apiary easy to use desktop application fault containment
play

Apiary: Easy-to-Use Desktop Application Fault Containment on - PowerPoint PPT Presentation

Oct 27, 2022 •286 likes •793 views

Apiary: Easy-to-Use Desktop Application Fault Containment on Commodity Operating Systems Shaya Potter and Jason Nieh June 23, 2010 USENIX ATC IBM Research Research performed at Columbia University Desktop Applications are Buggy! Desktop

  1. Apiary: Easy-to-Use Desktop Application Fault Containment on Commodity Operating Systems Shaya Potter and Jason Nieh June 23, 2010 USENIX ATC IBM Research Research performed at Columbia University

  2. Desktop Applications are Buggy!  Desktop applications are prone to being exploited  Adobe Acrobat – multiples times in 2009-2010  PDF has dethroned MS Word documents as most common malware vector [F-Secure]  But why should this even be possible?  I want to view the PDF as a “read-only” item

  3. Approaches to Application Security  Access Control Systems  Ex: Janus, Systrace, SELinux…  Rewrite/Recompile Applications  Ex: Java, Google’s Native Client  Isolating Applications in Virtual Machines  Ex: VMware Unity

  4. Isolated VMs for each Application? Pros  No need to make complex rules  Exploited applications are isolated  Works with existing applications Cons  Exploited applications remain exploited  Significant runtime overhead  Lose integrated desktop feel  Increase management burden

  5. Apiary

  6. Desktop Applications are Isolated Web Office Documents E-Mail Banking / IM Media Finance

  7. Persistent Application Containers  Changes persist between application execution  Needed for persistent data  Quicken  Research Papers  But persistent data still needs to be isolated  Office documents have no need to access financial data in Quicken

  8. Apiary Retains Desktop Look and Feel

  9. Introduces Ephemeral Containers PDF PDF Media

  10. Ephemeral Application Containers  Compromises cannot persist  Protects from concurrent compromises  Protects privacy  Enables untrusted data to be viewed safely

  11. Problems to Solve  Exploited applications remain exploited  Significant overhead  Lose integrated desktop feel  Increase management burden

  12. Apiary’s Architecture 3 Components  OS Containers 1. Display Virtualization 2. Virtual Layered File System (VLFS) 3.

  13. OS Containers  OS Containers are prevalent on commodity OSs  Solaris Zones, Linux Containers/VServer  Low overhead  Quick to instantiate  Lower isolation than hardware VMs  Apiary can be used with hardware VMs if threat model requires it

  14. Problems to Solve  Exploited applications remain exploited  Significant overhead  Lose integrated desktop feel  Increase management burden

  15. Containers Integrated at Multiple Points Display 1. Inter-Application Execution 2. File System 3.

  16. Integrated Display Problem  Each container must have isolated displays  XSendEvent() / W32SendMessage() are vectors to exploit other running applications  But, need a single desktop environment Solution  Provide each container with its own virtual display server  Viewer composes together containers’ displays  Single display, menu, task bar

  17. Display Integration

  18. Integrated Applications Problem  Applications in different containers depend on each other  Firefox wants to run a PDF viewer or OpenOffice to view documents Solution  Applications can execute each other in an ephemeral helper mode

  19. Integrated Applications Web PDF Media PDF

  20. Integrated File System Problem:  Ephemeral helper applications are useless if data can’t be shared  How does Firefox pass the PDF file to the PDF viewer? Solution  Limited File System Integration  Protected/Shared “ /tmp ” for inter-application execution

  21. Integrated File System – /tmp /tmp firefox ooffice t-bird  Each container has its own directory under /tmp

  22. Integrated File System – /tmp /tmp firefox ooffice t-bird file.pdf  Each container uses that directory as its own temp directory  Firefox will save all temporary files to /tmp/firefox

  23. Integrated File System – /tmp /tmp firefox ooffice t-bird  But files are invisible to other containers

  24. Integrated File System – /tmp /tmp firefox ooffice t-bird file.pdf  Firefox will launch xpdf /tmp/firefox/file.pdf

  25. Integrated File System – /tmp /tmp firefox ooffice t-bird eph-xpdf file.pdf  Creates a new ephemeral container for Xpdf  Allows /tmp/firefox/file.pdf to be visible in the new ephemeral Xpdf container  Ephemeral Xpdf container executes program as called

  26. Integrated File System – Global View Problem  Files might need to be shared between isolated containers. Solution  File System Manager Container  Provides a global namespace view to move files between containers

  27. Problems to Solve  Exploited applications remain exploited  Significant overhead  Lose integrated desktop feel  Increase management burden

  28. Container Management Problems  How do we efficiently provision them?  How do we efficiently store them?  How do we efficiently get updates applied?

