Sandbox technology

Sandbox technology

Sandbox technology, a suitable approach for secure distributed systems By: Arash Karami Supervisor : Hadi Salimi Distributed Systems Course Seminar [email protected] July 2010 Mazandaran University of Science and Technology IT departm Main Contents 2/36 What: Sandbox security Where: General-purpose Grid

computing Why: security with lightweight overhead, How: see those in next parts!!! Sandbox technology present by Arash Karami Table of Content 3/36 Introduction Sandbox idea Other concepts Usages Features

Interception Interception Levels Access Control List Chroot mechanism Applications Evaluating Time line Conclusion Sandbox technology present by Arash Karami 4/36 Introduction

Motivation Introduction My purpose Sandbox technology present by Arash Karami Motivation 5/36 large need to be high 2000 1990 scale systems 2010 performance Distributed system are normally Standalone Antivirus

untrusted environments Security suits ` Sandboxes Establishing secure processing environments is very time consuming (common) We have found a suitable technology for lightweight secure environemnts in large scale systems Sandbox technology present by Arash Karami Introduction to sandbox 6/36 By wikipedia: By common:

In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users. Process virtual machine By my survey: A jail that can override and modify the behaviour of system calls without change in real system Sandbox technology present by Arash Karami Purposes & specifics 7/36

Lightweight High performance Virtualization Role based Special ACL Control and management resource Restriction in resources Better than complex authentications Self defensive Sandbox technology present by Arash Karami 8/36 The sandbox idea Idea Other concepts Sandbox technology present by Arash Karami Other means 9/36

Sandbox games Google sandbox rating Sandboxes have many applications in computer science!!! The sandbox tool aims to fulfill the need for application security on a distributed environment Sandbox technology present by Arash Karami 10 usages Sandbox in X computing Sandbox as virtual machine Sandbox as monitoring tools (EVEN) Sandbox as IDS ;)

Sandbox technology present by Arash Karami Usage of sandboxes Network monitoring tools, Network FVM traffic control 11/36 IDS BlueBox Resource Management systems Chromium Java sandbox Rule base management systems FVM

Full virtualizatio n Virtualizati on Sandbox approac h Anti viruses Norman Avast Mobile computi ng Mobile codes Honey pots

EVM Cloud/Grid Gridbox computing DGMonitor Sandbox technology present by Arash Karami Janus 12/36 Features Interception Access Control List Application sandboxes Sandbox technology present by Arash Karami Interception 13/36

Base of sandboxes Process interception Os: system call interception Unix: ptrace OR Windows: dll injection Monitoring resources and controlling them Sandbox technology present by Arash Karami User level sandbox 14/36

Trace system calls Using ptrace in Unix Using injection to address space of processes in windows. For example: Gridbox Chromium sandbox project Chroot Janus Sandbox technology present by Arash Karami Kernel level sandbox 15/36

Create a driver or kernel modules for a specific platform Low level programming Dirty programming!!! Non-hacked (than to user mode) For example BlueBox EVM Condor Sandbox technology present by Arash Karami Access Control List 16/36 Assign a task, role, system call Change system call with real system call

Example: Gridbox: Define acl.c + syscalls.c for resource management Sandbox technology present by Arash Karami Application sandboxes 17/36 Move desktop app to web app Protecting with lightweight , secure, flexible approach (WHERE???) Extension or separated program

Sandboxie A part of Applets SilverLight Lost real performance Sandbox technology present by Arash Karami 18 Present two prof sandbox GridBox Chromium sandbox project Sandbox technology present by Arash Karami Gridbox 19/36

started at 2005 Lightweight code files & executable file Heterogeneous on Unix base system User mode interception Used in ProGrid, [email protected] Using ACL Multi level security Sandbox technology present by Arash Karami Multi level security 20/36 # Network access: Allow connections# Program execution` # Allow execution of /bin/cat to trusted machines rule connect allow 200.18.98.120:80 rule system allow /bin/cat rule connect allow 200.18.98.132:80 # Disallow any other program execution # Disallow any other connection

rule system deny * rule connect deny *:* # Serving connections: Allow to bindprofile # Node to port 8000 of interface #/usr/local/grid/sandbox.sh # Limit the CPU use to 5 minutes 200.18.98.120 /usr/local/grid/applications/test_s limit CPU_TIME 600 rule uite bind allow 200.18.98.120:8000 # Limit maximum file size # Disallow any other port binding ...GRIDBOX: fopen (input): limit FILE_SIZE 1000000 rule DENIED bind deny * # Limit maximum process stack

