Together with some other coworkers we have been working on a
reference implementation of the security through isolation concept using
virtualization. This project is using Xen to provide a contained virtualized
environment where malware can run without affecting the whole system.
The goal for this project is to foster the usage of
virtualization technology in client platforms (desktops and notebooks) using
security as a usage driver. This reference implementation provides certain
capabilities which serve as a starting point for the long term goal; some of
- To manage paused Sandbox Virtual
Machines ready to be awaken instantaneously to execute suspicious applications
- To destroy and re-open the Sandbox
Virtual Machines once the contained suspicious application was closed
Especially, we think that the module which manages the Ready-to-be-executed
Sandbox VMs (VM-Pool at Domain 0) may be suitable for other purposes such as high
availability of virtual appliances, short-delay responses for highly loaded
services, among others; so we’d like to hear from any suggestion on how
to adapt it to meet new needs.
We invite you to try the current version of the project Isolated
Execution. You can find the code and the documentation about how to compile and
install it at Source Forge: http://isolated-exec.sourceforge.net.
Also, at http://isolated-exec.sourceforge.net/?q=node/6,
you can find a flash description of what the “early-product” does.
We’d appreciate to receive feedback from the community
about the overall concept, and whether you’d like to go deep on any
aspect of it. Given that this is a reference implementation and is not complete,
we think that the Xen Research Community is the right group to enrich the
design and evolve the model. We invite you to post comments/suggestions at http://isolated-exec.sourceforge.net/?q=node/4.
Thanks and see you there!