  29. Possible Approaches?  Package Management  COW Disks/File Systems

  30. Package Management Web PDF Office

  31. COW Disks/File Systems Template Image Web PDF Office Clone #1 Web PDF Office Web PDF Office Clone #2

  32. COW Disks/File Systems Template Image Web-v2 PDF Office Clone #1 Web PDF Office Web PDF Office Clone #2

  33. The Virtual Layered File System  Makes the FS a full partner with the package manager  Packages are transformed into a set of shared layers  Combine Unioning File System concepts with package management

  34. VLFS Example Layers Web Office LibC X11 Provisioned VLFSs Web Office Suite

  35. The VLFS/Software Appliance  VLFS defines Software Appliance

  36. How Apiary Uses the VLFS  Users install application appliances instead of individual applications  Predefined sets of layers  Able to be created by various organizations  Banks  ISVs  Appliances leverage global set of layers  Don’t need to manage systems from scratch

  37. How Does it Solve the Problems?  How do we efficiently provision them?  Shared Layers means no copying  Instantly able to create file systems for ephemeral execution  How do we efficiently store them?  Each common layer is only stored once, like a regular system  How do we efficiently get updates applied?  Update layer once in repository, able to be used by all application containers that depend on that layer

  38. Other VLFS Advantages  How do we make sure they are secure?  Dividing into layers isolates changes, makes malicious changes visible  Avoids “DLL Hell”  Each application container has its own independent set of shared libraries  Allows incompatible applications to be installed in same machine

  39. Problems to Solve  Exploited applications remain exploited  Significant overhead  Lose integrated desktop feel  Increase management burden

  40. Experimental Results

  41. Case Study #1 – Malicious PDF File  Traditional Desktop  Can destroy entire computer  Always viewed in ephemeral container  Attack succeeds  Doesn’t affect user

  42. Case Study #2 – Malicious Plugins  Traditional Computer – Persistent, invisible  Ephemeral Container  Doesn’t impact user beyond current ephemeral instance  Persistent Container – Worse  Does damage  Can have multiple Persistent Containers for similar programs  Similar to Red/Green Isolation  Can see if system programs were modified by looking at private layer

  43. Usage Study  24 Users performed tasks including:  E-mail  IMing  Web Browsing  Document editing  Three environments – Plain Linux, No Ephemeral Containers, Ephemeral Containers

  44. Usage Study  Task completion time was about the same in all containers  Users didn’t notice overhead of instantiating ephemeral containers  Users found environment easy to use

  45. Overhead as Containers Scale  25 parallel instances/containers running each test  Overhead generally minimal, even kernel build is only about 10%

  46. Quick Instantiation Firefox T-Bird OOffice Xpdf Mplayer Apiary .005s .005s .005s .005s .005s Create 276s 294s 365s 291s 294s Tar Extract 86s 87s 150s 81s 81s FS-Snap .016s .016s .016s .016s .016s  Why not use an FS with a snapshot/branching semantic (ZFS/Btrfs?)  Provisions basically as quick!  But, each FS once branched is independent Has to be managed independently! 

  47. Efficient Disk Usage Firefox T-Bird OOffice Xpdf Mplayer Size 353MB 367MB 645MB 339MB 355MB # Layer 129 125 186 130 162 Shared 330MB 335MB 329MB 330MB 326MB Unique 23MB 32MB 316MB 9MB 29MB Single FS Multiple FS VLFSs Size 743MB 2.1GB 743MB

  48. Fast File System Updates Traditional VLFS Time 18s 0.12s  Time is just for actual file system update  For machine maintenance in Apiary, machines can be offline which can add significant time to the traditional updates

  49. Conclusions  Apiary introduces a new compartmentalized application paradigm  Works with existing applications, without changes or recompilation  Introduces Ephemeral Containers to prevent compromises from persisting  VLFS enables simple container management  Low Overhead and Easy to Use

  50. Questions?  For more information http://www.ncl.cs.columbia.edu/ spotter@cs.columbia.edu spotter@us.ibm.com

Recommend

HIVE: Fault Containment for Shared-Memory Multiprocessors J. Chapin, M. Rosenblum, S. Devine, T.

HIVE: Fault Containment for Shared-Memory Multiprocessors J. Chapin, M. Rosenblum, S. Devine, T.

