1,099 research outputs found
The RAppArmor Package: Enforcing Security Policies in R Using Dynamic Sandboxing on Linux
The increasing availability of cloud computing and scientific super computers
brings great potential for making R accessible through public or shared
resources. This allows us to efficiently run code requiring lots of cycles and
memory, or embed R functionality into, e.g., systems and web services. However
some important security concerns need to be addressed before this can be put in
production. The prime use case in the design of R has always been a single
statistician running R on the local machine through the interactive console.
Therefore the execution environment of R is entirely unrestricted, which could
result in malicious behavior or excessive use of hardware resources in a shared
environment. Properly securing an R process turns out to be a complex problem.
We describe various approaches and illustrate potential issues using some of
our personal experiences in hosting public web services. Finally we introduce
the RAppArmor package: a Linux based reference implementation for dynamic
sandboxing in R on the level of the operating system
Graphical Security Sandbox For Linux Systems
It has become extremely difficult to distinguish a benign application from a malicious one as the
number of untrusted applications on the Internet increases rapidly every year. In this project,
we develop a lightweight application confinement mechanism for Linux systems in order to aid
most users to increase their confidence in various applications that they stumble upon and use
on a daily basis. Developed sandboxing facility monitors a targeted application’s activity and
imposes restrictions on its access to operating system resources during its execution. Using a
simple but expressive policy language, users are able to create security policies. During the
course of the traced application’s execution, sandboxing facility makes execution decisions
according to the security policy specified and terminates the traced application if necessary.
In the case of an activity that is not covered by the policy, the facility asks for user input
through an user interface with a simple human readable format of the activity and uses that
user input to make execution decisions and to improve the security policy. Our ultimate goal
is to create a facility such that even casual users with minimal technical knowledge can use
the tool without getting overwhelmed by it. We base our tool on system call interposition
which has been a popular research area over the past fifteen years. Developed sandboxing
facility offers an user-friendly, easy to use user-interface. It monitors the given application and
detects activities that might possibly be system intrusions. Moreover, the tool offers logging
and auditing mechanisms for post-execution analysis. We present our evaluation of the tool
in terms of performance and overhead it generates when confining applications. We conclude
that developed system is successful in detecting abnormal application activity according to
specified security policies. It has been obtained that the tool adds a significant overhead to the
target applications. However, this overhead does not pose usability issues as our target domain
is personal use cases with small applications
Graphical Security Sandbox For Linux Systems
It has become extremely difficult to distinguish a benign application from a malicious one as the
number of untrusted applications on the Internet increases rapidly every year. In this project,
we develop a lightweight application confinement mechanism for Linux systems in order to aid
most users to increase their confidence in various applications that they stumble upon and use
on a daily basis. Developed sandboxing facility monitors a targeted application’s activity and
imposes restrictions on its access to operating system resources during its execution. Using a
simple but expressive policy language, users are able to create security policies. During the
course of the traced application’s execution, sandboxing facility makes execution decisions
according to the security policy specified and terminates the traced application if necessary.
In the case of an activity that is not covered by the policy, the facility asks for user input
through an user interface with a simple human readable format of the activity and uses that
user input to make execution decisions and to improve the security policy. Our ultimate goal
is to create a facility such that even casual users with minimal technical knowledge can use
the tool without getting overwhelmed by it. We base our tool on system call interposition
which has been a popular research area over the past fifteen years. Developed sandboxing
facility offers an user-friendly, easy to use user-interface. It monitors the given application and
detects activities that might possibly be system intrusions. Moreover, the tool offers logging
and auditing mechanisms for post-execution analysis. We present our evaluation of the tool
in terms of performance and overhead it generates when confining applications. We conclude
that developed system is successful in detecting abnormal application activity according to
specified security policies. It has been obtained that the tool adds a significant overhead to the
target applications. However, this overhead does not pose usability issues as our target domain
is personal use cases with small applications
Online advertising: analysis of privacy threats and protection approaches
Online advertising, the pillar of the “free” content on the Web, has revolutionized the marketing business in recent years by creating a myriad of new opportunities for advertisers to reach potential customers. The current advertising model builds upon an intricate infrastructure composed of a variety of intermediary entities and technologies whose main aim is to deliver personalized ads. For this purpose, a wealth of user data is collected, aggregated, processed and traded behind the scenes at an unprecedented rate. Despite the enormous value of online advertising, however, the intrusiveness and ubiquity of these practices prompt serious privacy concerns. This article surveys the online advertising infrastructure and its supporting technologies, and presents a thorough overview of the underlying privacy risks and the solutions that may mitigate them. We first analyze the threats and potential privacy attackers in this scenario of online advertising. In particular, we examine the main components of the advertising infrastructure in terms of tracking capabilities, data collection, aggregation level and privacy risk, and overview the tracking and data-sharing technologies employed by these components. Then, we conduct a comprehensive survey of the most relevant privacy mechanisms, and classify and compare them on the basis of their privacy guarantees and impact on the Web.Peer ReviewedPostprint (author's final draft
