Sandbox technology, a suitable approach for secure distributed systems By: Arash Karami Supervisor : Hadi Salimi Distributed Systems Course Seminar Mazandaran University of Science and Technology IT departmentJuly 2010
Main Contents What: Sandbox security Where: General-purpose Grid computing Why: security with lightweight overhead, … How: see those in next parts!!! 2/36 Sandbox technology present by Arash Karami
Table of Content Introduction Sandbox idea Other concepts Usages Features Interception Interception Levels Access Control List Chroot mechanism Applications Evaluating Time line Conclusion 3/36 Sandbox technology present by Arash Karami
Motivation Introduction My purpose Introduction 4/36 Sandbox technology present by Arash Karami
Motivation large scale systems need to be high performance Distributed system are normally untrusted environments Establishing secure processing environments is very time consuming (common) We have found a suitable technology for lightweight secure environemnts in large scale systems ` Standalone Antivirus Security suits Sandboxes 5/36 Sandbox technology present by Arash Karami
Introduction to sandbox By wikipedia: In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users. By common: Process virtual machine By my survey: A jail that can override and modify the behaviour of system calls without change in real system 6/36 Sandbox technology present by Arash Karami
Purposes & specifics Lightweight High performance Virtualization Role based Special ACL Control and management resource Restriction in resources Better than complex authentications Self defensive 7/36 Sandbox technology present by Arash Karami
Idea Other concepts The sandbox idea 8/36 Sandbox technology present by Arash Karami
Other means Sandbox games Google sandbox rating Sandboxes have many applications in computer science!!! The sandbox tool aims to fulfill the need for application security on a distributed environment 9/36 Sandbox technology present by Arash Karami
Sandbox in X computing Sandbox as virtual machine Sandbox as monitoring tools (EVEN) Sandbox as IDS ;) usages 10 Sandbox technology present by Arash Karami
Virtualization IDS Mobile computing Anti viruses Cloud/Grid computing Rule base management systems Full virtualization Resource Management systems Honey pots Usage of sandboxes Network monitoring tools, Network traffic control Sandbox approach Sandbox approach FVM Norman Avast Mobile codes EVM Gridbox DGMonitor Janus Chromium Java sandbox FVM BlueBox 11/36 Sandbox technology present by Arash Karami
Interception Access Control List Application sandboxes Features 12/36 Sandbox technology present by Arash Karami
Interception Base of sandboxes Process interception system call interception Os: Unix: ptrace OR… Windows: dll injection Monitoring resources and controlling them 13/36 Sandbox technology present by Arash Karami
User level sandbox Trace system calls Using ptrace in Unix Using injection to address space of processes in windows. For example: Gridbox Chromium sandbox project Chroot Janus 14/36 Sandbox technology present by Arash Karami
Kernel level sandbox Create a driver or kernel modules for a specific platform Low level programming Dirty programming!!! Non-hacked (than to user mode) For example BlueBox EVM Condor 15/36 Sandbox technology present by Arash Karami
Access Control List Assign a task, role, system call Change system call with real system call Example: Gridbox: Define acl.c + syscalls.c for resource management 16/36 Sandbox technology present by Arash Karami
Application sandboxes Move desktop app to web app Protecting with lightweight, secure, flexible approach (WHERE???) Extension or separated program Sandboxie A part of Applets SilverLight Lost real performance 17/36 Sandbox technology present by Arash Karami
GridBox Chromium sandbox project Present two prof sandbox 18 Sandbox technology present by Arash Karami
Gridbox started at 2005 Lightweight code files & executable file Heterogeneous on Unix base system User mode interception Used in ProGrid, Using ACL Multi level security 19/36 Sandbox technology present by Arash Karami
Multi level security # Network access: Allow connections to trusted machines rule connect allow :80 rule connect allow :80 # Disallow any other connection rule connect deny *:* # Serving connections: Allow to bind to port 8000 of interface rule bind allow :8000 # Disallow any other port binding rule bind deny * # Program execution` # Allow execution of /bin/cat rule system allow /bin/cat # Disallow any other program execution rule system deny * #/usr/local/grid/sandbox.sh /usr/local/grid/applications/test_suite...GRIDBOX: fopen (input): DENIED GRIDBOX: connect ( :80): DENIED GRIDBOX: nice(10): DENIED GRIDBOX: connect ( :22): DENIED GRIDBOX: system (/bin/rm): DENIED GRIDBOX: fopen (/etc/passwd): DENIED # Node profile # Limit the CPU use to 5 minutes limit CPU_TIME 600 # Limit maximum file size limit FILE_SIZE # Limit maximum process stack limit STACK /36 Sandbox technology present by Arash Karami
GridBox Functionalities 21/36 Sandbox technology present by Arash Karami
Chromium Sandbox project Subset of Chromium open source project Independent to Google codes Cross-platform Restriction in: process I/O Network 22 Sandbox technology present by Arash Karami
Table of all surveyed sandboxes Time-line Evaluate 23/36 Sandbox technology present by Arash Karami
Compression Sandbox is a wide concept It is based of interception 24/36 Sandbox technology present by Arash Karami
