Sandbox technology - IUST Personal Webpages

Report
Sandbox technology,
a suitable approach for
secure distributed systems
By: Arash Karami
Supervisor : Hadi Salimi
Distributed Systems Course Seminar
[email protected]
July 2010
Mazandaran University of Science and Technology IT department
Main Contents
2/36




What: Sandbox security
Where: General-purpose Grid computing
Why: security with lightweight overhead,
…
How: see those in next parts!!!
Sandbox technology present by Arash Karami
Table of Content
3/36


Introduction
Sandbox idea



Other concepts
Usages
Features

Interception







Interception Levels
Access Control List
Chroot mechanism
Applications
Evaluating
Time line
Conclusion
Sandbox technology present by Arash Karami
4/36
Introduction
Motivation
Introduction
My purpose
Sandbox technology present by Arash Karami
Motivation
5/36




large
2000 need to be high 2010
1990scale systems
performance
Distributed system are normally untrusted
Standalone Antivirus
environments
Security suits `
Establishing secure processing
Sandboxes
environments
is very time consuming (common)
We have found a suitable technology for
lightweight secure environemnts in large
scale systems
Sandbox technology present by Arash Karami
Introduction to sandbox
6/36

By wikipedia:


By common:


In computer security, a sandbox is a security
mechanism for separating running programs. It is
often used to execute untested code, or untrusted
programs from unverified third-parties, suppliers
and untrusted users.”
Process virtual machine
By my survey:

A jail that can override and modify the behaviour
of system calls without change in real system
Sandbox technology present by Arash Karami
Purposes & specifics
7/36









Lightweight
High performance
Virtualization
Role based
Special ACL
Control and management resource
Restriction in resources
Better than complex authentications
Self defensive
Sandbox technology present by Arash Karami
8/36
The sandbox idea
Idea
Other concepts
Sandbox technology present by Arash Karami
Other means
9/36




Sandbox games
Google sandbox rating
Sandboxes have many applications in
computer science!!!
The sandbox tool aims to fulfill the need
for application security on a distributed
environment
Sandbox technology present by Arash Karami
10
usages
Sandbox in X computing
Sandbox as virtual machine
Sandbox as monitoring tools
(EVEN) Sandbox as IDS ;)
Sandbox technology present by Arash Karami
Usage of sandboxes
Network
monitoring tools,
Network traffic FVM
control
11/36
IDS
BlueBox
Resource
Management
systems
Virtualization
Anti
viruses
Norman
Avast
Chromium
Java sandbox
Mobile
computing
Sandbox
approach
Rule base
management
systems
Mobile codes
Honey pots
Full
virtualization
FVM
EVM
Cloud/Grid
Gridbox
computing
DGMonitor
Janus
Sandbox technology present by Arash Karami
12/36
Features
Interception
Access Control List
Application sandboxes
Sandbox technology present by Arash Karami
Interception
13/36


Base of sandboxes
Process interception
 system

call interception
Os:
 Unix:
ptrace OR…
 Windows: dll injection

Monitoring resources and controlling them
Sandbox technology present by Arash Karami
User level sandbox
14/36




Trace system calls
Using ptrace in Unix
Using injection to address space of
processes in windows.
For example:
 Gridbox
 Chromium
sandbox project
 Chroot
 Janus
Sandbox technology present by Arash Karami
Kernel level sandbox
15/36





Create a driver or kernel modules for a
specific platform
Low level programming
Dirty programming!!!
Non-hacked (than to user mode)
For example
 BlueBox
 EVM
 Condor
Sandbox technology present by Arash Karami
Access Control List
16/36



Assign a task, role, system call
Change system call with real system call
Example:
 Gridbox:
 Define
acl.c + syscalls.c for resource management
Sandbox technology present by Arash Karami
Application sandboxes
17/36



Move desktop app to web app
Protecting with lightweight , secure,
flexible approach (WHERE???)
Extension or separated program
 Sandboxie
A
part of Applets
 SilverLight

