Vortragsdetails

A Sandbox for Every Application

von Gordon Hopper (Motorola)

Freitag, 01.06.2007, Saal 4: Kaiserslautern , 16:00-17:00 Uhr

Untrusted applications are a source of security holes, configuration problems, and application conflicts in today's operating systems. Application vendors may disagree with Linux distributors about what privileges and environments are needed for their applications to run effectively. Application users are caught in the middle of this struggle. Current efforts to lock down privileges are too coarse to be useful or require tedious tinkering by end users. Despite the LSB specification, distribution differences require application vendors to build multiple packages and support various configurations. We are in need of a better system of managing and controlling application permissions and reducing conflicts. An application sandbox is the answer. Solving the sandbox problem will also prevent viruses and other malware from spreading or doing harm.

The concept of an application sandbox to configure and control application rights and privileges will be presented. Existing sandbox-related technologies will be briefly discussed, including SELinux, ChakraVyuha, User Mode Linux, and Virtual Machines. The strengths and trade-offs of these technologies will be discussed. Social and technical barriers that prevent widespread use of these technologies will be listed.

This will not cover implementation details of a sandbox environment by the operating system, but will emphasize the need and value of such a system, from both the application owner and the end-user's perspectives.

Über den Autor Gordon Hopper:

Gordon Hopper an advocate for Linux and open standards. He holds a BS degree in Computer Engineering and an MS degree in Computer Science. Gordon has spent 10 years working on IT systems, and currently works as a software engineer for Motorola in Arizona. Gordon is passionate about security, reliability, ease-of-use, and automation. He thinks that software should just work.