Trusted Extensions makes it possible to separate network traffic
into labeled zones which provide robust isolation. As I mentioned in the previous posting, this
isolation provides an environment for safe browsing. The ability to automatically redirect web pages to the
appropriate browser prevents a variety of threats such as spyware,
viruses, and similar web-based attacks. I use the internal zone for all
of my activity on Sun's Wide Area Network (SWAN). I use the public zone
for browsing the external web.
Here is the data flow:
- The internal browser executes its proxy.pac script for a selected URL. The
script specifies that a non-resolvable URL (outside of SWAN) should be forwarded to the url.xfer proxy on port 8080.
- The url.xfer proxy, listening on the multilevel port 8080 receives a proxy request, and calls getpeerucred(2)
to determine the label and user ID of the request. It validates the
request by checking the label of the requestor, and whether it has been
- For an initial request it replies with a page
forward the specified URL to the public zone.
- If confirmed, the browser encapsulates the original URL as a
parameter and sends it back to the url.xfer proxy using the special
hostname url.xfer. In either case, the internal browser is directed to return to the original page.
- The url.xfer proxy receives a request with the special hostname url.xfer. It starts a child process with the requestor's ID, and executes the Mozilla remote protocol to send the original URL to the Firefox instance which is running in the public zone with the specified user's ID.
- The Mozilla remote helper process finds the matching X11 property ( with the correct label and user ID) and signals the Firefox instance
to open another JavaSript file which takes the focus, pops to the
front, and requests the orignal URL to be loaded into the current
- The public Firefox instance executes its own proxy.pac file to determine how to handle this request.
Here is a sample confirmer dialog that is discussed in steps 3 and 4.