A new Microsoft solution, known as Ripley, was announced recently at the Association for Computing Machinery’s Computer and Communications Security Conference in Chicago.

This new platform showcases just how powerful applications running in the browser can be. In addition to being a robust application environment, Ripley deals with security in a manner that encourages development of secure e-commerce systems.

The recent explosion of web applications is in part due to the ability to split code between the client and the server. However there is always the underlying risk of a user’s home PC being compromised in a manner that jeopardizes the servers security mechanisms.

Ripley attempts to thwart these efforts and goes to great extremes to secure the integrity of Ripley Web applications. Ripley not only verifies that a request came from the proper website, it also verifies that the user’s actions are permitted by the application’s user interface.

Ripley prevents a remote hacker from altering the code running inside a browser by creating an exact copy of the users computational environment. Ripley then runs that copy, locally, on the server. Ripley then interprets all of the user’s actions, mouse clicks, key presses and other inputs, to an “event stream” from the client to the server. This is run in a VM type environment on the server, the behavior of that virtual application is compared to the application running on the user’s browser at home. If there are any discrepancies, Ripley disconnects the client.

All of this is done completely transparent to the end user nor does it affect the normal functions of the web application. The only ones worrying about what would happen would be the malicious demons that like to hijack user browsers for malicious purposes.

One of the challenges facing the project was how to create a copy of the entire client environment–the solution involved building a headless browser. This shrunk the memory footprint from a staggering 50-60 Megabytes per instance to a much more manageable 1 to 1.5 megabyte per instance.