Some surveyed sandboxes 25/36 Sandbox name GoalImplantation Level Heterogon ous Compatible OS Application Domain Program ChrootOS virtualization User modeNoMost Unix-like OS Secure policyChroot GridboxImprove security in grid User modeY/NAll Unix-like OSGrid computing, Pro ACL, customize confige file, BlueBoxN IDSKernel modeNoLinuxNetwork IDS, Host base real – time IDS, webservers Host base driven DGMonitorVirtualized resources User modeYesLinux,windows, Unix Entropia, DCGrid,Xterm web Portable, Entropia VMVirtualizationKernle modeNoWindows NT or higher Grid systems, image – processing Combine VM approach with Sandbox approach, File Virtualzaiton, Thread mng,Job manager JanusMonitoringUser modeNoSolaris 2.4Ptrace/proc mechanism ChromiumSandboxingUser modeYesUnix-like, windows Web application Free BSD jailSecurity in Server farms Kernel/user modeNoOnly BSDInternet security File system isolation,Disk quotas,Network isolation
Time-Line Progress sandboxes 1980 Gridbox Janus Systrace Avast Chroot chromium FreeBSD Jail Condor 26 Sandbox technology present by Arash Karami
Result challenges discussion Result 27/36 Sandbox technology present by Arash Karami
A good sandbox properties: Interception without restriction on resources A secure box for virtual processes Multi part restriction: Memory restriction: Restriction space for Processes, threads process management monitoring network protocols 28/36 Sandbox technology present by Arash Karami
challenges Implement level Goal Cross-platform Fine-grained level 29/36 Sandbox technology present by Arash Karami
Conclusion 30/36 Sandbox technology present by Arash Karami
Today we need to: 1. A cross platform sandbox 2. High performance 3. Support kernel and user mode sandboxing 4. Dynamic ACL (Google ACL)s 5. Full virtualization 6. Limited local resource and network resource 7. Open source 31/36 Sandbox technology present by Arash Karami
Discussion 32/36 Sandbox technology present by Arash Karami
References 33/36 Sandbox technology present by Arash Karami
All references Sandbox technology present by Arash Karami 34 S Loureiro, R Molva, Y Roudier 2000 Mobile Code Security Proceedings of ISYPAR AR.Butt, S.Adabala, NH.Kapadia, RJ.Figueiredo and J.A.B.Fortes Grid-computing portals and security issues Journal of Parallel and Distributed Computing, October 2003 H.Chen, P.Liu, R.Chen, B.Zang, H.Chen, P.Liu, R.Chen VMM-based Process Shepherding Parallel Processing Institute Technical Report Number: FDUPPITR August 2007 I.Goldberg, D.Wagner, R.Thomas, EA.Brewer A Secure Environment for Untrusted Helper Applications Conning the Wily Hacker Sixth USENIX UNIX security symposium, July 1996 By Wikipedia http://en.wikipedia.org/wiki/Sandbox_%28computer_security%29t J. Lange, P. Dinda, Transparent Network Services via a Virtual Traffic Layer for Virtual Machines, Proceedings of the 16th IEEE International Symposium on High Performance Distributed Computing (HPDC 2007), June, 2007 CHARI, S. N., AND CHENG, P.-C. BlueBoX: A Policy-driven, Host-Based Intrusion Detection System. In Proceedings of the 9th Symposium on Network and Distributed Systems Security (NDSS 2002) (2002). T.Khatiwala, R.Swaminathan, V. N.Venkatakrishnan Data Sandboxing: A Technique for Enforcing Confidentiality Policies, Proceedings of the 22nd Annual Computer Security Applications Conference, p , December 11-15, 2006 Frey, J. Tannenbaum, T. Livny, M. Foster, I. Tuecke, S. Condor-G: A Computation Management Agent for Multi-Institutional Grids cluster computing, 2002, VOL 5; NUMBER 3, pages P. Cicotti, M.Taufer and A. Chieny DGMonitor: A Performance Monitoring Tool for Sandbox-Based Desktop Grid Platforms journal of supercomputing, 2005, VOL 34; NUMBER 2, pages D.Wagner A Secure Environment for Untrusted Helper Applications
… Sandbox technology present by Arash Karami 35 Evgueni Dodonov, Joelle Quaini Sousa, Hélio Crestana Guardia, GridBox: securing hosts from malicious and greedy applications, Proceedings of the 2nd workshop on Middleware for grid computing, p.17-22, October 18-22, 2004, Toronto, Ontario, Canada S.Santhanam, P.Elango, A.Arpaci-Dusseau,M.Livny "Deploying virtual machines as sandboxes for the grid" Proceedings of the 2nd conference on Real, Large Distributed Systems, 2005 Jiang, X. Wang, X. "Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots lecture notes in computer science, 2007 Malkhi, D. Reiter, M. K Secure Execution of Java Applets Using a Remote Playground IEEE transactions on software engineering, 2000 M.Khambatti, P.Dasgupta, KD.Ryu A Role-Based Trust Model for Peer-to-Peer Communities and Dynamic Coalitions In IWIA '04: Proceedings of the Second IEEE International Information Assurance Workshop, page 141, Washington, DC, USA, 2004 The Technion DSL Lab, Israel Condor Local File System Sandbox high level design document B Calder, AA Chien, J Wang, D Yang,The Entropia Virtual Machine for Desktop Grids Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, 2005 David A. Wagner. Janus: an Approach for Confinement of Untrusted Applications. Technical Report CSD , 12, , 8 N.Provos Improving host security with system call policies Proceedings of the 12th conference on USENIX Security Symposium, 2003 sandboxie Chromium project ei=Qs49TI_NJ5i8jAerqZT5Aw&usg=AFQjCNFFIW41N_oxaGVfvEf4kTPmYqUfWg&sig2=Af2KdebPFzPOcyA-wSUAVQ ei=Qs49TI_NJ5i8jAerqZT5Aw&usg=AFQjCNFFIW41N_oxaGVfvEf4kTPmYqUfWg&sig2=Af2KdebPFzPOcyA-wSUAVQ
Sandbox technology present by Arash Karami 36 ?
Sandbox technology present by Arash Karami 37