Together with some other coworkers we have been working on a reference implementation of the security through isolation concept using virtualization. This project is using Xen to provide a contained virtualized environment where malware can run without affecting the whole system.
The goal for this project is to foster the usage of virtualization technology in client platforms (desktops and notebooks) using security as a usage driver. This reference implementation provides certain capabilities which serve as a starting point for the long term goal; some of them are:
- To manage paused Sandbox Virtual Machines ready to be awaken instantaneously to execute suspicious applications
- To destroy and re-open the Sandbox Virtual Machines once the contained suspicious application was closed
Especially, we think that the module which manages the Ready-to-be-executed Sandbox VMs (VM-Pool at Domain 0) may be suitable for other purposes such as high availability of virtual appliances, short-delay responses for highly loaded services, among others; so we’d like to hear from any suggestion on how to adapt it to meet new needs.
We invite you to try the current version of the project Isolated Execution. You can find the code and the documentation about how to compile and install it at Source Forge: http://isolated-exec.sourceforge.net. Also, at http://isolated-exec.sourceforge.net/?q=node/6, you can find a flash description of what the “early-product” does.
We’d appreciate to receive feedback from the community about the overall concept, and whether you’d like to go deep on any aspect of it. We invite you to post comments/suggestions at http://isolated-exec.sourceforge.net/?q=node/4 or here.
Thanks and see you there!