Yes, you read that title right. Microsoft is testing a new security feature for its Edge browser and, at least for the time being, it’s called Super Duper Secure Mode. The goal of SDSM is to increase security while browsing the web by disabling just-in-time (JIT) compilation for JavaScript. There are other features that are part of SDSM, though.
JavaScript is a fundamental part of the web, but it also brings about its own share of problems, and the JIT engine is responsible for a good chunk of them. According to Bleeping Computer, which initially spotted information on SDSM, roughly 45% of vulnerabilities in V8 JavaScript are related to the JIT engine. Microsoft’s Jonathan Norman also notes that disabling JIT compilation “kills half of the bugs” that attackers can leverage for security exploits in JavaScript. Additionally, for the remaining exploits, this smaller attack surface should at least make it harder for attacks to be carried out.
Of course, if disabling the JIT compiler was all benefits, this would probably have been done already. The reason JIT compilation exists is that it’s supposed to significantly improve performance in JavaScript. However, the Microsoft research team says it hasn’t actually seen a significant performance hit when disabling this feature. In the hundreds of tests Microsoft ran, only less than ten showed a performance decrease when JIT compilation is disabled. In some cases, performance even improved. However, in the tests where there were performance regressions, they were quite significant. Still, that makes Edge’s Super Duper Secure Mode seem fairly compelling.
But that’s not all there is to it. According to Microsoft, leaving JIT enabled makes it impossible to implement other features that can help security. For example, Intel’s Controlflow-Enforcement Technology (CET), a hardware-based exploit mitigation, has to be disabled. With Super Duper Secure Mode in Edge, Microsoft is not only disabling the JIT compiler, but also enabling CEF for extra security. Microsoft also plans to enable Arbitrary Code Guard (ACG) in the future – another thing that wasn’t feasible with the JIT compiler enabled.
Microsoft is pretty clear that this is just a test, so don’t expect this to become a feature anytime soon. However, if you find the idea interesting, you can give it a shot. You can enable SDSM in Edge Beta, Dev, or Canary by going to edge://flags. The respective flag is simply called Super Duper Secure Mode.
The post Microsoft Edge could be getting a Super Duper Secure Mode appeared first on xda-developers.
0 comments:
Post a Comment