09-09-2014, 10:57 AM
NETWORK SECURITY
NETWORK SECURITY.docx (Size: 115.41 KB / Downloads: 19)
ABSTRACT
Sandboxing in Java allows fine granular controls over Java applets and applications. This is being used to securely execute Active Java Content downloaded from web. This paper takes the basic idea of Sandboxing to operating system level and complements it with existing virus scanners and neural network detection system to get a very secure system, which can be incorporated inside a private network like Local Area Network.
Present security systems cannot identify the new malicious codes (viruses, Trojan Horses, worms etc….).And also if the private key of the user is stolen there is a chance to exploit the system. But our immune system can over come all these disadvantages. In this paper we are presenting the clean flow chart of immune system
Introduction
Few years back, when your PC worked in isolation, security was not such a big issue. If physical access was denied to the computer, the system was very much secure to malicious activities. Even when we inserted floppies, we could check them for viruses before using the data in it. So there was no concept of trust, you only needed to trust yourself.
The situation has changed a lot since then. We do not work in isolation. Virtually every computer today is connected with each other. We do not need to mention the enormous benefits the networked world offers but there is always a trade off. Along with benefits comes, added security risks. Viruses, Trojan Horses, worms have been quite a buzzword giving many companies and users nightmares. So a lot of money and effort has been put into developing a secure system free from these malicious activities. This paper proposes a system, which we believe can go a long way in securing our networked system.
Viruses (When we say viruses we also mean other malicious codes like Trojan Horses, worms etc.) works by exploiting trust relationships. In a discretionary access control system (which the vast majority of security systems currently in use are), I am permitted to read certain files because I am trusted not to abuse or want only distribute the information find there. I am permitted to write to certain files because I am trusted not to implant any dangerous or destructive code there. But of course, within the computer I cannot do anything directly myself, I can only run programs. If one of those programs is malicious, and is able to run with my full privileges, it can exploit the trust that has been placed in me so instead of allowing programs to do whatever they want we can put a security policy which can decide with what privilege they should run.
They are systems, which works on this fine granular control mechanism. Sandbox of Java, Safe-Tcl, Lotus Notes are some of the widely known such systems which offer a very significant amount of protection. But the problem with such systems is that firstly, they are very language specific and another they have this vulnerability of allowing user to decide entities to be trusted. There can be malicious scripts (accidentally signed by the trusted party), which could illegally add a certain attacker to the security policy file, giving him a lot more privilege.
Therefore, instead of blindly trusting any entity, system could itself decide whether to trust or not by executing all the process in a controlled environment before giving them, a free pass for future runs. This will make our system secure not only against users who accidentally allow some one (e.g. through a pop up window) but also against the trusted parties being compromised.
We in this paper have purposed such a system, which would work in a LAN like private environment. The system takes a cue from Sandbox model and a bit from IBM neural network system (Virus Analysis Centre), to gives a new secure system. This paper starts by analyzing the Sandbox model of Java. In next section, we show what are vulnerabilities and problems associated with Java Sandbox. Section 5 shows how to extend the Sandbox model to operating system and not just to java applets and applications alone. Finally, we show how this can be implemented in a LAN like network.
Sandbox Model (Protecting Active Java Content)
In the early stage of internet all the data that arrived through the browser were passive. The only thing they did was to present the contents in proper format. But advent of Active Contents completely changed the scenario. Active content, or "downloadable executable content," is any program you can download from a network and use on your computer. It includes shareware, Active X programs obtained over the Web using Microsoft Internet Explorer and "plugins" - software plucked from the Web using Netscape. It also includes Java "applets," the newest, rapidly spreading mini-programs that work with any browser or operating system.
After downloading, they use your system resources to execute themselves. Here was the cause of concern. There should be a way to control their execution. Sandbox is the security feature provided by JAVA, which essentially controls java applets and application from accessing the restricted parts of the system and preventing them from illegally performing system critical operations.
To implement granular control of sandbox at the operating system level we need to look at the sandbox model in detail and then see what are the changes to made and functionalities to be added to do so. There are also some security issues which sandbox is vulnerable to. We also discuss that in coming sections
How Sandbox Works?
The aim of the Java security model is to protect users from malicious applets originating from untrusted sources across a network. Java provides a customizable “sandbox”, which is a dedicated area of the Web browser within which the actions of the applet are restricted. Within its sandbox, the applet may do anything but access the user’s files, network connections, and other sensitive resources. The basic idea of the sandbox model is that programs loaded from the local file system are executed with full access to vital system resources, whereas executable content downloaded from a remote source is considered untrusted, and can therefore access only the limited resources provided inside the sandbox. The first release of the Java Development Kit (JDK 1.0) was based on the above-described mechanism of the sandbox model.
