Null Bangalore Meet 18/03/17

•

2 gefällt mir•403 views

Subash SN

A presentation on Security by Isolation.

Technologie

Security by Isolation
Subash SN
sns [a] vuln.in

2
Approaches to Security
Correctness
Obfuscation
Isolation

3
Isolation
Sandboxes
Containers
Virtual Machines
Physical

4
Containers 101
Like FreeBSD Jails and Solaris Zones, Linux containers are self-
contained execution environments -- with their own, isolated
CPU, memory, block I/O, and network resources -- that share the
kernel of the host operating system. The result is something that
feels like a virtual machine, but sheds all the weight and startup
overhead of a guest operating system.

5
Containers? Which one?
LXC
Docker
OpenVZ

7
How containers isolate?
cgroups and namespaces
Additionally:
SELinux
AppArmor
Seccomp

8
Sandboxing
Firejail
Subuser
Chrome ( chrome://sandbox )

11
Nothing beats Physical Isolation? Right?
Attacks on Air-gapped systems
→ Fan
→ Electromagnetic radiation
→ LED
→ Speaker/Mic
Just anything a software can affect.

Weitere ähnliche Inhalte

Was ist angesagt?

Linux Opearating SystemAshvini Jangid

Opensolarisbarcampphnompenhpjharper

Presentation Caroaniloracrojas

Presentation mac os x securityreza jalaluddin

A Guide on Top Linux Distribution in 2016david rom

LinuxVenkat Aadithan

Open solaris what's new presentationxKinAnx

[김태우] Soscon 후기Taewoo Kim

Os digital assignment 2ShahinMakubhai

Operating system (Introduction to Linux)Muhammad Jawwad Hashmi

Versiones de sistemas operativosjosue-1

Blast off!UltraUploader

Was ist angesagt? (12)

Linux Opearating System

Opensolarisbarcampphnompenh

Presentation Caro

Presentation mac os x security

A Guide on Top Linux Distribution in 2016

Linux

Open solaris what's new presentation

[김태우] Soscon 후기

Os digital assignment 2

Operating system (Introduction to Linux)

Versiones de sistemas operativos

Blast off!

Andere mochten auch

PoodleSamit Anwer

Apache Struts2 CVE-2017-5638Riyaz Walikar

DataSploit - Tool Demo at Null Bangalore - March Meet. Shubham Mittal

Alphabets pptAashik Praveen

how healthy decision to go for laser treatment for a women?? think before it....ShitalSavaliya1

Node JS reverse shellMadhu Akula

WEB ISOLATIONmalware_prevention

An Introduction to SysinternalsRiyaz Walikar

Spikes Security Isla IsolationCybryx

Menlo Security Isolation PlatformMarco Scala

Null picture forensics using ghiro applianceinvad3rsam

Exploiting a vulnerability to gain a shellAditya Kamat

Hostile Subdomain Takeover by Ankit PrateekOWASP Delhi

Owasp top 10 veerababu penugonda(Mr-IoT)

Metasploit For BeginnersRamnath Shenoy

Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...Spark Summit

Equipos de refrigeracionGuillermo A. MasyRubi Rodriguez

CartaDaniela Vidal

The solar system geometry part 2-Gerges francis

How to Become a Thought Leader in Your NicheLeslie Samuel

Andere mochten auch (20)

Poodle

Apache Struts2 CVE-2017-5638

DataSploit - Tool Demo at Null Bangalore - March Meet.

Alphabets ppt

how healthy decision to go for laser treatment for a women?? think before it....

Node JS reverse shell

WEB ISOLATION

An Introduction to Sysinternals

Spikes Security Isla Isolation

Menlo Security Isolation Platform

Null picture forensics using ghiro appliance

Exploiting a vulnerability to gain a shell

Hostile Subdomain Takeover by Ankit Prateek

Owasp top 10

Metasploit For Beginners

Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...

Equipos de refrigeracion

Carta

The solar system geometry part 2-

How to Become a Thought Leader in Your Niche

Ähnlich wie Null Bangalore Meet 18/03/17

Lightweight Virtualization in LinuxSadegh Dorri N.

