SlideShare une entreprise Scribd logo

CCD_2013_BrowserIsolation

G
Gregory Anders
1  sur  1
Télécharger pour lire hors ligne
Browser Isolation Lab Ted Reed, 9312; Paul Sery, 9312; Nick Peterson, 9317 Mark Woodard, Missouri S&T; Gregory Anders, Texas A&M University; Vivek Ramadoss, University of New Mexico Problem Statement: Malware and other malicious software can easily gain access to a user’s computer simply by that user visiting a website or downloading a file in his or her browser. Web browsers expose the user’s computer to the Internet and can potentially be a gateway for harmful programs. Approach: Our solution is an approach similar to the Chrome Browser architecture where each browser tab is rendered in a separate least privileged environment. We expand this approach to rendering each tab with varying degrees of isolation in virtual machines on a remote server. Any harmful software that gains access to the browser from the Internet will be isolated within the virtual machine where it is unable to cause further harm. Design: Web pages are organized into three user-specified categories: a white list, containing trusted pages that will be rendered locally for privacy and security; a black list, containing suspected malicious sites or sites that the user wants to test with introspection using Cuckoo; and a grey list, containing sites that are not trusted, but suspected to be malicious, and will be rendered together in a single virtual machine (VM). Remote Desktop Protocol (RDP) will be used to communicate with the VM’s on the server where the rendering occurs and Secure Shell (SSH) will be used to communicate with the server to control the Cuckoo sandbox and read the analysis output. Impact and Benefits: Allowing each separate browser tab to be rendered in an isolated VM will increase overall computer security and give malware analysts the ability to acquire and assess malware samples without exposing their local machine. This will also deliver an added level of network safety in areas where many users are connected to the same network, such as Sandia. Future Work: An important aspect to furthering this project is exploring ways to improve user friendliness and finding secure methods of saving cookies, bookmarks, and other user preferences. Additionally, performance will be improved by utilizing a more efficient alternative to RDP. A File Transfer Protocol (FTP) server will be incorporated to facilitate file sharing between the client and server after introspection has been completed on any suspicious downloaded files. Figure 1: System Architecture

Recommandé

Blocking misbehaving users in anonymizing network-project ppt*
Blocking misbehaving users in anonymizing network-project ppt*Blocking misbehaving users in anonymizing network-project ppt*
Blocking misbehaving users in anonymizing network-project ppt*dinesh krishna
 
blocking misbehaving users in anonymizing networks full ppt with screenshots ...
blocking misbehaving users in anonymizing networks full ppt with screenshots ...blocking misbehaving users in anonymizing networks full ppt with screenshots ...
blocking misbehaving users in anonymizing networks full ppt with screenshots ...dinesh krishna
 
Nymble:Blocking misbehaving users in annoying networks(Link)
Nymble:Blocking misbehaving users in annoying networks(Link)Nymble:Blocking misbehaving users in annoying networks(Link)
Nymble:Blocking misbehaving users in annoying networks(Link)Mysa Vijay
 
Seminar
SeminarSeminar
Seminarkalpana kumari
 
Ransomware attacks 2017
Ransomware attacks 2017Ransomware attacks 2017
Ransomware attacks 2017Thesis Scientist Private Limited
 
Real time detection of application-layer d do-s attack using time series anal...
Real time detection of application-layer d do-s attack using time series anal...Real time detection of application-layer d do-s attack using time series anal...
Real time detection of application-layer d do-s attack using time series anal...yito24
 
dos attacks
dos attacksdos attacks
dos attacksAMAL PERUMPALLIL
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionAustina Francis
 

Recommandé

Blocking misbehaving users in anonymizing network-project ppt*
Blocking misbehaving users in anonymizing network-project ppt*Blocking misbehaving users in anonymizing network-project ppt*
Blocking misbehaving users in anonymizing network-project ppt*dinesh krishna
 
blocking misbehaving users in anonymizing networks full ppt with screenshots ...
blocking misbehaving users in anonymizing networks full ppt with screenshots ...blocking misbehaving users in anonymizing networks full ppt with screenshots ...
blocking misbehaving users in anonymizing networks full ppt with screenshots ...dinesh krishna
 
Nymble:Blocking misbehaving users in annoying networks(Link)
Nymble:Blocking misbehaving users in annoying networks(Link)Nymble:Blocking misbehaving users in annoying networks(Link)
Nymble:Blocking misbehaving users in annoying networks(Link)Mysa Vijay
 
Seminar
SeminarSeminar
Seminarkalpana kumari
 
Ransomware attacks 2017
Ransomware attacks 2017Ransomware attacks 2017
Ransomware attacks 2017Thesis Scientist Private Limited
 
Real time detection of application-layer d do-s attack using time series anal...
Real time detection of application-layer d do-s attack using time series anal...Real time detection of application-layer d do-s attack using time series anal...
Real time detection of application-layer d do-s attack using time series anal...yito24
 
dos attacks
dos attacksdos attacks
dos attacksAMAL PERUMPALLIL
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionAustina Francis
 
Distributed Semantic Search System (DSSS)
Distributed Semantic Search System (DSSS)Distributed Semantic Search System (DSSS)
Distributed Semantic Search System (DSSS)Isuru Vincent
 
Browser Security ppt.pptx
Browser Security ppt.pptxBrowser Security ppt.pptx
Browser Security ppt.pptxAjaySahre
 
Computing safety
Computing safetyComputing safety
Computing safetyBrulius
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd Iaetsd
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
configuring and using internet.pptx
configuring and using internet.pptxconfiguring and using internet.pptx
configuring and using internet.pptxmtsedey2013
 
CLOUD COMPUTING
CLOUD COMPUTINGCLOUD COMPUTING
CLOUD COMPUTINGAnn ASIDDAO
 
Presentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad AlmajaliPresentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad Almajaliwebhostingguy
 
Cloud Computing Using Encryption and Intrusion Detection
Cloud Computing Using Encryption and Intrusion DetectionCloud Computing Using Encryption and Intrusion Detection
Cloud Computing Using Encryption and Intrusion Detectionijsrd.com
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security IssuesStelios Krasadakis
 
Firewalls
FirewallsFirewalls
FirewallsDeevena Dayaal
 
V1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docV1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docpraveena06
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacksijdmtaiir
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityRashmi Agale
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 
Important Terminology for the Users of Web-based Services
Important Terminology for the Users of Web-based ServicesImportant Terminology for the Users of Web-based Services
Important Terminology for the Users of Web-based ServicesHTS Hosting
 
منصة شليلة
منصة شليلةمنصة شليلة
منصة شليلةssuser81f53f
 
FOGCOMPUTING
FOGCOMPUTINGFOGCOMPUTING
FOGCOMPUTINGAnvesh Kolluri
 
Cisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magicCisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magicITrust - Cybersecurity as a Service
 

Contenu connexe

Similaire à CCD_2013_BrowserIsolation

Distributed Semantic Search System (DSSS)
Distributed Semantic Search System (DSSS)Distributed Semantic Search System (DSSS)
Distributed Semantic Search System (DSSS)Isuru Vincent
 
Browser Security ppt.pptx
Browser Security ppt.pptxBrowser Security ppt.pptx
Browser Security ppt.pptxAjaySahre
 
Computing safety
Computing safetyComputing safety
Computing safetyBrulius
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd Iaetsd
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
configuring and using internet.pptx
configuring and using internet.pptxconfiguring and using internet.pptx
configuring and using internet.pptxmtsedey2013
 
Presentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad AlmajaliPresentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad Almajaliwebhostingguy
 
Cloud Computing Using Encryption and Intrusion Detection
Cloud Computing Using Encryption and Intrusion DetectionCloud Computing Using Encryption and Intrusion Detection
Cloud Computing Using Encryption and Intrusion Detectionijsrd.com
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security IssuesStelios Krasadakis
 