GRIDBOX: connect limit STACK 20000 (200.18.98.120:80): DENIED GRIDBOX: nice(10): DENIED GRIDBOX: connect (200.18.98.120:22): DENIED Sandbox technology present by Arash Karami GRIDBOX: system (/bin/rm): GridBox Functionalities 21/36 Sandbox technology present by Arash Karami Chromium Sandbox project 22 Subset of Chromium open source project Independent to Google codes Cross-platform

Restriction in: process I/O Network Sandbox technology present by Arash Karami 23/36 Evaluate Table of all surveyed sandboxes Time-line Sandbox technology present by Arash Karami Compression 24/36

Sandbox is a wide concept It is based of interception Sandbox technology present by Arash Karami Some surveyed sandboxes 25/36 Sandbox name Goal Implantation Level Heterogo nous Compatible OS Application Domain

Program Chroot OS virtualization User mode No Most Unixlike OS Secure policy Chroot Gridbox Improve security in grid User mode

Y/N All Unix-like OS Grid computing, Pro Grid,[email protected] ACL, customize confige file, BlueBox N IDS Kernel mode No Linux Network IDS,

Host base real time IDS, webservers Host base driven DGMonitor Virtualized resources User mode Yes Linux,window s,Unix Entropia, DCGrid,Xterm web Portable,

Entropia VM Virtualization Kernle mode No Windows NT or higher Grid systems, image processing Combine VM approach with Sandbox approach, File Virtualzaiton, Thread mng,Job manager

Janus Monitoring User mode No Solaris 2.4 Ptrace/proc Time-Line 26 Progress sandboxes Systrace Condor chromium Gridbox

Avast Chroot 1980 Janus 1985 FreeBSD Jail 1990 1995 2000 Sandbox technology present by Arash Karami 2005 2010 27/36 Result Result challenges

discussion Sandbox technology present by Arash Karami A good sandbox properties: 28/36 Interception without restriction on resources A secure box for virtual processes Multi part restriction: Memory restriction: Restriction space for Processes, threads process management

monitoring network protocols Sandbox technology present by Arash Karami challenges 29/36 Implement level Goal Cross-platform Fine-grained level Sandbox technology present by Arash Karami 30/36 Conclusion Sandbox technology present by Arash Karami

Today we need to: 31/36 1. 2. 3. 4. 5. 6. 7. A cross platform sandbox High performance Support kernel and user mode sandboxing Dynamic ACL (Google ACL)s Full virtualization Limited local resource and network resource Open source Sandbox technology present by Arash Karami 32/36

Discussion Sandbox technology present by Arash Karami 33/36 References Sandbox technology present by Arash Karami All references 34 S Loureiro, R Molva, Y Roudier 2000 Mobile Code Security Proceedings of ISYPAR AR.Butt, S.Adabala, NH.Kapadia, RJ.Figueiredo and J.A.B.Fortes Grid-computing portals and security issues Journal of Parallel and Distributed Computing, October 2003 H.Chen, P.Liu, R.Chen, B.Zang, H.Chen, P.Liu, R.Chen VMM-based Process Shepherding Parallel

Processing Institute Technical Report Number: FDUPPITR-2007-08002 August 2007 I.Goldberg, D.Wagner, R.Thomas, EA.Brewer A Secure Environment for Untrusted Helper Applications Conning the Wily Hacker Sixth USENIX UNIX security symposium, July 1996 By Wikipedia http://en.wikipedia.org/wiki/Sandbox_%28computer_security%29t 2010-07-14 J. Lange, P. Dinda, Transparent Network Services via a Virtual Traffic Layer for Virtual Machines, Proceedings of the 16th IEEE International Symposium on High Performance Distributed Computing (HPDC 2007), June, 2007 CHARI, S. N., AND CHENG, P.-C. BlueBoX: A Policy-driven, Host-Based Intrusion Detection System. In Proceedings of the 9th Symposium on Network and Distributed Systems Security (NDSS 2002) (2002).

T.Khatiwala, R.Swaminathan, V. N.Venkatakrishnan Data Sandboxing: A Technique for Enforcing Confidentiality Policies, Proceedings of the 22nd Annual Computer Security Applications Conference, p.223-234, December 11-15, 2006 Frey, J. Tannenbaum, T. Livny, M. Foster, I. Tuecke, S. Condor-G: A Computation Management Agent for Multi-Institutional Grids cluster computing, 2002, VOL 5; NUMBER 3, pages 237-246 P. Cicotti, M.Taufer and A. Chieny DGMonitor: A Performance Monitoring Tool for Sandbox-Based Desktop Grid Platforms journal of supercomputing, 2005, VOL 34; NUMBER 2, pages 113-133 Sandbox technologyforpresent byHelper ArashApplications Karami D.Wagner A Secure Environment Untrusted http://searchsystemschannel.techtarget.com/generic/0,295582,sid99_gci1379901,00.html