Retrofitting privacy controls to stock Android
Android ist nicht nur das beliebteste Betriebssystem für mobile Endgeräte, sondern auch ein ein attraktives Ziel für Angreifer. Um diesen zu begegnen, nutzt Androids Sicherheitskonzept App-Isolation und Zugangskontrolle zu kritischen Systemressourcen. Nutzer haben dabei aber nur wenige Optionen, App-Berechtigungen gemäß ihrer Bedürfnisse einzuschränken, sondern die Entwickler entscheiden über zu gewährende Berechtigungen. Androids Sicherheitsmodell kann zudem nicht durch Dritte angepasst werden, so dass Nutzer zum Schutz ihrer Privatsphäre auf die Gerätehersteller angewiesen sind. Diese Dissertation präsentiert einen Ansatz, Android mit umfassenden Privatsphäreeinstellungen nachzurüsten. Dabei geht es konkret um Techniken, die ohne Modifikationen des Betriebssystems oder Zugriff auf Root-Rechte auf regulären Android-Geräten eingesetzt werden können. Der erste Teil dieser Arbeit etabliert Techniken zur Durchsetzung von Sicherheitsrichtlinien für Apps mithilfe von inlined reference monitors. Dieser Ansatz wird durch eine neue Technik für dynamic method hook injection in Androids Java VM erweitert. Schließlich wird ein System eingeführt, das prozessbasierte privilege separation nutzt, um eine virtualisierte App-Umgebung zu schaffen, um auch komplexe Sicherheitsrichtlinien durchzusetzen. Eine systematische Evaluation unseres Ansatzes konnte seine praktische Anwendbarkeit nachweisen und mehr als eine Million Downloads unserer Lösung zeigen den Bedarf an praxisgerechten Werkzeugen zum Schutz der Privatsphäre.Android is the most popular operating system for mobile devices, making it a prime target for attackers. To counter these, Android’s security concept uses app isolation and access control to critical system resources. However, Android gives users only limited options to restrict app permissions according to their privacy preferences but instead lets developers dictate the permissions users must grant. Moreover, Android’s security model is not designed to be customizable by third-party developers, forcing users to rely on device manufacturers to address their privacy concerns. This thesis presents a line of work that retrofits comprehensive privacy controls to the Android OS to put the user back in charge of their device. It focuses on developing techniques that can be deployed to stock Android devices without firmware modifications or root privileges. The first part of this dissertation establishes fundamental policy enforcement on thirdparty apps using inlined reference monitors to enhance Android’s permission system. This approach is then refined by introducing a novel technique for dynamic method hook injection on Android’s Java VM. Finally, we present a system that leverages process-based privilege separation to provide a virtualized application environment that supports the enforcement of complex security policies. A systematic evaluation of our approach demonstrates its practical applicability, and over one million downloads of our solution confirm user demand for privacy-enhancing tools
Windows security sandbox framework
Software systems are vulnerable to attack in many different ways. Systems can be poorly implemented which could allow an attacker access to the system through legitimate means such as anonymous access to a server or security controls and access lists can be configured incorrectly which would allow an attacker access to the system by exploiting a logic flaw in the systems configuration. These security vulnerabilities can be limited by implementing software systems properly or in a more restrictive manner. Sandboxing an application allows for interception of a processes system call for verification against a defined policy. A system call can be allowed or denied based on the function being called or can have parameters analyzed and verified against a defined policy. This paper presents a sandboxing framework for Microsoft Windows operating systems. The framework is written entirely in python and uses a modular design which allows for small and simple policies. Profiles can exist for processes which automatically load user policies for a sandbox process --Document
VXA: A Virtual Architecture for Durable Compressed Archives
Data compression algorithms change frequently, and obsolete decoders do not
always run on new hardware and operating systems, threatening the long-term
usability of content archived using those algorithms. Re-encoding content into
new formats is cumbersome, and highly undesirable when lossy compression is
involved. Processor architectures, in contrast, have remained comparatively
stable over recent decades. VXA, an archival storage system designed around
this observation, archives executable decoders along with the encoded content
it stores. VXA decoders run in a specialized virtual machine that implements an
OS-independent execution environment based on the standard x86 architecture.
The VXA virtual machine strictly limits access to host system services, making
decoders safe to run even if an archive contains malicious code. VXA's adoption
of a "native" processor architecture instead of type-safe language technology
allows reuse of existing "hand-optimized" decoders in C and assembly language,
and permits decoders access to performance-enhancing architecture features such
as vector processing instructions. The performance cost of VXA's virtualization
is typically less than 15% compared with the same decoders running natively.
The storage cost of archived decoders, typically 30-130KB each, can be
amortized across many archived files sharing the same compression method.Comment: 14 pages, 7 figures, 2 table
- …