated inside of IFrames. This results in many Web applications being intrinsically insecure, with unpredictable service quality.

Web Sandbox builds upon Microsoft's experience with DHTML, Windows, Windows Live Web-based gadgets, and the Microsoft BrowserShield project, which leverages JavaScript virtualisation through rewriting.

Business History Videos

History of hovercraft Part 3 | Industry study | Business History

History of hovercraft Part 3...

Today I shall talk a bit more about the military plans for ...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of hovercraft Part 2 | Industry study | Business History

History of hovercraft Part 2...

In this episode of our history of hovercraft, we shall exam...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Hovercraft Part 1 | Industry study | Business History

History of Hovercraft Part 1...

If you’ve been a James Bond movie fan, you may recall seein...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Trams in India | Industry study | Business History

History of Trams in India | ...

The video I am presenting to you is based on a script writt...

By Aniket Gupta | Presenter: Sheetal Gaikwad

view more
View details about the software product Informachine News Trackers