Linux container & dockerejlp12

LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORVanika Kapoor

aws.pptssuser52d2d8

Fosdem 18: Securing embedded Systems using VirtualizationThe Linux Foundation

Rootlinux17: An introduction to Xen Project VirtualisationThe Linux Foundation

How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes

The State of Linux Containersinside-BigData.com

Docker London: Container SecurityPhil Estes

Docker, Linux Containers, and Security: Does It Add Up?Jérôme Petazzoni

Introduction to OpenSolaris 2008.11Eduardo Pelegri-Llopart

Securing Your Linux SystemNovell

CEHv10 M0 Introduction.pptxYasserOuda2

Agile Brown Bag - Vagrant & Docker: IntroductionAgile Partner S.A.

Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyBoden Russell

Kernel Mode Threats and Practical DefensesPriyanka Aash

Linux Device Driver’sRashmi Warghade

Docker, Linux Containers (LXC), and securityJérôme Petazzoni

Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatDocker, Inc.

Beyond desktop/server with GNU/Linux (archived)Bud Siddhisena

Ähnlich wie Null Bangalore Meet 18/03/17 (20)

Lightweight Virtualization in Linux

Linux container & docker

LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR

aws.ppt

Fosdem 18: Securing embedded Systems using Virtualization

Rootlinux17: An introduction to Xen Project Virtualisation

How Secure Is Your Container? ContainerCon Berlin 2016

The State of Linux Containers

Docker London: Container Security

Docker, Linux Containers, and Security: Does It Add Up?

Introduction to OpenSolaris 2008.11

Securing Your Linux System

CEHv10 M0 Introduction.pptx

Agile Brown Bag - Vagrant & Docker: Introduction

Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy

Kernel Mode Threats and Practical Defenses

Linux Device Driver’s

Docker, Linux Containers (LXC), and security

Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat

Beyond desktop/server with GNU/Linux (archived)

Kürzlich hochgeladen

IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge

TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc

Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge

Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun

2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays

🐬 The future of MySQL is Postgres 🐘RTylerCroy

Artificial Intelligence: Facts and MythsJoaquim Jorge

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia

Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1

Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous

Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal

From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software

Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer

How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes

Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science

Kürzlich hochgeladen (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Driving Behavioral Change for Information Management through Data-Driven Gree...

Powerful Google developer tools for immediate impact! (2023-24 C)

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

🐬 The future of MySQL is Postgres 🐘

Artificial Intelligence: Facts and Myths

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Boost Fertility New Invention Ups Success Rates.pdf

Data Cloud, More than a CDP by Matt Robison

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Axa Assurance Maroc - Insurer Innovation Award 2024

How to Troubleshoot Apps for the Modern Connected Worker

Strategies for Landing an Oracle DBA Job as a Fresher

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Null Bangalore Meet 18/03/17

1. Security by Isolation Subash SN sns [a] vuln.in

2. 2 Approaches to Security Correctness Obfuscation Isolation

3. 3 Isolation Sandboxes Containers Virtual Machines Physical

4. 4 Containers 101 Like FreeBSD Jails and Solaris Zones, Linux containers are self- contained execution environments -- with their own, isolated CPU, memory, block I/O, and network resources -- that share the kernel of the host operating system. The result is something that feels like a virtual machine, but sheds all the weight and startup overhead of a guest operating system.

5. 5 Containers? Which one? LXC Docker OpenVZ

6. 6

7. 7 How containers isolate? cgroups and namespaces Additionally: SELinux AppArmor Seccomp

8. 8 Sandboxing Firejail Subuser Chrome ( chrome://sandbox )

9. 9

10. 10 Container, VM escape

11. 11 Nothing beats Physical Isolation? Right? Attacks on Air-gapped systems → Fan → Electromagnetic radiation → LED → Speaker/Mic Just anything a software can affect.

12. 12

13. 13 QubesOS

14. 14 Proxmox

15. 15 Thank you Subash sns@vuln.in