HIVE: Fault Containment for Shared-Memory Multiprocessors J. Chapin, M. Rosenblum, S. Devine, T. Lahiri, D. Teodosiu, A. Gupta CSE 598C Presented by: Sandra Rueda The Problem O.S. for managing FLASH architecture (large shared-memory

464 views • 22 slides
Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier,

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier,

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier, Xiaolu Hou and Yang Liu 10 September 2018 1 / 25 Table of Contents Background and Motivation 1 Overview of DATAC DFA Automation Tool for

727 views • 25 slides
Geotechnical Desktop Study Borings >100 feet deep Water Well Logs Regional Geology Fault

Geotechnical Desktop Study Borings >100 feet deep Water Well Logs Regional Geology Fault

Geotechnical Desktop Study Borings >100 feet deep Water Well Logs Regional Geology Fault Mapping & Behavior Geotechnical Desktop Study Borings Identified >100 Feet Deep Faulting Grain Size Distribution Comparison Inverted Siphon

733 views • 30 slides
Protocols for Application and Desktop Sharing draft-lennox-avt-app-sharing-00 IETF AVT Working

Protocols for Application and Desktop Sharing draft-lennox-avt-app-sharing-00 IETF AVT Working

Protocols for Application and Desktop Sharing Audio/Video Transport Protocols for Application and Desktop Sharing draft-lennox-avt-app-sharing-00 IETF AVT Working Group Wednesday, March 9, 2005 Jonathan Lennox/Henning Schulzrinne/Jason

277 views • 17 slides
Apiary Program 2019 Jennifer Lund Maine State Apiarist Department of Agriculture, Conservation

Apiary Program 2019 Jennifer Lund Maine State Apiarist Department of Agriculture, Conservation

3 Apiary Program 2019 Jennifer Lund Maine State Apiarist Department of Agriculture, Conservation and Forestry Division of Animal and Plant Health Email: jennifer.lund@maine.gov Office: 207-287-7562 Cell: 207-441-5822 Apiary ry Program

682 views • 22 slides
Improving Scalability and Fault Improving Scalability and Fault Tolerance in an Application

Improving Scalability and Fault Improving Scalability and Fault Tolerance in an Application

Improving Scalability and Fault Improving Scalability and Fault Tolerance in an Application Tolerance in an Application Management Infrastructure Management Infrastructure Nikolay Topilski , Jeannie Albrecht, and Amin Vahdat Williams College

560 views • 18 slides
Web Application Fault Classification An Exploratory Study Yuepu Guo, Sreedevi Sampath

Web Application Fault Classification An Exploratory Study Yuepu Guo, Sreedevi Sampath

Web Application Fault Classification An Exploratory Study Yuepu Guo, Sreedevi Sampath University of Maryland Baltimore County presentation by Daniel Kellenberger 01.06.2010 Why Do We Need (Another) Fault Classification? Fault-based

647 views • 16 slides
C3D Viewer What is C3D Viewer? Test application for C3D Vision and C3D Converter Desktop

C3D Viewer What is C3D Viewer? Test application for C3D Vision and C3D Converter Desktop

C3D Viewer What is C3D Viewer? Test application for C3D Vision and C3D Converter Desktop application for end-users Embedded application for software developers Navigation Pan Rotate/Spin Zoom Zoom fit Standard views

310 views • 10 slides
Spectator: Detection and Containment of JavaScript Worms By Livshits & Cui Presented by

Spectator: Detection and Containment of JavaScript Worms By Livshits & Cui Presented by

Spectator: Detection and Containment of JavaScript Worms By Livshits & Cui Presented by Colin The Problem AJAX gives JS an environment nearly as flexible as a C/asm on a desktop OS Buffer overruns allow asm code injection

509 views • 32 slides
Spill Containment and Commerce www.containmentcorp.com (800) 235-7421 Executive Summary -What

Spill Containment and Commerce www.containmentcorp.com (800) 235-7421 Executive Summary -What

Spill Containment and Commerce www.containmentcorp.com (800) 235-7421 Executive Summary -What is Spill Containment, Secondary Containment and a Spill Prevention Plan -Marine Containment vs. Above-Ground Containment -Dangers of Spills, Costs,

636 views • 19 slides
LAMP Installation Ubuntu Desktop Overview These notes are for the easy installation of a LAMP

LAMP Installation Ubuntu Desktop Overview These notes are for the easy installation of a LAMP

LAMP Installation Ubuntu Desktop Overview These notes are for the easy installation of a LAMP server and phpmyadmin onto the Desktop environment with some additional notes on the php.ini file and MagicQuotes. For installation onto a Server

501 views • 17 slides
Easy, Scalable, Fault-tolerant Stream Processing with St Structured ed St Strea eamin ing

Easy, Scalable, Fault-tolerant Stream Processing with St Structured ed St Strea eamin ing

Easy, Scalable, Fault-tolerant Stream Processing with St Structured ed St Strea eamin ing Burak Yavuz DataEngConf NYC October 31 st 2017 Who am I Software Engineer Databricks - We make your

