Is Sandboxing the End-All Solution?

When you have millions of lines of code, like you have in an Operating System, you will have bugs. Hackers can use these coding bugs to create exploits. Microsoft and Adobe products have been a favorite target for hackers. But how do you protect software from hackers when there are unknown bugs?

The answer just might be sandboxing. But what is sandboxing? According to Wikipedia:

A sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users. The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.

We see this technology used in Virtual Machines. Several guest operating systems can run on a host system, and each has its own memory space, hard drive storage, etc.  They are on a single machine but are not allowed to communicate with each other. These types of features are being used in the development of secure Operating Systems. The client user space will not be allowed to communicate (or theoretically infect) the core functions of the system.

Programs can be sandboxed too.  Google and Adobe have added sandboxing features to their Chrome and PFD Reader products. If the products are compromised, this should limit the ability of the hacker to access the rest of the system.

But how well will this work? Sandboxing is a great idea, and will help a lot in dealing with buggy code. Although in reality is just another level of defense. Granted it adds to the difficulty of penetration, but it will be compromised just like everything else is over time.

Unfortunately security, like Anti-Virus, is a constantly evolving process. As soon as a new anti-virus definition comes out for the latest virus, three more new viruses are detected. The same is true in the security field. When a new security product comes out to address an issue, exploits and ways to bypass it follow along shortly.

At this point in the game, your hope is that you have added enough protection to your systems that the attacker gives up and moves on to easier pray. And to keep logs and monitor your systems in case they don’t.

~ by D. Dieterle on December 21, 2010.

One Response to “Is Sandboxing the End-All Solution?”

  1. […] This post was mentioned on Twitter by Lee. Lee said: Is Sandboxing the End-All Solution? […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: