softwarepot a secure software circulation system n.
Skip this Video
Loading SlideShow in 5 Seconds..
SoftwarePot: A Secure Software Circulation System PowerPoint Presentation
Download Presentation
SoftwarePot: A Secure Software Circulation System

play fullscreen
1 / 9
Download Presentation

SoftwarePot: A Secure Software Circulation System - PowerPoint PPT Presentation

rumer
75 Views
Download Presentation

SoftwarePot: A Secure Software Circulation System

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. SoftwarePot: A Secure Software Circulation System Yoshihiro OYAMA (Univ. of Tokyo / JST) Kazuhiko KATO (Univ. of Tsukuba / JST)

  2. SoftwarePot in a NutShell • Provides virtual environment “Pot” • Pot has private namespace of resources • Contains private file tree (like chroot jail) • Virtual resource in pot can be mapped to real external resource • Snapshots of pots (pot files) are distributed as software packages • Like Zip files

  3. pot file user developer user user

  4. pot process process process remote machine security policy

  5. Installation/Uninstallation • Files in package are not extracted and installed into the original file system • Installation: downloading pot file • Uninstallation: deleting pot file • Execution:“stacking” resource views • Like UnionFS

  6. Security Policy • How to “plant” pot in real environment • How to control accesses map: /usr/local/lib /usr/local/lib /dev/null /dev/null /extern_world /home/oyama/shared_dir_for_pot … socket: allow connect *.u-tokyo.ac.jp 80 redirect 202.226.93.133 23 -> 130.158.85.97 10023

  7. Advantages • Reduced effort is required • for describing access control policies • Because accessible external resources are minimized • for preparing resources in virtual environment • Because they are distributed as pot files

  8. Implementation • User-level middleware • Syscall interception and sysarg modification • Linux: our kernel module • Solaris: procfs • One monitor process attached to each application process • Measured overhead: 6~21%

  9. Source Code Available Soon!