sandbox technology, a suitable approach for secure distributed systems by: arash karami supervisor :...

Sandbox technology,a suitable approach for

secure distributed systems

By: Arash KaramiSupervisor : Hadi Salimi Distributed Systems Course [email protected]

Mazandaran University of Science and Technology IT departmentJuly 2010

mailto:[email protected]

Sandbox technology present by Arash Karami

Main Contents

What: Sandbox security Where: General-purpose Grid

computing Why: security with lightweight

overhead, … How: see those in next parts!!!

2/36


Table of Content

Introduction Sandbox idea

Other concepts Usages Features

Interception Interception Levels

Access Control List Chroot mechanism

Applications Evaluating Time line Conclusion

3/36


MotivationIntroductionMy purpose

Introduction4/36


Motivation

large scale systems need to be high performance

Distributed system are normally untrusted environments

Establishing secure processing environments is very time consuming (common)

We have found a suitable technology for lightweight secure environemnts in large scale systems

`

1990 2000 2010

Standalone Antivirus

Security suitsSandboxes

5/36


Introduction to sandbox

By wikipedia: In computer security, a sandbox is a security

mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users.”

By common: Process virtual machine

By my survey: A jail that can override and modify the behaviour

of system calls without change in real system

6/36


Purposes & specifics

Lightweight High performance Virtualization Role based Special ACL Control and management resource Restriction in resources Better than complex authentications Self defensive

7/36


IdeaOther concepts

The sandbox idea8/36


Other means

Sandbox games Google sandbox rating Sandboxes have many applications in

computer science!!! The sandbox tool aims to fulfill the need

for application security on a distributed environment

9/36

10


Sandbox in X computingSandbox as virtual machineSandbox as monitoring tools(EVEN) Sandbox as IDS ;)

usages


Virtualization

IDS

Mobile computi

ng

Anti viruses

Cloud/Grid computing

Rule base management

systems

Full virtualizatio

n

Resource Management

systems

Honey pots

Usage of sandboxesNetwork monitoring

tools, Network traffic control

Sandboxapproac

h

FVM

NormanAvast

Mobile codes

EVMGridboxDGMonitorJanus

ChromiumJava sandbox

FVM

BlueBox

11/36


InterceptionAccess Control ListApplication sandboxes

Features12/36


Interception

Base of sandboxes Process interception

system call interception Os:

Unix: ptrace OR… Windows: dll injection

Monitoring resources and controlling them

13/36


User level sandbox

Trace system calls Using ptrace in Unix Using injection to address space of

processes in windows. For example:

Gridbox Chromium sandbox project Chroot Janus

14/36


Kernel level sandbox

Create a driver or kernel modules for a specific platform

Low level programming Dirty programming!!! Non-hacked (than to user mode) For example

BlueBox EVM Condor

15/36


Access Control List

Assign a task, role, system call Change system call with real system call Example:

Gridbox: Define acl.c + syscalls.c for resource

management

16/36


Application sandboxes

Move desktop app to web app Protecting with lightweight , secure,

flexible approach (WHERE???) Extension or separated program

Sandboxie A part of Applets SilverLight

Lost real performance

17/36

18


GridBoxChromium sandbox project

Present two prof sandbox


Gridbox

started at 2005 Lightweight code files & executable file Heterogeneous on Unix base system User mode interception Used in ProGrid, SETI@ Using ACL Multi level security

19/36


Multi level security

# Network access: Allow connections to trusted machinesrule connect allow 200.18.98.120:80rule connect allow 200.18.98.132:80# Disallow any other connectionrule connect deny *:*# Serving connections: Allow to bind to port 8000 of interface 200.18.98.120rule bind allow 200.18.98.120:8000# Disallow any other port bindingrule bind deny *

# Program execution`# Allow execution of /bin/catrule system allow /bin/cat# Disallow any other program executionrule system deny *

