Sandbox technology - IUST Personal Webpages
advertisement
Sandbox technology, a suitable approach for secure distributed systems By: Arash Karami Supervisor : Hadi Salimi Distributed Systems Course Seminar arashkarami88@gmail.com July 2010 Mazandaran University of Science and Technology IT department Main Contents 2/36 What: Sandbox security Where: General-purpose Grid computing Why: security with lightweight overhead, … How: see those in next parts!!! Sandbox technology present by Arash Karami Table of Content 3/36 Introduction Sandbox idea Other concepts Usages Features Interception Interception Levels Access Control List Chroot mechanism Applications Evaluating Time line Conclusion Sandbox technology present by Arash Karami 4/36 Introduction Motivation Introduction My purpose Sandbox technology present by Arash Karami Motivation 5/36 large 2000 need to be high 2010 1990scale systems performance Distributed system are normally untrusted Standalone Antivirus environments Security suits ` Establishing secure processing Sandboxes environments is very time consuming (common) We have found a suitable technology for lightweight secure environemnts in large scale systems Sandbox technology present by Arash Karami Introduction to sandbox 6/36 By wikipedia: By common: In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users.” Process virtual machine By my survey: A jail that can override and modify the behaviour of system calls without change in real system Sandbox technology present by Arash Karami Purposes & specifics 7/36 Lightweight High performance Virtualization Role based Special ACL Control and management resource Restriction in resources Better than complex authentications Self defensive Sandbox technology present by Arash Karami 8/36 The sandbox idea Idea Other concepts Sandbox technology present by Arash Karami Other means 9/36 Sandbox games Google sandbox rating Sandboxes have many applications in computer science!!! The sandbox tool aims to fulfill the need for application security on a distributed environment Sandbox technology present by Arash Karami 10 usages Sandbox in X computing Sandbox as virtual machine Sandbox as monitoring tools (EVEN) Sandbox as IDS ;) Sandbox technology present by Arash Karami Usage of sandboxes Network monitoring tools, Network traffic FVM control 11/36 IDS BlueBox Resource Management systems Virtualization Anti viruses Norman Avast Chromium Java sandbox Mobile computing Sandbox approach Rule base management systems Mobile codes Honey pots Full virtualization FVM EVM Cloud/Grid Gridbox computing DGMonitor Janus Sandbox technology present by Arash Karami 12/36 Features Interception Access Control List Application sandboxes Sandbox technology present by Arash Karami Interception 13/36 Base of sandboxes Process interception system call interception Os: Unix: ptrace OR… Windows: dll injection Monitoring resources and controlling them Sandbox technology present by Arash Karami User level sandbox 14/36 Trace system calls Using ptrace in Unix Using injection to address space of processes in windows. For example: Gridbox Chromium sandbox project Chroot Janus Sandbox technology present by Arash Karami Kernel level sandbox 15/36 Create a driver or kernel modules for a specific platform Low level programming Dirty programming!!! Non-hacked (than to user mode) For example BlueBox EVM Condor Sandbox technology present by Arash Karami Access Control List 16/36 Assign a task, role, system call Change system call with real system call Example: Gridbox: Define acl.c + syscalls.c for resource management Sandbox technology present by Arash Karami Application sandboxes 17/36 Move desktop app to web app Protecting with lightweight , secure, flexible approach (WHERE???) Extension or separated program Sandboxie A part of Applets