lecture series

lecture series

Isolation Sandboxes and Application-oriented Access Controls: Computer Security Lectures 2014/15 S2

51m ago
SOURCE  

Description

This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. Cliffe Schreuders at Leeds Beckett University. Laboratory work sheets, slides, and other open educational resources are available at http://z.cliffe.schreuders.org. The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed. Topics covered in this lecture include: Programs behaving badly (Revision) Vulnerable software, Malware Access control (Revision) Insufficient control Applications run with the identity of the user However, they don't always act in the user's best interests Application-oriented access controls A number of solutions have been proposed Applications can run in “sandboxes”, isolated or with limited access Isolation-based sandboxes and virtualisation One approach is to run each application in an isolated sandbox environment Can only access resources accessible within the sandbox Isolation: System-level sandboxes System-level sandboxes provide a complete environment for operating systems Virtualisation: A hypervisor, AKA virtual machine monitor (VMM), can multiplex the hardware to run hardware-level virtual machines (VM) Isolation: System-level sandboxes Hardware emulation-based: the guest OS does not need to know it is virtualised VMware, VirtualBox (may use some “para”) Paravirtualisation (software emulation): The guest knows they are being virtualised, and uses the API provided by the virtualisation Can be more efficient, since work can be done by the host Xen, User-mode Linux Isolation: System-level sandboxes Qubes A VM for each different type of task From a security (and sysadmin) point of view virtualisation has lots of uses Discuss advantages: separation and isolation, high availability, disaster recovery, multiple OSs, and so on Isolation: System-level sandboxes Discuss: Can hardware emulation VMs be used to confine individual applications? From an end-user point of view they can be hard to manage Discuss disadvantages and workflow Container-based sandboxes share the kernel, but have separate user-space resources More efficient than system-level virtualisation Chroot, jails, linux containers Advantages and disadvantages Chroot is a system call on Unix systems, that changes the root directory for a process and its children The namespace of the application limits it to only access files inside the specified directory tree A wrapper program “chroot” can be used to launch programs into a “chroot jail” chroot() considerations Only root can perform a chroot, but should change identity asap root can escape a chroot jail (by performing another chroot()), so no program in a chroot should ever stay as root There are resources such as process controls and networking that are not mediated Other mechanisms solve some of these problems, such as FreeBSD Jails Copy on write sandboxes allow applications to read all files, and any writes are written to a separate area Upon termination, asks which changes to keep Examples: Sandboxie, Pastures, Alcatraz Self contained apps Examples: Java applets, Silverlight, Flash, Google native code Typically a “powerbox” is used to grant access to files that the user selects using a file dialog box Isolation-based pros and cons Great for shared servers, isolating completely separate systems Disadvantages: Redundancy of resources: complete copy of OS, or libraries Inhibit exchanging information or sharing resources Work flow and usability