Convergence of Desktop and Web Applications on a Multi-Service OS

  • Helen Wang ,
  • Alexander Moshchuk ,
  • Alan Bush

HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security |

Published by USENIX Association Berkeley

A paradigm shift has been taking place in the personal computer sharing model: a computer is no longer shared by users, but shared by mutually distrusting applications or other content. This multi-application sharing model is mismatched with today’s multi-user operating systems like Windows and Linux, which offer protection only across users. This mismatch contributes significantly to today’s malware problem: a user is often tricked to download and install malware which runs with the privileges of the user or even with escalated privileges to harm the user’s machine. Web-centric computing is another significant trend in computing, which makes web browsers a dominant client application platform. The browser platform supports a multi-application sharing model. However, today’s web browsers have never been designed and constructed as an operating system: different web site principals may coexist in the same protection domain, and there is no coherent support for resource access, control, and sharing. This makes browsers a vulnerable and functionally limited platform. In the light of these two trends, we envision ServiceOS, a multi-service OS on which web applications and traditional desktop applications converge. “Service” comes from “Software-as-a-Service”. A service is some generic content which can be either code or data. Services are hosted in the cloud and cached on the client. The owner of the service is an OS principal. ServiceOS will enable an application model that synthesizes the best elements from both desktop and web applications, providing fundamentally better security without sacrificing functionality. We sketch our design and present open challenges for this new paradigm of computing.