#/usr/local/grid/sandbox.sh /usr/local/grid/applications/test_suite...GRIDBOX: fopen (input): DENIEDGRIDBOX: connect (200.18.98.120:80): DENIEDGRIDBOX: nice(10): DENIEDGRIDBOX: connect (200.18.98.120:22): DENIEDGRIDBOX: system (/bin/rm): DENIEDGRIDBOX: fopen (/etc/passwd): DENIED

# Node profile# Limit the CPU use to 5 minuteslimit CPU_TIME 600# Limit maximum file sizelimit FILE_SIZE 1000000# Limit maximum process stacklimit STACK 20000

20/36


GridBox Functionalities21/36


22

Chromium Sandbox project

Subset of Chromium open source project Independent to Google codes Cross-platform Restriction in:

process I/O Network


Table of all surveyed sandboxes Time-line

Evaluate23/36


Compression

Sandbox is a wide concept It is based of interception

24/36

Some surveyed sandboxes 25/36

Sandbox name

Goal ImplantationLevel

Heterogonous

Compatible OS

Application Domain

Program

Chroot OS virtualization

User mode No Most Unix-like OS

Secure policy Chroot

Gridbox Improve security in grid

User mode Y/N All Unix-like OS

Grid computing, Pro Grid,SETI@

ACL, customize confige file,

BlueBox N IDS Kernel mode No Linux Network IDS, Host base real –time IDS, webservers

Host base driven

DGMonitor Virtualized resources

User mode Yes Linux,windows,Unix

Entropia, DCGrid,Xterm web

Portable,

Entropia VM Virtualization Kernle mode No Windows NT or higher

Grid systems, image –processing

Combine VM approach with Sandbox approach, File Virtualzaiton, Thread mng,Job manager

Janus Monitoring User mode No Solaris 2.4 Ptrace/proc mechanism

Chromium Sandboxing User mode Yes Unix-like, windows

Web application

Free BSD jail Security in Server farms

Kernel/user mode

No Only BSD Internet security

File system isolation,Disk quotas,Network isolation


26

Time-Line

Progress sandboxes

1980

Gridbox

Janus

Systrace

Avast

Chroot

1985 1990 1995 2000 2005 2010

chromium

FreeBSD Jail

Condor


Resultchallengesdiscussion

Result27/36


A good sandbox properties:

Interception without restriction on resources

A secure box for virtual processes Multi part restriction:

Memory restriction: Restriction space for Processes, threads process management monitoring network protocols

28/36


challenges

Implement level Goal Cross-platform Fine-grained level

29/36


Conclusion 30/36


Today we need to:

1. A cross platform sandbox2. High performance3. Support kernel and user mode

sandboxing4. Dynamic ACL (Google ACL)s5. Full virtualization6. Limited local resource and network

resource7. Open source

31/36


Discussion32/36


References33/36


34

All references

S Loureiro, R Molva, Y Roudier 2000 “Mobile Code Security” Proceedings of ISYPAR

AR.Butt, S.Adabala, NH.Kapadia, RJ.Figueiredo and J.A.B.Fortes “Grid-computing portals and security issues” Journal of Parallel and Distributed Computing, October 2003

H.Chen, P.Liu, R.Chen, B.Zang, H.Chen, P.Liu, R.Chen ” VMM-based Process Shepherding” Parallel Processing Institute Technical Report Number: FDUPPITR-2007-08002 August 2007

I.Goldberg, D.Wagner, R.Thomas, EA.Brewer “A Secure Environment for Untrusted Helper Applications Conning the Wily Hacker” Sixth USENIX UNIX security symposium, July 1996

By Wikipedia http://en.wikipedia.org/wiki/Sandbox_%28computer_security%29t 2010-07-14

J. Lange, P. Dinda, Transparent Network Services via a Virtual Traffic Layer for Virtual Machines, Proceedings of the 16th IEEE International Symposium on High Performance Distributed Computing (HPDC 2007), June, 2007

CHARI, S. N., AND CHENG, P.-C. BlueBoX: A Policy-driven, Host-Based Intrusion Detection System. In Proceedings of the 9th Symposium on Network and Distributed Systems Security (NDSS 2002) (2002).

