Isolation Sandboxes and Application-oriented Access Controls: Computer Security Lectures 2014/15 S2
iSpeech
This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. Cliffe Schreuders at Leeds Beckett University. Laboratory work sheets, slides, and other open educational resources are available at http://z.cliffe.schreuders.org.
The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed.
Topics covered in this lecture include:
Programs behaving badly (Revision)
Vulnerable software, Malware
Access control (Revision)
Insufficient control
Applications run with the identity of the user
However, they don't always act in the user's best interests
Application-oriented access controls
A number of solutions have been proposed
Applications can run in “sandboxes”, isolated or with limited access
Isolation-based sandboxes and virtualisation
One approach is to run each application in an isolated sandbox environment
Can only access resources accessible within the sandbox
Isolation: System-level sandboxes
System-level sandboxes provide a complete environment for operating systems
Virtualisation: A hypervisor, AKA virtual machine monitor (VMM), can multiplex the hardware to run hardware-level virtual machines (VM)
Isolation: System-level sandboxes
Hardware emulation-based: the guest OS does not need to know it is virtualised
VMware, VirtualBox (may use some “para”)
Paravirtualisation (software emulation):
The guest knows they are being virtualised, and uses the API provided by the virtualisation
Can be more efficient, since work can be done by the host
Xen, User-mode Linux
Isolation: System-level sandboxes
Qubes
A VM for each different type of task
From a security (and sysadmin) point of view virtualisation has lots of uses
Discuss advantages: separation and isolation, high availability, disaster recovery, multiple OSs, and so on
Isolation: System-level sandboxes
Discuss: Can hardware emulation VMs be used to confine individual applications?
From an end-user point of view they can be hard to manage
Discuss disadvantages and workflow
Container-based sandboxes share the kernel, but have separate user-space resources
More efficient than system-level virtualisation
Chroot, jails, linux containers
Advantages and disadvantages
Chroot is a system call on Unix systems, that changes the root directory for a process and its children
The namespace of the application limits it to only access files inside the specified directory tree
A wrapper program “chroot” can be used to launch programs into a “chroot jail”
chroot() considerations
Only root can perform a chroot, but should change identity asap
root can escape a chroot jail (by performing another chroot()), so no program in a chroot should ever stay as root
There are resources such as process controls and networking that are not mediated
Other mechanisms solve some of these problems, such as FreeBSD Jails
Copy on write sandboxes allow applications to read all files, and any writes are written to a separate area
Upon termination, asks which changes to keep
Examples: Sandboxie, Pastures, Alcatraz
Self contained apps
Examples: Java applets, Silverlight, Flash, Google native code
Typically a “powerbox” is used to grant access to files that the user selects using a file dialog box
Isolation-based pros and cons
Great for shared servers, isolating completely separate systems
Disadvantages:
Redundancy of resources: complete copy of OS, or libraries
Inhibit exchanging information or sharing resources
Work flow and usability
video, sharing, camera phone, video phone, free, upload
2015-06-13 14:47:34
source
Gloss