[dahjelle]

Am I reading correctly: WDAGfME (for lack of a better acronum) is essentially starting a VM with a fresh copy of Windows for every site that it is protecting? Does this happen for every open & protected tab/window? What kind of overhead does it have?

The idea sounds similar to Qubes OS, with the exception that it's transparent to the user and doesn't have to be configured by the end-user.

I presume this kills any of the offline-storage approaches?

[satysin]

My understanding (which could easily be wrong) is that it works similar to Sandboxie. However it looks like it is using the Hyper-V container functionality they recently announced.

So basically when you run this protected Edge session it starts the browser in a Hyper-V container, it has some read access to the host file system, registry, etc. but no write and when the session is closed everything else goes with it.

[nickpsecurity]

It's actually a feature that goes way back to the Compartmented Mode Workstations that were sold in Orange Book days for higher security than regular UNIX. The higher-security ones often balanced security and performance by figuring out which components had to be secure and shared vs which they could just duplicate without trust. Epstein et al's TX is an example with many details:

https://www.acsa-admin.org/2006/papers/epstein-paper.pdf

Vendors of separation kernels, with Green Hills in lead, started distributing MILS workstations with browser VM's and such in 2005:

http://www.ghs.com/news/20050419_secure_products.html

Tahoma started first browser-oriented OS running on Xen and Linux in 2006:

https://www.gribble.org/papers/gribble-Tahoma.pdf

Finally, OP Web Browser applied POLA and safe languages internally around 2008 with Chrome partly copying it (with less security for performance):

http://www.cse.psu.edu/~trj1/cse543-s15/docs/grier_sp08.pdf

So, high-assurance community has been on this with numerous projects and products released. Many had small, strong TCB's. The oldest had the color schemes and everything. QubesOS is the newcomer with less security than many forerunners but great usability & openness. Better than average Linux distro. Closest to prior designs with active community is genode.org.

[0xFFC]

The idea of starting new fresh copy of Windows software stack for every site is kinda naive. I would say they are using something similar to Linux kernel namespace mechanism for sandboxing in Windows kernel, which is quite efficient and secure sandboxing without going through the pain of virtualization(Google uses this mechanism for implementing Android subsystem in ChromeOS). But how hyper-v fits to this equation, I don't know.Maybe something similar to docker service in hyper-v.

But anyhow this is quite amazing idea, Microsoft really tries hard to improve Edge.

The reason they can overcome technical difficulty of something this cool is because they have very consistent and very limited underlying platform (they don't have to support macOS, Linux, etc). Imagine how hard it would be for Firefox and chrome to pull off something similar.

>I presume this kills any of the offline-storage approaches?

Not necessarily, it depends on how they did implement this.

(I may be wrong,please correct me)

[daeken]

I see two options: 1) they're using Hyper-V and exposing a small number of hypercalls to allow for rendering and interaction. 2) they've overloaded the Hyper-V name for a user space sandbox.

I'm really hoping for the former, as it'll mean they finally might expose a KVM-esque API. That would mean a drastic change for virtualization dev on Windows.

[jlgaddis]

Maybe I'm misunderstanding the question, but the article clearly describes that they're using Hyper-V to launch a separate instance of the kernel and the browser in a "container" (which is later "discarded").

[dsp1234]

The Windows Container architecture is explained at https://msdn.microsoft.com/en-us/virtualization/windowsconta...

This looks like a use of those containers for running edge processes.