T.Khatiwala, R.Swaminathan, V. N.Venkatakrishnan “Data Sandboxing: A Technique for Enforcing Confidentiality Policies”, Proceedings of the 22nd Annual Computer Security Applications Conference, p.223-234, December 11-15, 2006

Frey, J. Tannenbaum, T. Livny, M. Foster, I. Tuecke, S. “Condor-G: A Computation Management Agent for Multi-Institutional Grids” cluster computing, 2002, VOL 5; NUMBER 3, pages 237-246

P. Cicotti, M.Taufer and A. Chieny “DGMonitor: A Performance Monitoring Tool for Sandbox-Based Desktop Grid Platforms” journal of supercomputing, 2005, VOL 34; NUMBER 2, pages 113-133

D.Wagner “A Secure Environment for Untrusted Helper Applications” http://searchsystemschannel.techtarget.com/generic/0,295582,sid99_gci1379901,00.html

http://en.wikipedia.org/wiki/Sandbox_(computer_security)t

http://searchsystemschannel.techtarget.com/generic/0,295582,sid99_gci1379901,00.html


35

…

http://www.webpronews.com/insiderreports/2004/05/06/google-sandbox-effect-revealed

Evgueni Dodonov , Joelle Quaini Sousa , Hélio Crestana Guardia, GridBox: securing hosts from malicious and greedy applications, Proceedings of the 2nd workshop on Middleware for grid computing, p.17-22, October 18-22, 2004, Toronto, Ontario, Canada

S.Santhanam, P.Elango, A.Arpaci-Dusseau ,M.Livny "Deploying virtual machines as sandboxes for the grid" Proceedings of the 2nd conference on Real, Large Distributed Systems, 2005

Jiang, X. Wang, X. “"Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots” lecture notes in computer science , 2007

Malkhi, D. Reiter, M. K “Secure Execution of Java Applets Using a Remote Playground” IEEE transactions on software engineering, 2000

M.Khambatti, P.Dasgupta, KD.Ryu “A Role-Based Trust Model for Peer-to-Peer Communities and Dynamic

Coalitions” In IWIA '04: Proceedings of the Second IEEE

International Information Assurance Workshop, page 141, Washington, DC, USA, 2004

The Technion DSL Lab, Israel “Condor Local File System Sandbox” high level design document

B Calder, AA Chien, J Wang, D Yang “,The Entropia Virtual Machine for Desktop Grids” Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, 2005

David A. Wagner. Janus: an Approach for Confinement of Untrusted Applications. Technical Report CSD-99-1056, 12, 1999. 2, 8

N.Provos “Improving host security with system call policies” Proceedings of the 12th conference on USENIX Security Symposium, 2003

sandboxie http://www.sandboxie.com/

Chromium project http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBYQFjAA&url=http%3A%2F%2Fcode.google.com%2Fchromium%2F&ei=Qs49TI_NJ5i8jAerqZT5Aw&usg=AFQjCNFFIW41N_oxaGVfvEf4kTPmYqUfWg&sig2=Af2KdebPFzPOcyA-wSUAVQ

http://www.webpronews.com/insiderreports/2004/05/06/google-sandbox-effect-revealed

http://www.sandboxie.com/

http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBYQFjAA&url=http://code.google.com/chromium/&ei=Qs49TI_NJ5i8jAerqZT5Aw&usg=AFQjCNFFIW41N_oxaGVfvEf4kTPmYqUfWg&sig2=Af2KdebPFzPOcyA-wSUAVQ



Sandbox technology present by Arash Karami36

?

Sandbox technology present by Arash Karami37

sandbox technology, a suitable approach for secure distributed systems by: arash karami supervisor :...

Documents