This is the first article in a 3 part series on Process and data isolation strategies. In this article we will look at sandboxes and process imprisonment.
Before we get into it, we need to understand why processes should be isolated in the first place.
Wait a minute, what's a process? Aren't they technically isolated already?
We'll answer all of these shortly.
A process is a program that is being executed, to which is associated a processor and memory environment (known as process context).
- A processor environment is simply execution time of the process by the CPU
- The memory environment refers to the memory allocated to the process, memory for the executable code and the data created by the program
In general, a process cannot directly access the process context of another process. This is because processes are isolated from each other for security and stability reasons. Each process has its own address space, which means that the memory and resources allocated to one process are not directly accessible by another process.
However, operating systems provide mechanisms for inter-process communication (IPC) that allow processes to exchange data and synchronize their actions.
These mechanisms of IPC are what necessitate the use of process isolation techniques to ensure that processes are completely isolated from each other.
Another reason to employ process isolation techniques is to minimize exposure of the OS to danger. If we execute potentially malicious programs in isolated environments, they cannot access critical system files or replicate uncontrollably.
Sandbox isolation
A sandbox is a sealed environment in which a process can run without affecting the OS.
This environment is temporary, once the environment is closed, all the software, files and their states are deleted.
If a process runs in a sandbox, its child processes will too.
This can be used to execute potentially malicious applications to eliminate the risk of infecting the OS.
Windows 10 (Pro and Enterprise) and Windows 11 come with a sandbox. Firejail is a sandbox for Linux
The drawback of this method is that there is no persistence of data (although it could be seen as an advantage too). This isn't ideal to be used in cases where we want to isolate the process but also want it to function with data it stores.
Process imprisonment
These techniques are an improvement of the sandbox technique, allowing the process to store data and access files.
The basic principle behind these techniques is to keep a process restricted to a particular subtree in the system's directory tree.
chroot (change root)
In Unix systems, the root directory (/) is the highest point in the directory tree. From this point, a process can access all the users, applications, services, etc. of the system which can be catastrophic.
This technique involves creating a "fake" root directory with a similar structure to that of the real root. This way, the process will not be able to go above this one into the real root directory.
This reduces the extent to which a malware can cause harm, as they don't have access to the real directories in which sensitive data is stored.
This technique is only available on Unix OSs.
freeBSD jails
Jails are an improvement of the chroot imprisonment mechanism.
They give the processes a complete environment with users, user groups, network resources, etc.
These jails are characterized by:
- A directory tree in the file system (like in chroot). The root of this directory tree is the jail's root directory.
- A hostname
- An IP address
Solaris zones
They increase the functionalities of BSD jails. The extras they provide are:
- The zones can also be assigned a physical network interface.
- The zones can have their own file system different from that of the OS (the file system must be supported by the OS though)
Why use process imprisonment techniques?
It is important to note that process imprisonment techniques are not meant only to execute malicious programs (truth be told, if you are dealing with a malicious program you probably should use a sandbox). We will look at some reasons why they are used
Isolation: these techniques confine processes to a restricted environment, limiting their access to the rest of the system.
If a process is compromised, the potential damage it can cause is reduced, preventing unauthorized access to critical system files and resources.Security: they help to reduce the attack surface of the system. Process isolation minimizes the impact of vulnerabilities or exploits within individual processes. Even if an attack gains control over a jailed process, they are confined to the restricted environment and cannot access sensitive system resources.
Testing and Development: Process imprisonment techniques are valuable in testing and development environments where you need to replicate production environments. They allow you to create isolated environments for testing applications without affecting the rest of the system. This helps in identifying and fixing issues without risking the stability or security of the production environment.
Multi-tenancy: In an environment where multiple users or applications share the same infrastructure, process imprisonment techniques provide a way to ensure that each tenant remains isolated from others. This helps prevent one tenant from interfering with or accessing the data of another tenant.
You can download the slides to this explanation from this LinkedIn post
Cover image credits to kues1 on freepik
Top comments (0)