Microsoft asks open source developers to play in Web Sandbox
Microsoft has announced plans to release the code of its Web Sandbox project under the open source Apache Software License. This move reflects Microsoft's growing interest in contributing to interoperable standards-based Web technologies and also demonstrates the company's willingness to adopt well-established open source licenses for its own projects.
The Web Sandbox project aims to mitigate some of the security risks that are associated with building Web mashups that mix in untrusted content from third-party sources. The task of isolating untrusted code poses some complex technical challenges. Web Sandbox is one of several ongoing research projects that are implementing experimental solutions. It is similar in function to Google's Caja project.
Web Sandbox operates as a thin virtual machine layer that regulates the execution of untrusted code. The untrusted code is translated into a series of instructions which are then filtered through a rule-based policy system. The translation can be done server-side so that the entire system will work without requiring any special plug-ins or browser modifications. Microsoft also provides an optional Silverlight-based reference implementation for performing client-side transformations. Similar client-side translation capabilities could hypothetically be implemented natively in any browser. Microsoft is encouraging developers to test Web Sandbox and report potential exploits.









:





