App Isolation: Get the Security of Multiple Browsers With Just One
Many browser-based attacks can be prevented by using separate browsers for separate web sites. However, most users access the web with only one browser. The authors explain the security benefits that using multiple browsers provides in terms of two concepts: entry-point restriction and state isolation. They combine these concepts into a general app isolation mechanism that can provide the same security benefits in a single browser. While not appropriate for all types of web sites, many sites with high-value user data can opt in to app isolation to gain defenses against a wide variety of browser-based attacks. They implement app isolation in the Chromium browser and verify its security properties using finite-state model checking.