Download presentation
Presentation is loading. Please wait.
Published byGwendoline Daniels Modified over 9 years ago
1
SoftwarePot: A Secure Software Circulation System Yoshihiro OYAMA (Univ. of Tokyo / JST) Kazuhiko KATO (Univ. of Tsukuba / JST)
2
http://www.osss.is.tsukuba.ac.jp/pot/ SoftwarePot in a NutShell Provides virtual environment “ Pot ” Pot has private namespace of resources Contains private file tree (like chroot jail) Virtual resource in pot can be mapped to real external resource Snapshots of pots (pot files) are distributed as software packages Like Zip files
3
http://www.osss.is.tsukuba.ac.jp/pot/ developer pot file user
4
http://www.osss.is.tsukuba.ac.jp/pot/ security policy process pot remote machine process
5
http://www.osss.is.tsukuba.ac.jp/pot/ Installation/Uninstallation Files in package are not extracted and installed into the original file system Installation: downloading pot file Uninstallation: deleting pot file Execution: “ stacking ” resource views Like UnionFS
6
http://www.osss.is.tsukuba.ac.jp/pot/ Security Policy How to “ plant ” pot in real environment How to control accesses map: /usr/local/lib /dev/null /extern_world /home/oyama/shared_dir_for_pot … socket: allow connect *.u-tokyo.ac.jp 80 redirect 202.226.93.133 23 -> 130.158.85.97 10023
7
http://www.osss.is.tsukuba.ac.jp/pot/ Advantages Reduced effort is required for describing access control policies Because accessible external resources are minimized for preparing resources in virtual environment Because they are distributed as pot files
8
http://www.osss.is.tsukuba.ac.jp/pot/ Implementation User-level middleware Syscall interception and sysarg modification Linux: our kernel module Solaris: procfs One monitor process attached to each application process Measured overhead: 6~21%
9
http://www.osss.is.tsukuba.ac.jp/pot/ Source Code Available Soon!
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.