I find it interesting that despite the volume of buisness being done via the Internet, there's been little or no security awareness programs coming out of Africa. Most IT education conference in Africa focuses on using the functionality the cyber space provides, while neglecting the corresponding risk that is inherent in those new cyber technologies.
The principle of least privilege deals with confinement of access to only the allowed processes. Access control helps enforce this principle based on a well defined policy of authentication and authorization. Many experts have explored the issue of security confinement and suggested ways to counter the problem by using virtual machines, sandboxes and other detection controls of covert channels. Security confinement problem is described as the device inability to prevent data from being leaked to unauthorized process (including groups and users). A client should be able to request information from a server without the server leaking the information to unauthorized process in the course of fulfilling the request. Solving the confinement issue requires that we know every entry into and exit out of an application. This includes any unintended communication or storage path also referred to as a covert channel. Maintaining a security confinement becomes harder when we take into consideration the fact that it has to be transitive (user A invokes a confined process A, if process A has to invoke process B, the new process should also remained confined as the original process). As stated above, this problem can be resolved to a very large extent, by isolation mechanisms and analysis of covert channels. One isolation mechanism is the virtual machine which simulates the hardware of a computer system. A typical implementation is the VM ware which performs different processes within a confined process. The physical hardware only sees one process and monitors that process, so any process being executed within the virtual environment is separated from the normal hardware process. This implementation achieves a transitive security confinement. The second type of isolation mechanism is the sandbox and operates for all intent and purposes, like the VM ware. A java virtual machine is a good example of how a sandbox works. Applets are downloaded into this sandbox and are allowed to be executed based on the JVM security policy and the configuration of the applet itself. Covert channel presents a different challenge because it has to be detected before it can be blocked or monitored. This is sometimes difficult when we realize that we are dealing with communication and/or storage path that are not intended to be used as such. The use of a packet flow mechanism with detail analysis can help detect a covert channel. If the covert channel cannot be eliminated, it is suggested that it should be made less useful by reducing the capacity or the ability of a hacker to make any sense of what is being processed.
2 comments:
Hi All
I find it interesting that despite the volume of buisness being done via the Internet, there's been little or no security awareness programs coming out of Africa. Most IT education conference in Africa focuses on using the functionality the cyber space provides, while neglecting the corresponding risk that is inherent in those new cyber technologies.
Security Confinement problem
The principle of least privilege deals with confinement of access to only the allowed processes. Access control helps enforce this principle based on a well defined policy of authentication and authorization. Many experts have explored the issue of security confinement and suggested ways to counter the problem by using virtual machines, sandboxes and other detection controls of covert channels.
Security confinement problem is described as the device inability to prevent data from being leaked to unauthorized process (including groups and users). A client should be able to request information from a server without the server leaking the information to unauthorized process in the course of fulfilling the request. Solving the confinement issue requires that we know every entry into and exit out of an application. This includes any unintended communication or storage path also referred to as a covert channel. Maintaining a security confinement becomes harder when we take into consideration the fact that it has to be transitive (user A invokes a confined process A, if process A has to invoke process B, the new process should also remained confined as the original process). As stated above, this problem can be resolved to a very large extent, by isolation mechanisms and analysis of covert channels.
One isolation mechanism is the virtual machine which simulates the hardware of a computer system. A typical implementation is the VM ware which performs different processes within a confined process. The physical hardware only sees one process and monitors that process, so any process being executed within the virtual environment is separated from the normal hardware process. This implementation achieves a transitive security confinement.
The second type of isolation mechanism is the sandbox and operates for all intent and purposes, like the VM ware. A java virtual machine is a good example of how a sandbox works. Applets are downloaded into this sandbox and are allowed to be executed based on the JVM security policy and the configuration of the applet itself.
Covert channel presents a different challenge because it has to be detected before it can be blocked or monitored. This is sometimes difficult when we realize that we are dealing with communication and/or storage path that are not intended to be used as such. The use of a packet flow mechanism with detail analysis can help detect a covert channel. If the covert channel cannot be eliminated, it is suggested that it should be made less useful by reducing the capacity or the ability of a hacker to make any sense of what is being processed.
Ola Osunkoya Ph.D
Post a Comment