sandbox technology, a suitable approach for secure distributed systems by: arash karami supervisor :...
TRANSCRIPT
Sandbox technology,a suitable approach for
secure distributed systems
By: Arash KaramiSupervisor : Hadi Salimi Distributed Systems Course [email protected]
Mazandaran University of Science and Technology IT departmentJuly 2010
Sandbox technology present by Arash Karami
Main Contents
What: Sandbox security Where: General-purpose Grid
computing Why: security with lightweight
overhead, … How: see those in next parts!!!
2/36
Sandbox technology present by Arash Karami
Table of Content
Introduction Sandbox idea
Other concepts Usages Features
Interception Interception Levels
Access Control List Chroot mechanism
Applications Evaluating Time line Conclusion
3/36
Sandbox technology present by Arash Karami
MotivationIntroductionMy purpose
Introduction4/36
Sandbox technology present by Arash Karami
Motivation
large scale systems need to be high performance
Distributed system are normally untrusted environments
Establishing secure processing environments is very time consuming (common)
We have found a suitable technology for lightweight secure environemnts in large scale systems
`
1990 2000 2010
Standalone Antivirus
Security suitsSandboxes
5/36
Sandbox technology present by Arash Karami
Introduction to sandbox
By wikipedia: In computer security, a sandbox is a security
mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users.”
By common: Process virtual machine
By my survey: A jail that can override and modify the behaviour
of system calls without change in real system
6/36
Sandbox technology present by Arash Karami
Purposes & specifics
Lightweight High performance Virtualization Role based Special ACL Control and management resource Restriction in resources Better than complex authentications Self defensive
7/36
Sandbox technology present by Arash Karami
IdeaOther concepts
The sandbox idea8/36
Sandbox technology present by Arash Karami
Other means
Sandbox games Google sandbox rating Sandboxes have many applications in
computer science!!! The sandbox tool aims to fulfill the need
for application security on a distributed environment
9/36
10
Sandbox technology present by Arash Karami
Sandbox in X computingSandbox as virtual machineSandbox as monitoring tools(EVEN) Sandbox as IDS ;)
usages
Sandbox technology present by Arash Karami
Virtualization
IDS
Mobile computi
ng
Anti viruses
Cloud/Grid computing
Rule base management
systems
Full virtualizatio
n
Resource Management
systems
Honey pots
Usage of sandboxesNetwork monitoring
tools, Network traffic control
Sandboxapproac
h
FVM
NormanAvast
Mobile codes
EVMGridboxDGMonitorJanus
ChromiumJava sandbox
FVM
BlueBox
11/36
Sandbox technology present by Arash Karami
InterceptionAccess Control ListApplication sandboxes
Features12/36
Sandbox technology present by Arash Karami
Interception
Base of sandboxes Process interception
system call interception Os:
Unix: ptrace OR… Windows: dll injection
Monitoring resources and controlling them
13/36
Sandbox technology present by Arash Karami
User level sandbox
Trace system calls Using ptrace in Unix Using injection to address space of
processes in windows. For example:
Gridbox Chromium sandbox project Chroot Janus
14/36
Sandbox technology present by Arash Karami
Kernel level sandbox
Create a driver or kernel modules for a specific platform
Low level programming Dirty programming!!! Non-hacked (than to user mode) For example
BlueBox EVM Condor
15/36
Sandbox technology present by Arash Karami
Access Control List
Assign a task, role, system call Change system call with real system call Example:
Gridbox: Define acl.c + syscalls.c for resource
management
16/36
Sandbox technology present by Arash Karami
Application sandboxes
Move desktop app to web app Protecting with lightweight , secure,
flexible approach (WHERE???) Extension or separated program
Sandboxie A part of Applets SilverLight
Lost real performance
17/36
18
Sandbox technology present by Arash Karami
GridBoxChromium sandbox project
Present two prof sandbox
Sandbox technology present by Arash Karami
Gridbox
started at 2005 Lightweight code files & executable file Heterogeneous on Unix base system User mode interception Used in ProGrid, SETI@ Using ACL Multi level security
19/36
Sandbox technology present by Arash Karami
Multi level security
# Network access: Allow connections to trusted machinesrule connect allow 200.18.98.120:80rule connect allow 200.18.98.132:80# Disallow any other connectionrule connect deny *:*# Serving connections: Allow to bind to port 8000 of interface 200.18.98.120rule bind allow 200.18.98.120:8000# Disallow any other port bindingrule bind deny *
# Program execution`# Allow execution of /bin/catrule system allow /bin/cat# Disallow any other program executionrule system deny *
#/usr/local/grid/sandbox.sh /usr/local/grid/applications/test_suite...GRIDBOX: fopen (input): DENIEDGRIDBOX: connect (200.18.98.120:80): DENIEDGRIDBOX: nice(10): DENIEDGRIDBOX: connect (200.18.98.120:22): DENIEDGRIDBOX: system (/bin/rm): DENIEDGRIDBOX: fopen (/etc/passwd): DENIED
# Node profile# Limit the CPU use to 5 minuteslimit CPU_TIME 600# Limit maximum file sizelimit FILE_SIZE 1000000# Limit maximum process stacklimit STACK 20000
20/36
Sandbox technology present by Arash Karami
GridBox Functionalities21/36
Sandbox technology present by Arash Karami
22
Chromium Sandbox project
Subset of Chromium open source project Independent to Google codes Cross-platform Restriction in:
process I/O Network
Sandbox technology present by Arash Karami
Table of all surveyed sandboxes Time-line
Evaluate23/36
Sandbox technology present by Arash Karami
Compression
Sandbox is a wide concept It is based of interception
24/36
Some surveyed sandboxes 25/36
Sandbox name
Goal ImplantationLevel
Heterogonous
Compatible OS
Application Domain
Program
Chroot OS virtualization
User mode No Most Unix-like OS
Secure policy Chroot
Gridbox Improve security in grid
User mode Y/N All Unix-like OS
Grid computing, Pro Grid,SETI@
ACL, customize confige file,
BlueBox N IDS Kernel mode No Linux Network IDS, Host base real –time IDS, webservers
Host base driven
DGMonitor Virtualized resources
User mode Yes Linux,windows,Unix
Entropia, DCGrid,Xterm web
Portable,
Entropia VM Virtualization Kernle mode No Windows NT or higher
Grid systems, image –processing
Combine VM approach with Sandbox approach, File Virtualzaiton, Thread mng,Job manager
Janus Monitoring User mode No Solaris 2.4 Ptrace/proc mechanism
Chromium Sandboxing User mode Yes Unix-like, windows
Web application
Free BSD jail Security in Server farms
Kernel/user mode
No Only BSD Internet security
File system isolation,Disk quotas,Network isolation
Sandbox technology present by Arash Karami
26
Time-Line
Progress sandboxes
1980
Gridbox
Janus
Systrace
Avast
Chroot
1985 1990 1995 2000 2005 2010
chromium
FreeBSD Jail
Condor
Sandbox technology present by Arash Karami
Resultchallengesdiscussion
Result27/36
Sandbox technology present by Arash Karami
A good sandbox properties:
Interception without restriction on resources
A secure box for virtual processes Multi part restriction:
Memory restriction: Restriction space for Processes, threads process management monitoring network protocols
28/36
Sandbox technology present by Arash Karami
challenges
Implement level Goal Cross-platform Fine-grained level
29/36
Sandbox technology present by Arash Karami
Conclusion 30/36
Sandbox technology present by Arash Karami
Today we need to:
1. A cross platform sandbox2. High performance3. Support kernel and user mode
sandboxing4. Dynamic ACL (Google ACL)s5. Full virtualization6. Limited local resource and network
resource7. Open source
31/36
Sandbox technology present by Arash Karami
Discussion32/36
Sandbox technology present by Arash Karami
References33/36
Sandbox technology present by Arash Karami
34
All references
S Loureiro, R Molva, Y Roudier 2000 “Mobile Code Security” Proceedings of ISYPAR
AR.Butt, S.Adabala, NH.Kapadia, RJ.Figueiredo and J.A.B.Fortes “Grid-computing portals and security issues” Journal of Parallel and Distributed Computing, October 2003
H.Chen, P.Liu, R.Chen, B.Zang, H.Chen, P.Liu, R.Chen ” VMM-based Process Shepherding” Parallel Processing Institute Technical Report Number: FDUPPITR-2007-08002 August 2007
I.Goldberg, D.Wagner, R.Thomas, EA.Brewer “A Secure Environment for Untrusted Helper Applications Conning the Wily Hacker” Sixth USENIX UNIX security symposium, July 1996
By Wikipedia http://en.wikipedia.org/wiki/Sandbox_%28computer_security%29t 2010-07-14
J. Lange, P. Dinda, Transparent Network Services via a Virtual Traffic Layer for Virtual Machines, Proceedings of the 16th IEEE International Symposium on High Performance Distributed Computing (HPDC 2007), June, 2007
CHARI, S. N., AND CHENG, P.-C. BlueBoX: A Policy-driven, Host-Based Intrusion Detection System. In Proceedings of the 9th Symposium on Network and Distributed Systems Security (NDSS 2002) (2002).