The concept of digital signatures was adopted by the Java security model with the second release of the Java Development Kit (JDK 1.1). Until then, downloaded executable content was considered untrusted, unless it was downloaded from the file system of the local disk. Consequently, all applets obtained from the open network could access only the limited resources provided inside the sandbox. It was not until in JDK 1.1 that JVM became capable to distinguish between untrusted and trusted remote executable code. The concept of correctly digitally “signed applet” was then introduced that allowed a remote applet to be treated as if it is trusted local code. The Java Archive (JAR) file format, which consists of the widely used ZIP format plus some meta-data files, is used to deliver the signed applets along with their signatures. Unsigned applets are treated as untrusted applets so their execution is still encapsulated by the sandbox
Vulnerabilities of Java Sandbox Model
To implement a Sandbox type model for the whole operating system requires a much more effort than just building a language independent sandbox. Besides Java Applets, there are other types of active contents too which also need to be handled. But before we get into that, there are some security issues with Java Sandbox model, which need to be handled. In this section, we discuss those issues.
Sandbox model without any additional privileges was more secure but very complex from end user’s point of view. In trying to make it more flexible they gave this additional feature of escaping away from the sandbox. These addition functionalities allowed for the security loopholes.
• The original Java 2 implementation required users to use the policy tool, or to manually edit a security policy file in order to authorize programs signed by a new signer to take otherwise-prohibited actions on their systems. It is suggestive that in a later release of Java 2, Sun added an additional security policy, which bypasses all the complexity and power of the granular system, and simply asks the user at runtime ‘should this program signed by this signer by given full run of the machine?’[1]. This extra feature was needed to be added because for a novice user editing policy file was too complicated To make it simple they made one button access to bypass the entire security. Now generally a user wants to continue what he is doing with so he might allow an adversary without knowing what implication it may have.
• It may be possible for a trusted party to accidentally sign a malicious script. This malicious script could be such that it has full privilege on the system.
• What happens if the private key of the signer is stolen? May be by the time he comes to know about it and inform the concerned authority some one may use the key to edit the security policy file to illegally grant permission to an attacker
Central Authority
Whenever our system encounters a new executable content, which wants to perform action beyond the sandbox, what does the system do? It first checks the entry in the list and if it is not there the following sequence of action are performed for it. A checksum is calculated and a request is sent to the central authority along with process name and other details. Central authority also maintains a more exhaustive list of all the programs it has analyzed inside its ‘virus analysis system’. Actually, it is a list of all the programs that resides inside the LAN on any of the end system. Central authority searches the name and checksum in its list. If an entry is found, it sends back an OK signal along with the access information to the end system, which had requested the verification. The end system upon receiving the data updates its own list and runs the program.
Virus Analysis Centre
If there is no entry even inside the central authority system, the process is sent to a virus analysis centre. Virus analysis centre is a place where programs or scanned for known type of viruses using normal virus scanners. To check for new type of viruses it passes the program through a detector such as “IBM neural network” detector. It automatically discovers new viruses using so-called "heuristic" detection algorithms, which try to recognize new viruses by their virus like appearance or behavior. Like the mind, a neural network learns to generalize, creating concepts from examples. So instead of having to "memorize" individual virus codes, the neural network forms a general principle, recognizing which kinds of program codes are found in viruses and which are not, giving it a generic recognition capability. After being given samples of viruses, the neural network software learns to distinguish them from healthy programs [10]. It also decides what sets of action it can perform safely inside an end system. This information is conveyed to the central authority system, which first updates its own list and then sends the information to end user who too does the needful
Does it require many Overheads?
The design purposed above sounds very cumbersome and seems as if a lot of overhead is required. If we closely analyze the system, it comes out overheads are not as much as it seems. Most of the steps given in the last section do not require running most of the time. In fact when we are not using any new process (certainly, we do not install new software everyday) we do not go even beyond step 1. We need to go through all the steps only when no other system in the LAN has a particular program. So even if one PC in the network installs or downloads any executable component we don’t need to go beyond fetching the data from central authority for that component.
Conclusion
In this paper, we examined the Sandbox model of JAVA and identified vulnerabilities associated with it. We then took the basic idea of Sandboxing to operating system level and complemented it with existing virus scanners and neural network detection system to get a very secure system, which can be incorporated inside a Local Area Network. We believe this idea could go a long way for securing our system from viruses and other forms of malicious codes.