Confirmed users
717
edits
Security/ProcessIsolation: Difference between revisions
→Roadmap
| Line 12: | Line 12: | ||
* Identify broad sets of vulnerabilities that might be mitigated by process isolation (high level threat model) | * Identify broad sets of vulnerabilities that might be mitigated by process isolation (high level threat model) | ||
* Identify several potential architectures. A few that come to mind, there will be more: | * Identify several potential architectures. A few that come to mind, there will be more: | ||
** Isolate entire Firefox process into low rights mode (sensitive I/O virtualized or brokered). Protects system from browser vulns but does not | ** Isolate entire Firefox process into low rights mode (sensitive I/O virtualized or brokered). Protects system from browser vulns but does not improve stability or inter-domain security. | ||
** Isolate Firefox into multiple processes (process per tab or process per top-level). Provides system protection, and stability benefits, but minimal inter-domain protections. | ** Isolate Firefox into multiple processes (process per tab or process per top-level). Provides system protection, and stability benefits, but minimal inter-domain protections. | ||
** Isolate Firefox into separate process per domain. The most complex model, but provides system protection, stability, and inter-domain compartmentalization. | ** Isolate Firefox into separate process per domain. The most complex model, but provides system protection, stability, and inter-domain compartmentalization. | ||