MozillaWiki

Security/ProcessIsolation: Difference between revisions

Page Discussion

Security/ProcessIsolation (view source)

Revision as of 17:13, 29 April 2009

48 bytes added ,  29 April 2009
→‎Roadmap
 
Line 17: Line 17:


* Put together a team of people willing to put in a sustained effort on process isolation design and prototyping (6+ month timeframe)
* Put together a team of people willing to put in a sustained effort on process isolation design and prototyping (6+ month timeframe)
* Identify broad sets of vulnerabilities that might be mitigated by process isolation (high level threat model)
* Identify broad sets of vulnerabilities that might be mitigated by process isolation (high level threat model, here: [[Security/ProcessIsolation/ThreatModel]]
* Identify several potential architectures.  A few that come to mind, there will be more:
* Identify several potential architectures.  A few that come to mind, there will be more:
** Isolate entire Firefox process into low rights mode (sensitive I/O virtualized or brokered).  Protects system from browser vulns but does not improve stability or inter-domain security.
** Isolate entire Firefox process into low rights mode (sensitive I/O virtualized or brokered).  Protects system from browser vulns but does not improve stability or inter-domain security.
Ladamski
Confirmed users
717

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/142039"