Download presentation
Presentation is loading. Please wait.
Published byGregory Lloyd Modified over 9 years ago
1
M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan
2
2 Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
3
3
4
4 Sandbox runs programs in an isolated space which prevents them from making permanent changes to other programs and data in computer. From google image on website: http://www.sandboxie.com/
5
5 It is not enough ! Example: Mutually distrusting content
6
6 Each application handle content protection has drawbacks
7
7 Content isolation from application is not good! Security of a users' cloud data is duplicated and entrusted to all of the user's applications Security logic in application is often mixed with error prone content processing logic
8
8 Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
9
9 Contribution: Flexible isolation Compatibility with browser's isolation policy Advocate a content-based principal model in which the OS treats content owners as its principals and isolate content of different owners from one another Generalize the content-based principal model from web browsers to all applications Easy adaptation of traditional application
10
10 No sharing across principals or isolation containers
11
11 Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
12
12
13
13 Principal labeling: Separate content owning Trust list mechanism
14
14 http://blog.com/alice/index.html Trust:list=http://blog.com/alice/* http://youtube.com http://blog.com/
15
15 Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
16
16 Same principal fetching: Check with IsSamePrincipal algorithm Owner public key Trust list Cross-principal fetching: Data communication; spawning a new principal
17
17 Bit live in the response. Bit live in the request.
18
18 Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
19
19
20
20 Warping operation: Wininet library of HTTP communication, which remaps its HTTP calls to invoke Service OS fetch call Application have plug-in interface: Write add-in code to achieve CreatePI() and Embed() functions Application does not provide plug-in interfaces: Modified the UI code to make room for embedded content Adaptation onto ServiceOS is feasible.
21
21 Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
22
22 Content processing errors are widespread. ServiceOS does not rely on large applications to enforce remote content security.
23
23 Test case 1: Uses a RTF Header stack overflow vulnerability to construct a malicious document Test case 2: Malicious document that uses macros to perform the same attack The application-based isolation would not be able to stop these two exploits, but serviceOS stopped both exploits
24
24 Startup latencies: Compare with the startup time of applications' native versions on Windows. Overheads on memory usage: Drawbridge Loading Excel’s add-in libraries Performance of content fetch APIs: Overhead increase following the size of document
25
25 Result 1: In all tests ServiceOS adds less than 200ms to connect to the monitor and initialize
26
26 Result1: Both applications carry a very small memory overhead Result12: No significant penalty for opening documents from the same owner, but for different owners carry a sizable memory overhead
27
27 Result1: ServiceOS introduces some latency for passing content to renderers Result 2: Overhead is amortized for larger document sizes
28
28 Introduction Design goal and contribution Defining principals Enforcing principal definitions Implementation Evaluation Conclusion and future work
29
Generalize web browsers’ same-origin policy into an isolation policy suitable for all applications Advocate a content-based principal model by minimizing the impact of any content including malicious content Built a substantial prototype system and adapted to it a number of real-world applications
31
It need to modify or add plug-in code for each applications how to partition the system into other meaningful pieces and how to set permissions for each piece If we take a contemporary OS, simple bug in any of the kernel components allows to bypass of the isolation mechanisms
32
32
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.