SilverLight Lost real performance Sandbox technology present by Arash Karami 18 Present two prof sandbox GridBox Chromium sandbox project Sandbox technology present by Arash Karami Gridbox 19/36 started at 2005 Lightweight code files & executable file Heterogeneous on Unix base system User mode interception Used in ProGrid, SETI@ Using ACL Multi level security Sandbox technology present by Arash Karami Multi level security 20/36 # Program execution` # Network access: Allow connections to # Allow execution of /bin/cat trusted machines rule system allow /bin/cat rule connect allow 200.18.98.120:80 # Disallow any other program execution rule connect allow 200.18.98.132:80 rule system deny * # Disallow any other connection rule connect deny *:* # Serving connections: Allow to#bind to profile Node port 8000 of interface 200.18.98.120 #/usr/local/grid/sandbox.sh # Limit the CPU use to 5 minutes rule bind allow 200.18.98.120:8000 /usr/local/grid/applications/test_suite limit CPU_TIME 600 # Disallow any other port binding ...GRIDBOX: fopen (input): DENIED # Limit maximum file size rule bind deny * connect (200.18.98.120:80): GRIDBOX: limit FILE_SIZE 1000000 DENIED # Limit maximum process stack GRIDBOX: nice(10): DENIED limit STACK 20000 GRIDBOX: connect (200.18.98.120:22): DENIED GRIDBOX: system (/bin/rm): DENIED GRIDBOX: fopen (/etc/passwd): DENIED Sandbox technology present by Arash Karami GridBox Functionalities 21/36 Sandbox technology present by Arash Karami Chromium Sandbox project 22 Subset of Chromium open source project Independent to Google codes Cross-platform Restriction in: process I/O Network Sandbox technology present by Arash Karami 23/36 Evaluate Table of all surveyed sandboxes Time-line Sandbox technology present by Arash Karami Compression 24/36 Sandbox is a wide concept It is based of interception Sandbox technology present by Arash Karami Some surveyed sandboxes 25/36 Sandbox name Goal Implantation Level Heterogon ous Compatible OS Application Domain Program Chroot OS virtualization User mode No Most Unix-like OS Secure policy Chroot Gridbox Improve security in grid User mode Y/N All Unix-like OS Grid computing, Pro Grid,SETI@ ACL, customize confige file, BlueBox N IDS Kernel mode No Linux Network IDS, Host base real – time IDS, webservers Host base driven DGMonitor Virtualized resources User mode Yes Linux,windows, Unix Entropia, DCGrid,Xterm web Portable, Entropia VM Virtualization Kernle mode No Windows NT or higher Grid systems, image – processing Combine VM approach with Sandbox approach, File Virtualzaiton, Thread mng,Job manager Janus Monitoring User mode No Solaris 2.4 Chromium Sandboxing User mode Yes Unix-like, Ptrace/proc mechanism Web application Time-Line 26 Progress sandboxes Systrace Condor chromium Gridbox Avast Chroot 1980 Janus 1985 FreeBSD Jail 1990 1995 2000 Sandbox technology present by Arash Karami 2005 2010 27/36 Result Result challenges discussion Sandbox technology present by Arash Karami A good sandbox properties: 28/36 Interception without restriction on resources A secure box for virtual processes Multi part restriction: Memory restriction: Restriction space for Processes, threads process management monitoring network protocols Sandbox technology present by Arash Karami challenges 29/36 Implement level Goal Cross-platform Fine-grained level Sandbox technology present by Arash Karami 30/36 Conclusion Sandbox technology present by Arash Karami Today we need to: 31/36 1. 2. 3. 4. 5. 6. 