T.Khatiwala, R.Swaminathan, V. N.Venkatakrishnan “Data Sandboxing: A Technique for Enforcing Confidentiality Policies”, Proceedings of the 22nd Annual Computer Security Applications Conference, p.223-234, December 11-15, 2006
Frey, J. Tannenbaum, T. Livny, M. Foster, I. Tuecke, S. “Condor-G: A Computation Management Agent for Multi-Institutional Grids” cluster computing, 2002, VOL 5; NUMBER 3, pages 237-246
P. Cicotti, M.Taufer and A. Chieny “DGMonitor: A Performance Monitoring Tool for Sandbox-Based Desktop Grid Platforms” journal of supercomputing, 2005, VOL 34; NUMBER 2, pages 113-133
D.Wagner “A Secure Environment for Untrusted Helper Applications” http://searchsystemschannel.techtarget.com/generic/0,295582,sid99_gci1379901,00.html
Sandbox technology present by Arash Karami
35
…
http://www.webpronews.com/insiderreports/2004/05/06/google-sandbox-effect-revealed
Evgueni Dodonov , Joelle Quaini Sousa , Hélio Crestana Guardia, GridBox: securing hosts from malicious and greedy applications, Proceedings of the 2nd workshop on Middleware for grid computing, p.17-22, October 18-22, 2004, Toronto, Ontario, Canada
S.Santhanam, P.Elango, A.Arpaci-Dusseau ,M.Livny "Deploying virtual machines as sandboxes for the grid" Proceedings of the 2nd conference on Real, Large Distributed Systems, 2005
Jiang, X. Wang, X. “"Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots” lecture notes in computer science , 2007
Malkhi, D. Reiter, M. K “Secure Execution of Java Applets Using a Remote Playground” IEEE transactions on software engineering, 2000
M.Khambatti, P.Dasgupta, KD.Ryu “A Role-Based Trust Model for Peer-to-Peer Communities and Dynamic
Coalitions” In IWIA '04: Proceedings of the Second IEEE
International Information Assurance Workshop, page 141, Washington, DC, USA, 2004
The Technion DSL Lab, Israel “Condor Local File System Sandbox” high level design document
B Calder, AA Chien, J Wang, D Yang “,The Entropia Virtual Machine for Desktop Grids” Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, 2005
David A. Wagner. Janus: an Approach for Confinement of Untrusted Applications. Technical Report CSD-99-1056, 12, 1999. 2, 8
N.Provos “Improving host security with system call policies” Proceedings of the 12th conference on USENIX Security Symposium, 2003
sandboxie http://www.sandboxie.com/
Chromium project http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBYQFjAA&url=http%3A%2F%2Fcode.google.com%2Fchromium%2F&ei=Qs49TI_NJ5i8jAerqZT5Aw&usg=AFQjCNFFIW41N_oxaGVfvEf4kTPmYqUfWg&sig2=Af2KdebPFzPOcyA-wSUAVQ
Sandbox technology present by Arash Karami36
?
Sandbox technology present by Arash Karami37