A Framework for Application-level Isolation and Recovery Abstract a Framework for Application-level Isolation and Recovery

A Framework for Application-Level Isolation and Recovery Shvetank Jain Master of Applied Science Graduate Department of Electrical and Computer Engineering University of Toronto 2008 When computer systems are compromised by an attack, it is difficult to determine the precise extent of the damage because the state changes made by an attacker and those made by regular users can be closely intertwined. This problem can be especially severe for persistent state, and it occurs due to implicit sharing in operating systems. In particular, the file system provides a single namespace that when compromised can have cascading effects on the entire system, making intrusion analysis and recovery a time-consuming and error-prone process. In this thesis, we propose limiting the effects of attacks and simplifying the post-intrusion recovery process by requiring explicit sharing of all persistent data. We present a system called Solitude that uses a copy-on-write filesystem to provide a transparent, restricted privilege sandboxing environment for running untrusted applications. Since file sharing across applications is relatively uncommon, Solitude uses an explicit sharing mechanism that limits attack propagation without compromising functionality. Solitude provides two modes of recovery. If a sandboxed application proves to be untrustworthy, a course-grained recovery method allows completely removing the footprint of the software. However, if a user mistakenly moves untrusted files from the sandbox to the regular environment via the explicit sharing mechanism, then Solitude uses data dependency tracking to allow fine-grained recovery.