M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.
-
Upload
gregory-lloyd -
Category
Documents
-
view
219 -
download
0
Transcript of M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.
M. Alexander Helen J. Wang Yunxin Liu
Microsoft Research
1
Presented by Zhaoliang Duan
2
Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
3
4
Sandbox runs programs in an isolated space which prevents them from making permanent changes to other programs and data in computer.
From google image on website: http://www.sandboxie.com/
5
• It is not enough !• Example: Mutually distrusting content
6
• Each application handle content protection has drawbacks
7
Content isolation from application is not good!• Security of a users' cloud data is duplicated and entrusted to all of
the user's applications
• Security logic in application is often mixed with error prone content processing logic
8
Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
9
Contribution:Contribution:
Flexible isolation
Compatibility with browser's isolation policy
Advocate a content-based principal model in which the OS treats content owners as its principals and isolate content of different owners from one another
Generalize the content-based principal model from web browsers to all applications
Easy adaptation of traditional application
10
• No sharing across principals or isolation containers
11
Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
12
13
Principal labeling:
Separate content owning
Trust list mechanism
14
http://blog.com/alice/index.html
Trust:list=http://blog.com/alice/*
http://youtube.com
http://blog.com/
15
Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
16
Same principal fetching: Check with IsSamePrincipal algorithm• Owner public key• Trust list
Cross-principal fetching: Data communication; spawning a new principal
17
Bit live in the response.
Bit live in the request.
18
Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
19
20
Warping operation: Wininet library of HTTP communication, which remaps its HTTP calls to invoke Service OS fetch call
Application have plug-in interface: Write add-in code to achieve CreatePI() and Embed() functions
Application does not provide plug-in interfaces: Modified the UI code to make room for embedded content
Adaptation onto ServiceOS is feasible.
21
Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
22
Content processing errors are widespread.
ServiceOS does not rely on large applications to enforce remote content security.
23
Test case 1: Uses a RTF Header stack overflow vulnerability to construct a malicious document
Test case 2: Malicious document that uses macros to perform the same attack
The application-based isolation would not be able to stop these two exploits, but serviceOS stopped both exploits
24
Startup latencies: • Compare with the startup time of applications' native versions on
Windows.
Overheads on memory usage: • Drawbridge• Loading Excel’s add-in libraries
Performance of content fetch APIs:• Overhead increase following the size of document
25
Result 1: In all tests ServiceOS adds less than 200ms to connect to the monitor and initialize
26
Result1: Both applications carry a very small memory overhead
Result12: No significant penalty for opening documents from the same owner, but for different owners carry a sizable memory overhead
27
Result1: ServiceOS introduces some latency for passing content to renderers
Result 2: Overhead is amortized for larger document sizes
28
Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
Generalize web browsers’ same-origin policy into an isolation policy suitable for all applications
Advocate a content-based principal model by minimizing the impact of any content including malicious content
Built a substantial prototype system and adapted to it a number of real-world applications
It need to modify or add plug-in code for each applications
how to partition the system into other meaningful pieces and how to set permissions for each piece
If we take a contemporary OS, simple bug in any of the kernel components allows to bypass of the isolation mechanisms
32