Sandboxes - Chrono's Cyber Chronicles

# Sandboxes # Sandboxes - Definitions * <span style="color:#FFFFFF">Sandbox</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">\(InfoSec\):</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">A</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">security</span> * <span style="color:#FFFFFF">technique for </span> <span style="color:#FFFFFF">program isolation and </span> <span style="color:#FFFFFF">resource </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">management\.</span> * <span style="color:#FFFFFF">Untrusted</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">third</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">party</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">code</span> * <span style="color:#FFFFFF">Untrusted</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">apps</span> * <span style="color:#FFFFFF">Untrusted</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">users</span> * <span style="color:#FFFFFF">Untrusted</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">websites</span> * <span style="color:#FFFFFF">Similar</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">to</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">virtualization</span> <span style="color:#FFFFFF">Sandbox \(for developers\): Similar to </span> <span style="color:#FFFFFF">the </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">InfoSec </span> <span style="color:#FFFFFF">definition\. </span> <span style="color:#FFFFFF">It's </span> <span style="color:#FFFFFF">used for </span> <span style="color:#FFFFFF">testing </span> <span style="color:#FFFFFF"> untrusted</span> <span style="color:#FFFFFF"> code</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">changes\.</span> <span style="color:#FFFFFF">– </span> <span style="color:#FFFFFF">A</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">patch</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">submitted</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">by</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">an</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">anonymous</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">contributor</span> <span style="color:#FFFFFF">We </span> <span style="color:#FFFFFF">are </span> <span style="color:#FFFFFF">interested in </span> <span style="color:#FFFFFF">the </span> <span style="color:#FFFFFF">previous definition </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">but </span> <span style="color:#FFFFFF">the </span> <span style="color:#FFFFFF">dev </span> <span style="color:#FFFFFF">context </span> <span style="color:#FFFFFF">is here because </span> <span style="color:#FFFFFF">the </span> <span style="color:#FFFFFF">term </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">will come </span> <span style="color:#FFFFFF">up during online searches </span> <span style="color:#FFFFFF">and </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">discussions</span> # Resource Control * <span style="color:#FFFFFF">Want to </span> <span style="color:#FFFFFF">control certain </span> <span style="color:#FFFFFF">elements of </span> <span style="color:#FFFFFF">the </span> <span style="color:#FFFFFF">execution </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">environment:</span> * <span style="color:#FFFFFF">CPU</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">\(time\,</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">instructions\)</span> * <span style="color:#FFFFFF">Disk</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">Space</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">\(access</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">to</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">and</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">where</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">program</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">is</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">stored\)</span> * <span style="color:#FFFFFF">sandboxie\.com</span> * <span style="color:#FFFFFF">Memory</span> * <span style="color:#FFFFFF">Network</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">Access</span> * <span style="color:#FFFFFF">Input/IO</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">control</span> * <span style="color:#FFFFFF">How </span> <span style="color:#FFFFFF">could </span> <span style="color:#FFFFFF">we </span> <span style="color:#FFFFFF">control </span> <span style="color:#FFFFFF">a </span> <span style="color:#FFFFFF">program's </span> <span style="color:#FFFFFF">access </span> <span style="color:#FFFFFF">to </span> <span style="color:#FFFFFF">any </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">of</span> <span style="color:#FFFFFF"> the </span> <span style="color:#FFFFFF">above?</span> # Examples * <span style="color:#FFFFFF">Applets:</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">Flash\,</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">Java\,</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">Silverlight</span> * <span style="color:#FFFFFF">Managed</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">by</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">a</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">virtual</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">machine</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">or</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">interpreter</span> * <span style="color:#FFFFFF">Downloaded</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">code</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">is</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">executed</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">inside</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">the</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">sandbox</span> * <span style="color:#FFFFFF">Cannot</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">access</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">local</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">storage</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">unless</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">authorized</span> * <span style="color:#FFFFFF">Jails:</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">\(think</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">chroot\)</span> * <span style="color:#FFFFFF">Resource</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">restrictions</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">implemented</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">at</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">the</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">kernel</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">level</span> * <span style="color:#FFFFFF">IO management </span> <span style="color:#FFFFFF">and </span> <span style="color:#FFFFFF">disk quota utilities \(usrquota </span> <span style="color:#FFFFFF">& </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">grpquota</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">properties in</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">/etc/fstab\)</span> * <span style="color:#FFFFFF">Can </span> <span style="color:#FFFFFF">also </span> <span style="color:#FFFFFF">create managed storage </span> <span style="color:#FFFFFF">areas </span> <span style="color:#FFFFFF">by creating </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">virtual filesystems \(basically </span> <span style="color:#FFFFFF">a </span> <span style="color:#FFFFFF">filesystem from </span> <span style="color:#FFFFFF">a </span> <span style="color:#FFFFFF">disk </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">file\)</span> # Examples and Implementations <span style="color:#FFFFFF">Rule\-Based</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">Execution:</span> <span style="color:#FFFFFF">Monitoring</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">requests</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">a</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">process</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">to</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">CPU</span> <span style="color:#FFFFFF">Allow/deny</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">request</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">based</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">on</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">rule\-set</span> <span style="color:#FFFFFF">– </span> <span style="color:#FFFFFF">Ex\.</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">Prevent</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">any</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">attempt</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">to</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">access</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">the</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">registry</span> <span style="color:#FFFFFF">Capability</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">Systems:</span> <span style="color:#FFFFFF">Processes</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">assigned</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">a</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">'token'</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">during</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">startup</span> <span style="color:#FFFFFF">Token</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">similar</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">to</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">a</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">'role'</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">\(see</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">RBAC\)</span> <span style="color:#FFFFFF">Based </span> <span style="color:#FFFFFF">on </span> <span style="color:#FFFFFF">the token\, certain </span> <span style="color:#FFFFFF">actions are </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">permitted/denied</span> # Examples <span style="color:#FFFFFF">HTML</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">5</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">iframe</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">sandbox:</span> <span style="color:#FFFFFF"><iframe</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">src="whatever"</span> <span style="color:#FFFFFF"> </span> <span style="color:#FF0000">sandbox</span> <span style="color:#FFFFFF">>\</iframe></span> <span style="color:#FFFFFF">HTML </span> <span style="color:#FFFFFF">5 </span> <span style="color:#FFFFFF">style iframes </span> <span style="color:#FFFFFF">can </span> <span style="color:#FFFFFF">disable: plugins\, </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">scripts\, form submission\, </span> <span style="color:#FFFFFF">manipulation </span> <span style="color:#FFFFFF">of </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">other frames \(parent or </span> <span style="color:#FFFFFF">child\)\, </span> <span style="color:#FFFFFF">pop\-ups\, DOM </span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">access</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">and</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">XMLHttpRequest\(\)</span> <span style="color:#FFFFFF">Any</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">of</span> <span style="color:#FFFFFF"> the</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">above</span> <span style="color:#FFFFFF"> can</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">be</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">enabled</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">but</span> <span style="color:#FFFFFF"> must</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">be</span> <span style="color:#FFFFFF">done</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">so</span> <span style="color:#FFFFFF"> </span> <span style="color:#FFFFFF">explicitly</span>