process virtualization and sandboxing
DESCRIPTION
The lecture by Sartakov A. Vasily for Summer Systems School'12. Brief introduction to VMI and FMA technologies. SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security. 1. http://ksyslabs.org/TRANSCRIPT
Process Virtualization and Sandboxing
Concepts to isolate processes in user space: Process VirtualizationSandboxing
четверг, 26 июля 12 г.
Byte Code Translation
Process virtual machines using Just-In-Time (JIT) Compilation to translate VM specific byte code to machine code at run-time:
The .Net Common Language Runtime (CLR)The Java Virtual Machine and the Dalvik VM
четверг, 26 июля 12 г.
Android Dalvik VM
Android middleware contains an inter-component communication (ICC) reference monitor to enforce policies.
четверг, 26 июля 12 г.
Sandboxing Untrusted Native Code
Native Client uses software fault isolation and a secure runtime to direct system interaction and side effects through interfaces managed by Native Client
Native Client provides operating system portability for binary code while supporting performanceoriented features generally absent from web application programming environments, such as thread support, instruction set extensions such as SSE, and use of compiler intrinsics and hand-coded assembler.
Inter-Module Commu- nications (IMC)
Simple RPC facility (SRPC)
Netscape Plugin Application Programming Interface (NPAPI)
NaCl container.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar Google Inc.
четверг, 26 июля 12 г.