Isolaon - Columbia University

Isola&on

The con?nement

principle

Original slides were created by Prof. Dan Boneh

1

Running untrusted code

We often need to run buggy/unstrusted code:

¨C programs from untrusted Internet sites:

? apps, extensions, plug-ins, codecs for media player

¨C exposed applications: pdf viewers, outlook

¨C legacy daemons: sendmail, bind

¨C honeypots

Goal: if application ¡°misbehaves¡± ? kill it

2

Approach: confinement

Confinement: ensure misbehaving app cannot harm rest of system

? Can be implemented at many levels:

¨C Hardware: run application on isolated hw (air gap)

app 1

Network 2

app 2

air gap

network 1

? difficult to manage, expensive

3

Approach: confinement

Confinement: ensure misbehaving app cannot harm rest of system

? Can be implemented at many levels:

¨C Virtual machines: isolate OS¡¯s on a single machine

What are some of the drawbacks of this approach?

app1

app2

OS1

OS2

Virtual Machine Monitor (VMM)

4

Approach: confinement

Confinement: ensure misbehaving app cannot harm rest of system

? Can be implemented at many levels:

¨C Process: System Call Interposition

Isolate a process in a single operating system

process 1

process 2

Opera&ng System

5

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download