Secure Isolation and Migration of Untrusted Legacy Applications
نویسندگان
چکیده
Existing applications often contain security holes that are not patched until after the system has already been compromised. Even when software updates are applied to address security issues, they often result in system services being unavailable for some time. To address these system security and availability issues, we have developed peas and pods. A pea provides a least privilege environment that can restrict processes to the minimal subset of system resources needed to run. This mechanism enables the creation of environments for privileged program execution that can help with intrusion prevention and containment. A pod provides a group of processes and associated users with a consistent, machine-independent virtualized environment. Pods are coupled with a novel checkpoint-restart mechanism which allows processes to be migrated across minor operating system kernel versions with different security patches. This mechanism allows system administrators the flexibility to patch their operating systems immediately without worrying over potential loss of data or needing to schedule system downtime. We have implemented peas and pods in Linux without requiring any application or operating system kernel changes. Our measurements on real world desktop and server applications demonstrate that peas and pods impose little overhead and enable secure isolation and migration of untrusted applications.
منابع مشابه
Secure Isolation of Untrusted Legacy Applications
Existing applications often contain security holes that are not patched until after the system has already been compromised. Even when software updates are available, applying them often results in system services being unavailable for some time. This can force administrators to leave system services in an insecure state for extended periods. To address these system security issues, we have dev...
متن کاملA Secure Middleware Architecture for Web Services
Current web service platforms (WSPs) often perform all web servicesrelated processing, including security-sensitive information handling, in the same protection domain. Consequently, the entire WSP may have access to securitysensitive information such as credit card numbers, forcing us to trust a large and complex piece of software. To address this problem, we propose ISO-WSP, a new middleware ...
متن کاملAssessment Of Paper: VPFS: Building a Virtual Private File System with a Small Trusted Computing Base
With the motivation to provide confidentiality, integrity and recoverability to security critical files, such as those used by banking programs or email clients, this paper describes a process whereby a multirlevel secure system is implemented to provide secure isolation between a small trusted computing base running trusted applications and the VPFS server, and a nonrsecure virtualized operati...
متن کاملProviding secure remote access to legacy health care applications
While the widespread adoption of Internet and Intranet technology has been one of the exciting developments of recent years, many hospitals are finding that their data and legacy applications do not naturally fit into the new methods of dissemination. Existing applications often rely on isolation or trusted networks for their access control or security, whereas untrusted wide area networks pay ...
متن کاملÂâòù×× Ò Ôôöóóó Óö Óò¬òòññòø Óó Ùòøöù×øøø Ôôððððøøóò×
Security is a serious concern on today's computer networks. Many applications are not very good at resisting attack, and our operating systems are not very good at preventing the spread of any intrusions that may result. In this thesis, we propose to manage the risk of a security breach by con ning these untrusted (and untrustworthy) applications in a carefully sanitized space. We design a secu...
متن کامل