application security using a copy-on-write virtual machine

An architecture is possible that uses a lightweight VM for use as an application sandbox. Instead of the duplication of an OS plus a run-time environment, this virtual machine uses the host environment as a read-only resource. This allows the VM to serve as a Sandbox that allows reads and writes to the file system, but only the VM address space is modified. Since the host OS environment is supplying a-prior values, the total VM footprint is minimal. This architecture is able to serve as a base for secure application solutions.

In practice an application is installed into a host OS and via installation and use it creates a cache mirror of changed OS data and resources that it would normally have modified in the traditional installation. This application and the ‘cache’ is then versioned and mirrored. If the application is compromised it is deleted or the cache is rolled back to the period before the compromise.

There are many types of virtual machines. Two examples are the system VM types such as VMWare or Oracle VirtualBox, another is the focused process VM such as the Java Virtual Machine, Dalvik VM, or the Common Language Runtime. The former are complex and since they must “dupe” an OS are large and complex. The latter application level VMs are smaller and optimized for a single runtime environment. Each of these have corresponding security issues.

A virtual machine is usually a sandbox in implementation and provides a level of security. However, the cost is that it must duplicate OS resources. In contrast the sandboxed process VM type being discussed here depends on a real OS host and does as little duplication of the environment as possible. It is not generic, but integral to a specific application program or system.

Though this may possibly help in making an application survive destruction by protecting the storage address space, there is still the issue of active infiltration and use of system resources such as networks accessible to the application. Perhaps this type of VM will make conventional security practices and tools more useful?

Just an idea off the top of my head. Haven’t looked to see if is unique or even remotely makes sense.

June 12, 2013: “Security Anti-Pattern – Mobile Hypervisors (for user facing VM’s)
August 31, 2013: Was just reading about Docker which uses the LXC (LinuX Containers). Maybe that is what I had in mind.

Further reading

  1. Android Application Sandbox
  2. Virtual Machine
  3. Sandbox
  4. Pushing The Limits of Web Browsers … or Why Speed Matters
  5. Sandboxing Java Code
  6. Security Anti-Pattern – Mobile Hypervisors (for user facing VM’s)

Virtual Machine Applicance for development environment

Configuration of a development environment can be very time consuming, error prone, or difficult.

Configuration of a development environment can be very time consuming, error prone, or difficult. This is especially true when investigating or getting up to speed on a new technology or framework. In a corporate environment this is a also a drain on resources and existing developer staff who must take the time to prep a new developer.

One approach to mitigate this is to use a Virtual Appliance.

Virtual appliances are a subset of the broader class of software appliances. Installation of a software appliance on a virtual machine creates a virtual appliance. Like software appliances, virtual appliances are intended to eliminate the installation, configuration and maintenance costs associated with running complex stacks of software.

A virtual appliance is not a complete virtual machine platform, but rather a software image containing a software stack designed to run on a virtual machine platform which may be a Type 1 or Type 2 hypervisor. Like a physical computer, a hypervisor is merely a platform for running an operating system environment and does not provide application software itself. — Virtual Appliance

Creating a Virtual Machine Applicance
The available VM software such as Oracle VirtualBox and the VMware VM have facilities to generate appliances. Thus, when a functioning development environment is created by a lead tech or group, an appliance can be generated for the rest of the team. This appliance can even be provided using a Virtual Desktop Infrastructure (VDI).

Open Virtualization Format
While a VM system can be used to create individual VM instances that can be reused, a more recent technology (supported by some vendors) is the use of OVF:

… is an open standard for packaging and distributing virtual appliances or more generally software to be run in virtual machines.

The standard describes an “open, secure, portable, efficient and extensible format for the packaging and distribution of software to be run in virtual machines”. The OVF standard is not tied to any particular hypervisor or processor architecture. The unit of packaging and distribution is a so called OVF Package which may contain one or more virtual systems each of which can be deployed to a virtual machine.

An OVF package consists of several files, placed in one directory. A one-file alternative is the OVA package, which is a TAR file with the OVF directory inside. —

Using ready made appliances
Each VM vendor can/does make available an appliance marketplace. Thus, one can find ready-made LAMP based environments with a development software stack, for example.

Alternative 1, an installable virtual disk
Where resources are constrained, such as places where developers are still on 3GB of ram and ancient PCs, a Virtual Machine is just not going to cut it.

One easy alternative is to create a dev environment on an installable soft hard drive. TrueCrypt can be used for this purpose. One simply create a true crypt volume, which is just a single file. Then creates the desired dev env in that volume, and that file can now be copied to load into other dev’s workstations as a new hard drive.

TrueCrypt is really for security and privacy concerns, it encrypts data, so may not be ideal for this application. Since TrueCrypt is so useful as a virtual disk, it would be great if it had the option of not encrypting content. But, that would perhaps be outside of its feature space. For that the next alternative is available.

Alternative 2, use VHD files
An alternative is using something directly targeted at virtual disks such as the VHD file format. However, this does not seem to have easily useful public gui or command support (for the end user: developer).

On Windows following the instructions here and using these Send To scripts will allow one to seamlessly use vhd files as mountable hard disk volumes.

Note that Windows 8 will support native mounting of ISO and VHD files.

Further Reading