35 http://www.webpronews.com/insiderreports/2004/05/06/google-sandbox-effect-revealed Evgueni Dodonov , Joelle Quaini Sousa , Hlio Crestana Guardia, GridBox: securing hosts from malicious and greedy applications, Proceedings of the 2nd workshop on Middleware for grid computing, p.17-22, October 18-22, 2004, Toronto, Ontario, Canada S.Santhanam, P.Elango, A.Arpaci-Dusseau ,M.Livny "Deploying virtual machines as sandboxes for the grid" Proceedings of the 2nd conference on Real, Large Distributed Systems, 2005 Jiang, X. Wang, X. "Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots lecture notes in computer science , 2007

Malkhi, D. Reiter, M. K Secure Execution of Java Applets Using a Remote Playground IEEE transactions on software engineering, 2000 M.Khambatti, P.Dasgupta, KD.Ryu A Role-Based Trust Model for Peer-to-Peer Communities and Dynamic Coalitions In IWIA '04: Proceedings of the Second IEEE International Information Assurance Workshop, page 141, Washington, DC, USA, 2004 The Technion DSL Lab, Israel Condor Local File System Sandbox high level design document B Calder, AA Chien, J Wang, D Yang ,The Entropia Virtual Machine for Desktop Grids Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, 2005

David A. Wagner. Janus: an Approach for Confinement of Untrusted Applications. Technical Report CSD-99-1056, 12, 1999. 2, 8 N.Provos Improving host security with system call policies Proceedings of the 12th conference on USENIX Security Symposium, 2003 sandboxie http://www.sandboxie.com/ Chromium project http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBYQFjAA&url=http%3A%2F%2Fcode.google.com%2Fchro mium%2F&ei=Qs49TI_NJ5i8jAerqZT5Aw&usg=AFQjCNFFIW41N_oxaGVfvEf4kTPmYqUfWg&sig2=Af2KdebPFzPOcyA-wSU Sandbox technology present by Arash Karami AVQ ? 36 Sandbox technology present by Arash Karami

37 Sandbox technology present by Arash Karami

Recently Viewed Presentations

  • XML - University at Albany, SUNY

    XML - University at Albany, SUNY

    -XML was created to help store and manage information and data.-over the past 15 years or so, XML has become a powerful tool organize, manipulate, and display data-together with its related technologies, XML is essential for anyone working with almost...
  • CFR - Federal Register

    CFR - Federal Register

    CFR corrections amend the most recently revised volume. It is the current legal version and supersedes prior versions. CFR corrections are listed in the LSA. CFR corrections are not sourced in the source notes. They do not make new regulatory...
  • Visualizing Massive Multi-Digraphs James Abello Jeffrey Korn Information

    Visualizing Massive Multi-Digraphs James Abello Jeffrey Korn Information

    Handle massive data :AT&T call detail multi-digraph has 275million daily increment on 260 million vertices. Needle grid Edge maps into a little tick Lines weighted By color, length, width, orientation Star Maps Rearrange matrix into circular histogram Well focused Detail...
  • www.24houranswers.com

    www.24houranswers.com

    Strain tensor and transformation. Strain compatibility. Choosing 3 arbitrary orthogonal displacements (u, v, w) allows the strain to be defined, e.g.: so, the components of strain must be related to each other. Strain compatibility.
  • UltimateHD Polycom Video Communications Division POLYCOM CONFIDENTIAL 2

    UltimateHD Polycom Video Communications Division POLYCOM CONFIDENTIAL 2

    HD Voice - Audio is considered by most users to be the most critical aspect of any video conference. If participants are seen clearly, but can't be heard or understood, the video conference will most likely be shut down. HD...
  • Single-phase AC Power - Google

    Single-phase AC Power - Google

    The area under the curve can be found by various approximation methods such as the trapezoidal rule, the mid-ordinate rule or Simpson's rule. Then the mathematical area under the positive half cycle of the periodic wave which is defined as...
  • Chapter 30 Cryptography 30.1 Copyright  The McGraw-Hill Companies,

    Chapter 30 Cryptography 30.1 Copyright The McGraw-Hill Companies,

    Figure 30.12 P-boxes (permutation box): straight, expansion, and compression 30.* Figure 30.13 DES (Data Encryption Standard) 30.* Figure 30.14 One round in DES ciphers 30.* Figure 30.16 Triple DES (to resolve the short key issue for DES) 30.* Table 30.1...
  • Health Promotion and Arthoplasty….really….when have we got ...

    Health Promotion and Arthoplasty….really….when have we got ...

    Health Promotion and Arthroplasty….really….when have we got the time? Dr Toby Smith University of East Anglia, UK