Security/Automation/Winter Of Security 2015/MIG Agent Sandboxing: Difference between revisions

Team

Introduction

Teodora Băluță

I am an aspiring Linux kernel developer and have been hacking some low-level Android. Other skills are systemsadministration, operating systems and networking. I like programming in C and have programmed in C++, Java, a bit of Python. I've worked with tools like gdb, Burp and IDA. After enrolling in the Master's program and taking security-related classes I have found this subject very exciting so as part of MWOS I'd like to do some "real" open-source work in security.

TL;DR operating systems, Linux kernel programming, low-level Android, C, binary exploitation, Linux kernel programming

Vladimir Diaconescu

Skills:

• binary reverse engineering and exploitation
• Linux wireless programming

Programming languages: C, Assembly x86, Python

Tools: GDB, IDA, Burp

Interests:

• low-level security
• Linux kernel programming

Motivation:

Constantin-Alexandru Tudorică

Skills:

• Binary reverse engineering and exploitation
• Web exploitation ( XSS, CSRF, Sql injection in Oracle and Mysql servers, rate limiting bypass)
• Api exploitation and fuzzing

Programming languages: C/C++, x86 assembly, Python, Java

Tools: IDA, Charles, Burp, Dirty Joe

Interests:

• Web security
• Android security
• Masters research project: "Context aware security framework for Android"

Motivation:

Members

• Teodora Băluță
• Vladimir Diaconescu
• Constantin-Alexandru Tudorică
• University Advisor: Răzvan Deaconescu
• Mozilla Advisors: Aaron Meihm, Guillaume Destuynder

Project

Mozilla InvestiGator (MIG) is a digital forensics platform used by Mozilla to monitor the security of servers. MIG deploys an agent on systems that is used to maintain the security of the infrastructure. The agent currently runs as root in order to run investigation modules that have low-level access to the system. The goal of this project is to sandbox the MIG Agent on Linux in a way that allows each part to perform investigative work while having as little privileges as possible. The team will have to use the Linux Seccomp mechanism, and the existing Go library, to implement a sandbox in the Agent. If possible, the team will also evaluate sandboxing on MacOS and Windows.

Success Criteria

This project is successful if it provides an implementation which successfully manages to sandbox the MIG Agent, via the Go language and Seccomp library. The targeted operating system is Linux, with MacOS and Windows as possible objectives to be considered.

Roadmap

1. Investigation:
   • Go language beyond the basics
   • Building, deploying and running MIG
   • Digging into MIG; MIG internals, architecture
   • Investigate Windows and Mac OS X sandboxing solutions
2. Design:
   • Aim for generic sandboxing solution (portable, working on multiple sandboxing "back-ends")
   • Create generic sandbox requirements for MIG agent: filesystem access, network
   • Create a whitelist approach for creating a sandbox profile
   • Decide on sandbox applying flow for MIG agent; what is the flow for a MIG agent to run inside the sandbox (fork, exec, scripts, wrapper calls etc.)
3. Implementation:
   • Implement minimal sandbox for Linux seccomp using Go
   • (optional) Port/implement sandbox for Mac OS X, Windows
4. Testing and Evaluation:
   • Measure resource consumption and overhead
   • Validate implementation using existing unit tests
   • Investigate ways of validating sandboxed apps: is an app running correctly when compared to a sandboxed app

Updates