804 views • 66 slides
Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
OVERVIEW AnniList is a powerful tracking application that uses RFID/NFC technology with an easy

OVERVIEW AnniList is a powerful tracking application that uses RFID/NFC technology with an easy

OVERVIEW AnniList is a powerful tracking application that uses RFID/NFC technology with an easy to operate platform, allowing you to track just about anything protocol and process related - No more paper checklists or notepads - Easy-to-use

787 views • 10 slides
What is a good pen based application? The windows desktop and browser are HCI For Pen Based

What is a good pen based application? The windows desktop and browser are HCI For Pen Based

What is a good pen based application? The windows desktop and browser are HCI For Pen Based Computing NOT good pen based apps! Richard Anderson CSE 481 B Winter 2007 What is a good UI? How do you measure it? Mechanical Properties

208 views • 8 slides
Using Linear Codes as a Fault Countermeasure for Non-Linear Operations : Application to AES and

Using Linear Codes as a Fault Countermeasure for Non-Linear Operations : Application to AES and

Using Linear Codes as a Fault Countermeasure for Non-Linear Operations : Application to AES and Formal Verification work co-funded by the PRINCE project Sabine Azzi, Bruno Barras, Maria Christofi , David Vigilant PROOFS workshop 2015, September

493 views • 45 slides
What You Dont Know About Ground Fault Protection Can Negatively Affect You and Your Equipment

What You Dont Know About Ground Fault Protection Can Negatively Affect You and Your Equipment

What You Dont Know About Ground Fault Protection Can Negatively Affect You and Your Equipment S. Frank Waterer EE Fellow, Schneider Electric Engineering Services Proper Application of Ground Fault Relaying (Ground Fault Protection

1.22k views • 77 slides
The K Desktop Environment (KDE) Page 1 We Shall be Covering ... Desktop environment The

The K Desktop Environment (KDE) Page 1 We Shall be Covering ... Desktop environment The

The K Desktop Environment (KDE) Page 1 We Shall be Covering ... Desktop environment The KDE Desktop Control Center Konqueror Help Center Page 2 The Desktop Environment A common graphical user interface and platform

323 views • 17 slides
Data Management CS 4720 Mobile Application Development CS 4720 Desktop Applications

Data Management CS 4720 Mobile Application Development CS 4720 Desktop Applications

Data Management CS 4720 Mobile Application Development CS 4720 Desktop Applications What are some common applications you use day-to-day? Browser (Chrome, Firefox, Safari, etc.) Music Player (Spotify, iTunes, etc.) Office

533 views • 18 slides
Web Engineering simple easy to author for non-computer-experts application independent

Web Engineering simple easy to author for non-computer-experts application independent

HTML Design Goals Web Engineering simple easy to author for non-computer-experts application independent Prof. Dr. Dr. h.c. mult. Gerhard Krger, Albrecht Schmidt any application should be possible Universitt Karlsruhe

732 views • 15 slides
Easy-to-Use Easy-to-Install Easy on the Budget orecx.com Easy-to-Use

Easy-to-Use Easy-to-Install Easy on the Budget orecx.com Easy-to-Use

Easy-to-Use Easy-to-Install Easy on the Budget orecx.com Easy-to-Use Easy-to-Install Easy on the Budget OrecX Call Recording The issue is simple: You want to comply with regulatory requirements and improve customer service by

204 views • 9 slides
A Modified Fuzzy Min-Max Neural Network and Its Application to Fault Classification Anas M.

A Modified Fuzzy Min-Max Neural Network and Its Application to Fault Classification Anas M.

A Modified Fuzzy Min-Max Neural Network and Its Application to Fault Classification Anas M. Quteishat and Chee Peng Lim School of Electrical & Electronic Engineering University of Science Malaysia Abstract The objectives of this paper are:

689 views • 31 slides
Statistical Fault Attacks Revisited Application to Authenticated Encryption C. Dobraunig, M.

Statistical Fault Attacks Revisited Application to Authenticated Encryption C. Dobraunig, M.

Statistical Fault Attacks Revisited Application to Authenticated Encryption C. Dobraunig, M. Eichlseder, T. Korak, V. Lomn e, F. Mendel ASK 2016 The research leading to these results has received funding from the European Unions Horizon

551 views • 26 slides
The State of the Linux Desktop An OSDL Perspective John Cherry OSDL Desktop Linux (DTL)

The State of the Linux Desktop An OSDL Perspective John Cherry OSDL Desktop Linux (DTL)

The State of the Linux Desktop An OSDL Perspective John Cherry OSDL Desktop Linux (DTL) September 23, 2006 1 2 The State of the Linux Desktop Riding the Open Software Wave The Linux Desktop Markets Linux Desktop Market Data The Linux

543 views • 40 slides

More recommend