V1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docV1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docpraveena06
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacksijdmtaiir
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 
Important Terminology for the Users of Web-based Services
Important Terminology for the Users of Web-based ServicesImportant Terminology for the Users of Web-based Services
Important Terminology for the Users of Web-based ServicesHTS Hosting
 
منصة شليلة
منصة شليلةمنصة شليلة
منصة شليلةssuser81f53f
 

Similaire à CCD_2013_BrowserIsolation (20)

Distributed Semantic Search System (DSSS)
Distributed Semantic Search System (DSSS)Distributed Semantic Search System (DSSS)
Distributed Semantic Search System (DSSS)
 
Browser Security ppt.pptx
Browser Security ppt.pptxBrowser Security ppt.pptx
Browser Security ppt.pptx
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challenges
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
configuring and using internet.pptx
configuring and using internet.pptxconfiguring and using internet.pptx
configuring and using internet.pptx
 
CLOUD COMPUTING
CLOUD COMPUTINGCLOUD COMPUTING
CLOUD COMPUTING
 
Presentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad AlmajaliPresentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad Almajali
 
Cloud Computing Using Encryption and Intrusion Detection
Cloud Computing Using Encryption and Intrusion DetectionCloud Computing Using Encryption and Intrusion Detection
Cloud Computing Using Encryption and Intrusion Detection
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security Issues
 
Firewalls
FirewallsFirewalls
Firewalls
 
V1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docV1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.doc
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacks
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
 
Important Terminology for the Users of Web-based Services
Important Terminology for the Users of Web-based ServicesImportant Terminology for the Users of Web-based Services
Important Terminology for the Users of Web-based Services
 
منصة شليلة
منصة شليلةمنصة شليلة
منصة شليلة
 
FOGCOMPUTING
FOGCOMPUTINGFOGCOMPUTING
FOGCOMPUTING
 
Cisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magicCisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magic
 

CCD_2013_BrowserIsolation

  • 1. Browser Isolation Lab Ted Reed, 9312; Paul Sery, 9312; Nick Peterson, 9317 Mark Woodard, Missouri S&T; Gregory Anders, Texas A&M University; Vivek Ramadoss, University of New Mexico Problem Statement: Malware and other malicious software can easily gain access to a user’s computer simply by that user visiting a website or downloading a file in his or her browser. Web browsers expose the user’s computer to the Internet and can potentially be a gateway for harmful programs. Approach: Our solution is an approach similar to the Chrome Browser architecture where each browser tab is rendered in a separate least privileged environment. We expand this approach to rendering each tab with varying degrees of isolation in virtual machines on a remote server. Any harmful software that gains access to the browser from the Internet will be isolated within the virtual machine where it is unable to cause further harm. Design: Web pages are organized into three user-specified categories: a white list, containing trusted pages that will be rendered locally for privacy and security; a black list, containing suspected malicious sites or sites that the user wants to test with introspection using Cuckoo; and a grey list, containing sites that are not trusted, but suspected to be malicious, and will be rendered together in a single virtual machine (VM). Remote Desktop Protocol (RDP) will be used to communicate with the VM’s on the server where the rendering occurs and Secure Shell (SSH) will be used to communicate with the server to control the Cuckoo sandbox and read the analysis output. Impact and Benefits: Allowing each separate browser tab to be rendered in an isolated VM will increase overall computer security and give malware analysts the ability to acquire and assess malware samples without exposing their local machine. This will also deliver an added level of network safety in areas where many users are connected to the same network, such as Sandia. Future Work: An important aspect to furthering this project is exploring ways to improve user friendliness and finding secure methods of saving cookies, bookmarks, and other user preferences. Additionally, performance will be improved by utilizing a more efficient alternative to RDP. A File Transfer Protocol (FTP) server will be incorporated to facilitate file sharing between the client and server after introspection has been completed on any suspicious downloaded files. Figure 1: System Architecture