Lost real performance
Sandbox technology present by Arash Karami
18
Present two prof sandbox
GridBox
Chromium sandbox project
Sandbox technology present by Arash Karami
Gridbox
19/36







started at 2005
Lightweight code files & executable file
Heterogeneous on Unix base system
User mode interception
Used in ProGrid, [email protected]
Using ACL
Multi level security
Sandbox technology present by Arash Karami
Multi level security
20/36
# Program execution`
# Network access: Allow connections to
# Allow execution of /bin/cat
trusted machines
rule system allow /bin/cat
rule connect allow 200.18.98.120:80
# Disallow any other program execution
rule connect allow 200.18.98.132:80
rule system deny *
# Disallow any other connection
rule connect deny *:*
# Serving connections: Allow to#bind
to profile
Node
port 8000
of interface 200.18.98.120
#/usr/local/grid/sandbox.sh
# Limit the CPU use to 5 minutes
rule bind
allow
200.18.98.120:8000
/usr/local/grid/applications/test_suite
limit CPU_TIME 600
# Disallow
any
other
port
binding
...GRIDBOX: fopen (input):
DENIED
# Limit
maximum file size
rule bind
deny * connect (200.18.98.120:80):
GRIDBOX:
limit FILE_SIZE 1000000
DENIED
# Limit maximum process stack
GRIDBOX: nice(10): DENIED
limit STACK 20000
GRIDBOX: connect (200.18.98.120:22):
DENIED
GRIDBOX: system (/bin/rm): DENIED
GRIDBOX: fopen
(/etc/passwd): DENIED
Sandbox technology present by Arash Karami
GridBox Functionalities
21/36
Sandbox technology present by Arash Karami
Chromium Sandbox project
22




Subset of Chromium open source project
Independent to Google codes
Cross-platform
Restriction in:
process
 I/O
 Network

Sandbox technology present by Arash Karami
23/36
Evaluate
Table of all surveyed sandboxes
Time-line
Sandbox technology present by Arash Karami
Compression
24/36


Sandbox is a wide concept
It is based of interception
Sandbox technology present by Arash Karami
Some surveyed sandboxes
25/36
Sandbox
name
Goal
Implantation
Level
Heterogon
ous
Compatible
OS
Application
Domain
Program
Chroot
OS
virtualization
User mode
No
Most Unix-like
OS
Secure policy
Chroot
Gridbox
Improve
security in grid
User mode
Y/N
All Unix-like OS
Grid computing,
Pro Grid,[email protected]
ACL, customize
confige file,
BlueBox
N IDS
Kernel mode
No
Linux
Network IDS,
Host base real –
time IDS,
webservers
Host base
driven
DGMonitor
Virtualized
resources
User mode
Yes
Linux,windows,
Unix
Entropia,
DCGrid,Xterm
web
Portable,
Entropia VM
Virtualization
Kernle mode
No
Windows NT or
higher
Grid systems,
image –
processing
Combine VM
approach with
Sandbox
approach, File
Virtualzaiton,
Thread mng,Job
manager
Janus
Monitoring
User mode
No
Solaris 2.4
Chromium
Sandboxing
User mode
Yes
Unix-like,
Ptrace/proc
mechanism
Web application
Time-Line
26

Progress sandboxes
Systrace
Condor
chromium
Gridbox
Avast
Chroot
1980
Janus
1985
FreeBSD Jail
1990
1995
2000
Sandbox technology present by Arash Karami
2005
2010
27/36
Result
Result
challenges
discussion
Sandbox technology present by Arash Karami
A good sandbox properties:
28/36



Interception without restriction on
resources
A secure box for virtual processes
Multi part restriction:
 Memory
restriction:
 Restriction


space for Processes, threads
process management
monitoring network protocols
Sandbox technology present by Arash Karami
challenges
29/36




Implement level
Goal
Cross-platform
Fine-grained level
Sandbox technology present by Arash Karami
30/36
Conclusion
Sandbox technology present by Arash Karami
Today we need to:
31/36
1.
2.
3.
4.
5.
6.
7.
A cross platform sandbox
High performance
Support kernel and user mode sandboxing
Dynamic ACL (Google ACL)s
Full virtualization
Limited local resource and network
resource
Open source
Sandbox technology present by Arash Karami
32/36
Discussion
Sandbox technology present by Arash Karami
33/36
References
Sandbox technology present by Arash Karami
All references
34











