OS Agnostic Sandboxing Using Virtual CPUs

dc.contributor.authorLange, Matthias
dc.date.accessioned2011-07-21T08:40:27Z
dc.date.available2011-07-21T08:40:27Z
dc.date.issued2011-07-21
dc.description.abstractCommodity operating systems have a poor track record when it comes to security. Malware and viruses aim at exploiting vulnerabilities and e.g. try to steal the users private data. Unfortunately most of todays operating systems do not allow to enforce the principle of least authority as their security mechanisms are to coarse grained. In this work we show how we built an OS agnostic sandbox using virtual CPUs. It allows the execution of native code and thus does not wear the burden of an inherent performance penalty. To show the efficiency and usability of our solution we have built a secure execution container for web browser plugins. Background Sandboxing techniques were developed to jail a program into a restricted execution environment [WLAG93]. Per default critical operations (e.g. syscalls) are disallowed and as such trap into the sandbox host. There for example arguments of the critical operation can be inspected and sanitized. Although e.g. the Java VM provides a restricted execution environment it is often disliked due to its performance penalty. Other sandboxing techniques like Googles Native Client (NaCl) rely on specific characteristics of the underlying platform. Design The virtual CPU model (vCPU) is an execution abstraction that strongly resembles to physical CPUs [LWP2010]. It features upcalls, virtual interrupts, a state indicator and a state save area. The vCPU model allows for sequential execution while supporting control ow diversions upon events. We chose to base our architecture on the vCPU model as it allows the traditional thread model to be easily combined with an asynchronous event model. Our architecture is designed to maximize data throughput with a zero-copy shared-memory interface between a sandboxed client and the host. The computational overhead is minimized by allowing native execution. To minimize event latency we designed an efficient event notification mechanism using event buffers. First Results Our vCPU model is implemented using ptrace which allows the client to run natively. The measurements show that sandboxed clients perform comparable to native performance. The event latency is constant and does not depend on the number of concurrently running vCPU threads. Preliminary measurements indicate that the data throughput is sufficient for multimedia applications.en
dc.identifier.urihttp://hdl.handle.net/2003/28931
dc.identifier.urihttp://dx.doi.org/10.17877/DE290R-2017
dc.language.isoende
dc.relation.ispartofSPRING - SIDAR Graduierten-Workshop über Reaktive Sicherheit, 21.-22. März 2011, Bochum, Deutschlandde
dc.subject.ddc004
dc.titleOS Agnostic Sandboxing Using Virtual CPUsen
dc.typeTextde
dc.type.publicationtypeconferenceObjectde
dcterms.accessRightsopen access

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
05.pdf
Size:
709.88 KB
Format:
Adobe Portable Document Format
Description:
DNB
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.85 KB
Format:
Item-specific license agreed upon to submission
Description:

Collections