Presentation is loading. Please wait.

Presentation is loading. Please wait.

M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.

Published byGregory Lloyd Modified over 8 years ago

Similar presentations

Presentation on theme: "M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan."— Presentation transcript:

1 M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan

2 2  Introduction  Design goal and contribution  Defining principals  Enforcing principal definitions  Implementation  Evaluation  Conclusion and future work

3 3

4 4 Sandbox runs programs in an isolated space which prevents them from making permanent changes to other programs and data in computer. From google image on website: http://www.sandboxie.com/

5 5 It is not enough ! Example: Mutually distrusting content

6 6 Each application handle content protection has drawbacks

7 7 Content isolation from application is not good! Security of a users' cloud data is duplicated and entrusted to all of the user's applications Security logic in application is often mixed with error prone content processing logic

8 8  Introduction  Design goal and contribution  Defining principals  Enforcing principal definitions  Implementation  Evaluation  Conclusion and future work

9 9 Contribution:  Flexible isolation  Compatibility with browser's isolation policy  Advocate a content-based principal model in which the OS treats content owners as its principals and isolate content of different owners from one another  Generalize the content-based principal model from web browsers to all applications  Easy adaptation of traditional application

10 10 No sharing across principals or isolation containers

11 11  Introduction  Design goal and contribution  Defining principals  Enforcing principal definitions  Implementation  Evaluation  Conclusion and future work

12 12

13 13  Principal labeling:  Separate content owning  Trust list mechanism

14 14 http://blog.com/alice/index.html Trust:list=http://blog.com/alice/* http://youtube.com http://blog.com/

15 15  Introduction  Design goal and contribution  Defining principals  Enforcing principal definitions  Implementation  Evaluation  Conclusion and future work

16 16  Same principal fetching: Check with IsSamePrincipal algorithm Owner public key Trust list  Cross-principal fetching: Data communication; spawning a new principal

17 17  Bit live in the response.  Bit live in the request.

18 18  Introduction  Design goal and contribution  Defining principals  Enforcing principal definitions  Implementation  Evaluation  Conclusion and future work

19 19

20 20  Warping operation: Wininet library of HTTP communication, which remaps its HTTP calls to invoke Service OS fetch call  Application have plug-in interface: Write add-in code to achieve CreatePI() and Embed() functions  Application does not provide plug-in interfaces: Modified the UI code to make room for embedded content Adaptation onto ServiceOS is feasible.

21 21  Introduction  Design goal and contribution  Defining principals  Enforcing principal definitions  Implementation  Evaluation  Conclusion and future work

22 22  Content processing errors are widespread.  ServiceOS does not rely on large applications to enforce remote content security.

23 23  Test case 1: Uses a RTF Header stack overflow vulnerability to construct a malicious document  Test case 2: Malicious document that uses macros to perform the same attack The application-based isolation would not be able to stop these two exploits, but serviceOS stopped both exploits

24 24  Startup latencies: Compare with the startup time of applications' native versions on Windows.  Overheads on memory usage: Drawbridge Loading Excel’s add-in libraries  Performance of content fetch APIs: Overhead increase following the size of document

25 25  Result 1: In all tests ServiceOS adds less than 200ms to connect to the monitor and initialize

26 26  Result1: Both applications carry a very small memory overhead  Result12: No significant penalty for opening documents from the same owner, but for different owners carry a sizable memory overhead

27 27  Result1: ServiceOS introduces some latency for passing content to renderers  Result 2: Overhead is amortized for larger document sizes

28 28  Introduction  Design goal and contribution  Defining principals  Enforcing principal definitions  Implementation  Evaluation  Conclusion and future work

29  Generalize web browsers’ same-origin policy into an isolation policy suitable for all applications  Advocate a content-based principal model by minimizing the impact of any content including malicious content  Built a substantial prototype system and adapted to it a number of real-world applications

30

31  It need to modify or add plug-in code for each applications  how to partition the system into other meaningful pieces and how to set permissions for each piece  If we take a contemporary OS, simple bug in any of the kernel components allows to bypass of the isolation mechanisms

32 32

Download ppt "M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Operating System Structures

Operating System Structures
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.

Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Using Replicated Execution for a More Secure and Reliable Browser Authors: Hui Xue, Nathan Dautenhahn, Samuel T. King University of Illinois at Urbana.

Using Replicated Execution for a More Secure and Reliable Browser Authors: Hui Xue, Nathan Dautenhahn, Samuel T. King University of Illinois at Urbana.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
Mitigating Malware Collin Jackson CS142 – Winter 2009.

Mitigating Malware Collin Jackson CS142 – Winter 2009.
1 14th ACM Conference on Computer and Communications Security, Alexandria, VA Shuo Chen †, David Ross ‡, Yi-Min Wang † † Internet Services Research Center.

1 14th ACM Conference on Computer and Communications Security, Alexandria, VA Shuo Chen †, David Ross ‡, Yi-Min Wang † † Internet Services Research Center.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
On the Incoherencies in Web Browser Access Control Policies Authors: Kapil Singh, et al Presented by Yi Yang.

On the Incoherencies in Web Browser Access Control Policies Authors: Kapil Singh, et al Presented by Yi Yang.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Java Security: From HotJava to Netscape & Beyond Drew Dean, Edward W. Felten, Dan S. Wallach Department of Computer Science, Princeton University May,

Java Security: From HotJava to Netscape & Beyond Drew Dean, Edward W. Felten, Dan S. Wallach Department of Computer Science, Princeton University May,
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
1 Extensible Security Architectures for Java Authors: Dan S.Wallch, Dirk Balfanz Presented by Moonjoo Kim.

1 Extensible Security Architectures for Java Authors: Dan S.Wallch, Dirk Balfanz Presented by Moonjoo Kim.
Chapter 2: Operating-System Structures

Chapter 2: Operating-System Structures

Similar presentations

Ads by Google