[cap-talk] Apiary: Easy-to-Use Desktop Application Fault Containment, on Commodity Operating Systems
Sandro Magi
Operating Systems, by Shaya Potter and Jason Nieh:
Desktop computers are often compromised by the inter action of untrusted
data and buggy software. To address this problem, we present Apiary, a
system that transparently contains application faults while retaining
the usage metaphors of a traditional desktop environment.
Apiary accomplishes this with three key mechanisms. It isolates
applications in containers that integrate in a controlled manner at the
display and file system. It introduces ephemeral containers that are
quickly instantiated for single application execution, to prevent any
exploit that occurs from persisting and to protect user privacy. It
introduces the Virtual Layered File System to make instantiating
containers fast and space efficient, and to make managing many containers
no more complex than a single traditional desktop. We have implemented
Apiary on Linux without any application or operating system kernel
changes. Our results with real applications, known exploits, and a
24-person user study show that Apiary has modest performance overhead,
is effective in limiting the damage from real vulnerabilities, and is as
easy for users to use as a traditional desktop.
http://www.ncl.cs.columbia.edu/publications/usenix2010_apiary.pdf
I've only briefly skimmed it, but it seems to use similar approaches to
CapDesk/Polaris and Plash, though the TCB seems larger since they add
new safe abstractions. I don't think they solve spoofing attacks
addressed by Polaris and Plash using petnames.
Sandro
_______________________________________________
cap-talk mailing list
cap-...@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk