Forum Discussion
Mandatory Integrity Control with Microsoft Edge
Hi Team, I was wondering if anyone from the development team can elaborate on the use of mandatory Integrity controls in Edge? With IE it was simple to understand that the main process would run ...
Eric_Lawrence
Microsoft
MicrosoftMicrosoft Edge is based upon Chromium.
Chromium (and thus Edge) uses a multi-process model where each process has a particular job (processing HTML/JavaScript, drawing on the screen, the top-level-browser, etc). This improves both security and reliability.
Beyond simply running code in a different processes, however, we can improve security by sandboxing each process as much as we can; this will discard capabilities that a process should not need for its job, and help ensure that if an attacker were able to build an exploit against the sandboxed code, that exploit would be stuck inside a sandbox/jail it cannot escape.
Setting restricted Windows Integrity Levels is only one mechanism the sandboxing code uses to protect the system-- various other lockdowns are applied as well. You can learn more about the design of the Chromium sandboxes here: https://chromium.googlesource.com/chromium/src/+/lkgr/docs/design/sandbox.md
Chromium (and thus Edge) uses a multi-process model where each process has a particular job (processing HTML/JavaScript, drawing on the screen, the top-level-browser, etc). This improves both security and reliability.
Beyond simply running code in a different processes, however, we can improve security by sandboxing each process as much as we can; this will discard capabilities that a process should not need for its job, and help ensure that if an attacker were able to build an exploit against the sandboxed code, that exploit would be stuck inside a sandbox/jail it cannot escape.
Setting restricted Windows Integrity Levels is only one mechanism the sandboxing code uses to protect the system-- various other lockdowns are applied as well. You can learn more about the design of the Chromium sandboxes here: https://chromium.googlesource.com/chromium/src/+/lkgr/docs/design/sandbox.md