7. A cross platform sandbox High performance Support kernel and user mode sandboxing Dynamic ACL (Google ACL)s Full virtualization Limited local resource and network resource Open source Sandbox technology present by Arash Karami 32/36 Discussion Sandbox technology present by Arash Karami 33/36 References Sandbox technology present by Arash Karami All references 34 S Loureiro, R Molva, Y Roudier 2000 “Mobile Code Security” Proceedings of ISYPAR AR.Butt, S.Adabala, NH.Kapadia, RJ.Figueiredo and J.A.B.Fortes “Grid-computing portals and security issues” Journal of Parallel and Distributed Computing, October 2003 H.Chen, P.Liu, R.Chen, B.Zang, H.Chen, P.Liu, R.Chen ” VMM-based Process Shepherding” Parallel Processing Institute Technical Report Number: FDUPPITR-2007-08002 August 2007 I.Goldberg, D.Wagner, R.Thomas, EA.Brewer “A Secure Environment for Untrusted Helper Applications Conning the Wily Hacker” Sixth USENIX UNIX security symposium, July 1996 By Wikipedia http://en.wikipedia.org/wiki/Sandbox_%28computer_security%29t 2010-07-14 J. Lange, P. Dinda, Transparent Network Services via a Virtual Traffic Layer for Virtual Machines, Proceedings of the 16th IEEE International Symposium on High Performance Distributed Computing (HPDC 2007), June, 2007 CHARI, S. N., AND CHENG, P.-C. BlueBoX: A Policy-driven, Host-Based Intrusion Detection System. In Proceedings of the 9th Symposium on Network and Distributed Systems Security (NDSS 2002) (2002). T.Khatiwala, R.Swaminathan, V. N.Venkatakrishnan “Data Sandboxing: A Technique for Enforcing Confidentiality Policies”, Proceedings of the 22nd Annual Computer Security Applications Conference, p.223-234, December 11-15, 2006 Frey, J. Tannenbaum, T. Livny, M. Foster, I. Tuecke, S. “Condor-G: A Computation Management Agent for Multi-Institutional Grids” cluster computing, 2002, VOL 5; NUMBER 3, pages 237-246 P. Cicotti, M.Taufer and A. Chieny “DGMonitor: A Performance Monitoring Tool for Sandbox-Based Desktop Grid Platforms” journal of supercomputing, 2005, VOL 34; NUMBER 2, pages 113-133 D.Wagner “A Secure Environment for Untrusted Helper Applications” Sandbox technology present by Arash Karami http://searchsystemschannel.techtarget.com/generic/0,295582,sid99_gci1379901,00.html … 35 http://www.webpronews.com/insiderreports/2004/05/06/google-sandbox-effect-revealed Evgueni Dodonov , Joelle Quaini Sousa , Hélio Crestana Guardia, GridBox: securing hosts from malicious and greedy applications, Proceedings of the 2nd workshop on Middleware for grid computing, p.17-22, October 18-22, 2004, Toronto, Ontario, Canada S.Santhanam, P.Elango, A.Arpaci-Dusseau ,M.Livny "Deploying virtual machines as sandboxes for the grid" Proceedings of the 2nd conference on Real, Large Distributed Systems, 2005 Jiang, X. Wang, X. “"Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots” lecture notes in computer science , 2007 Malkhi, D. Reiter, M. K “Secure Execution of Java Applets Using a Remote Playground” IEEE transactions on software engineering, 2000 M.Khambatti, P.Dasgupta, KD.Ryu “A Role-Based Trust Model for Peer-to-Peer Communities and Dynamic Coalitions” In IWIA '04: Proceedings of the Second IEEE International Information Assurance Workshop, page 141, Washington, DC, USA, 2004 The Technion DSL Lab, Israel “Condor Local File System Sandbox” high level design document B Calder, AA Chien, J Wang, D Yang “,The Entropia Virtual Machine for Desktop Grids” Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, 2005 David A. Wagner. Janus: an Approach for Confinement of Untrusted Applications. Technical Report CSD-99-1056, 12, 1999. 2, 8 N.Provos “Improving host security with system call policies” Proceedings of the 12th conference on USENIX Security Symposium, 2003 sandboxie http://www.sandboxie.com/ Chromium project http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBYQFjAA&url=http%3A%2F%2Fcode.google.com%2Fchromium%2F& ei=Qs49TI_NJ5i8jAerqZT5Aw&usg=AFQjCNFFIW41N_oxaGVfvEf4kTPmYqUfWg&sig2=Af2KdebPFzPOcyA-wSUAVQ Sandbox technology present by Arash Karami 36 Sandbox technology present by Arash Karami 37 Sandbox technology present by Arash Karami