S Loureiro, R Molva, Y Roudier 2000 “Mobile Code Security” Proceedings of ISYPAR
AR.Butt, S.Adabala, NH.Kapadia, RJ.Figueiredo and J.A.B.Fortes “Grid-computing portals and security
issues” Journal of Parallel and Distributed Computing, October 2003
H.Chen, P.Liu, R.Chen, B.Zang, H.Chen, P.Liu, R.Chen ” VMM-based Process Shepherding” Parallel Processing
Institute Technical Report Number: FDUPPITR-2007-08002 August 2007
I.Goldberg, D.Wagner, R.Thomas, EA.Brewer “A Secure Environment for Untrusted Helper Applications
Conning the Wily Hacker” Sixth USENIX UNIX security symposium, July 1996
By Wikipedia http://en.wikipedia.org/wiki/Sandbox_%28computer_security%29t 2010-07-14
J. Lange, P. Dinda, Transparent Network Services via a Virtual Traffic Layer for Virtual Machines,
Proceedings of the 16th IEEE International Symposium on High Performance Distributed Computing (HPDC
2007), June, 2007
CHARI, S. N., AND CHENG, P.-C. BlueBoX: A Policy-driven, Host-Based Intrusion Detection System. In
Proceedings of the 9th Symposium on Network and Distributed Systems Security (NDSS 2002) (2002).
T.Khatiwala, R.Swaminathan, V. N.Venkatakrishnan “Data Sandboxing: A Technique for Enforcing
Confidentiality Policies”, Proceedings of the 22nd Annual Computer Security Applications Conference,
p.223-234, December 11-15, 2006
Frey, J. Tannenbaum, T. Livny, M. Foster, I. Tuecke, S. “Condor-G: A Computation Management Agent for
Multi-Institutional Grids” cluster computing, 2002, VOL 5; NUMBER 3, pages 237-246
P. Cicotti, M.Taufer and A. Chieny “DGMonitor: A Performance Monitoring Tool for Sandbox-Based Desktop
Grid Platforms” journal of supercomputing, 2005, VOL 34; NUMBER 2, pages 113-133
D.Wagner “A Secure Environment for Untrusted Helper Applications”
Sandbox technology present by Arash Karami
http://searchsystemschannel.techtarget.com/generic/0,295582,sid99_gci1379901,00.html
…
35





http://www.webpronews.com/insiderreports/2004/05/06/google-sandbox-effect-revealed
Evgueni Dodonov , Joelle Quaini Sousa , Hélio Crestana Guardia, GridBox: securing hosts from malicious and greedy applications,
Proceedings of the 2nd workshop on Middleware for grid computing, p.17-22, October 18-22, 2004, Toronto, Ontario, Canada
S.Santhanam, P.Elango, A.Arpaci-Dusseau ,M.Livny "Deploying virtual machines as sandboxes for the grid" Proceedings of the 2nd
conference on Real, Large Distributed Systems, 2005
Jiang, X. Wang, X. “"Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots” lecture notes in computer science ,
2007
Malkhi, D. Reiter, M. K “Secure Execution of Java Applets Using a Remote Playground” IEEE transactions on software
engineering, 2000

M.Khambatti, P.Dasgupta, KD.Ryu “A Role-Based Trust Model for Peer-to-Peer Communities and Dynamic

Coalitions” In IWIA '04: Proceedings of the Second IEEE

International Information Assurance Workshop, page 141, Washington, DC, USA, 2004

The Technion DSL Lab, Israel “Condor Local File System Sandbox” high level design document





B Calder, AA Chien, J Wang, D Yang “,The Entropia Virtual Machine for Desktop Grids” Proceedings of the 1st ACM/USENIX
international conference on Virtual execution environments, 2005
David A. Wagner. Janus: an Approach for Confinement of Untrusted Applications. Technical Report CSD-99-1056, 12, 1999. 2, 8
N.Provos “Improving host security with system call policies” Proceedings of the 12th conference on USENIX Security
Symposium, 2003
sandboxie http://www.sandboxie.com/
Chromium project
http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBYQFjAA&url=http%3A%2F%2Fcode.google.com%2Fchromium%2F&
ei=Qs49TI_NJ5i8jAerqZT5Aw&usg=AFQjCNFFIW41N_oxaGVfvEf4kTPmYqUfWg&sig2=Af2KdebPFzPOcyA-wSUAVQ
Sandbox technology present by Arash Karami
36
Sandbox technology present by Arash Karami
37
Sandbox technology present by Arash Karami

similar documents