[Cryptography] Open Source Sandboxes to Enforce Security on Proprietary Code?
Jerry Leichter
leichter at lrw.com
Mon Aug 25 15:16:34 EDT 2014
On Aug 25, 2014, at 12:02 PM, Ben Laurie <ben at links.org> wrote:
>> A fascinating bit of work on the inverse problem: Running an application securely under a hostile OS: http://sva.cs.illinois.edu/pubs/VirtualGhost-ASPLOS-2014.pdf
> Surely this is not the inverse problem - it's the same one - the
> presence of a hypervisor makes the OS just more code that can be
> sandboxed,
That point of view makes sense as well. But neither is the whole story.
In traditional sandboxing, I trust the OS and its sandbox framework to run possibly-hostile code.
Here, I trust the framework, I may or may not trust the application, but I don't trust the OS "between" them.
The really novel idea in Virtual Ghost (though they credit earlier efforts of which I was not previously aware as paving the way) is that of creating "trusted compartments" within a generally untrusted framework. In a way, it's much like using an appropriately devised encrypted tunnel to connect trusted endpoints through an untrusted network.
I get the feeling there's a general abstraction underlying these various implementations that we haven't quite grasped yet.
-- Jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140825/47c5d371/attachment.bin>
More information about the cryptography
mailing list