Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Null Bangalore Meet 18/03/17

292 views

Published on

A presentation on Security by Isolation.

Published in: Technology
  • Login to see the comments

Null Bangalore Meet 18/03/17

  1. 1. Security by Isolation Subash SN sns [a] vuln.in
  2. 2. 2 Approaches to Security Correctness Obfuscation Isolation
  3. 3. 3 Isolation Sandboxes Containers Virtual Machines Physical
  4. 4. 4 Containers 101 Like FreeBSD Jails and Solaris Zones, Linux containers are self- contained execution environments -- with their own, isolated CPU, memory, block I/O, and network resources -- that share the kernel of the host operating system. The result is something that feels like a virtual machine, but sheds all the weight and startup overhead of a guest operating system.
  5. 5. 5 Containers? Which one? LXC Docker OpenVZ
  6. 6. 6
  7. 7. 7 How containers isolate? cgroups and namespaces Additionally: SELinux AppArmor Seccomp
  8. 8. 8 Sandboxing Firejail Subuser Chrome ( chrome://sandbox )
  9. 9. 9
  10. 10. 10 Container, VM escape
  11. 11. 11 Nothing beats Physical Isolation? Right? Attacks on Air-gapped systems → Fan → Electromagnetic radiation → LED → Speaker/Mic Just anything a software can affect.
  12. 12. 12
  13. 13. 13 QubesOS
  14. 14. 14 Proxmox
  15. 15. 15 Thank you Subash sns@vuln.in

×