Application Virtualization and Desktop Security

Similar documents
About Us. Innovating proven technology for practical security solutions

VMware Enterprise Desktop Solutions. Tommy Walker Enterprise Desktop Specialist Engineer Desktop Platform Solutions

The Case for Security Enhanced (SE) Android. Stephen Smalley Trusted Systems Research National Security Agency

Why the cloud matters?

Desktop Virtualization for Higher Education. The Virtual Lab

USING A FREE VIRTUAL MACHINE TO SIMILATE A SPECIFIC MODEL OF COMPUTER

VMware Enterprise Desktop Solutions: What s NEW with VMware View 3. John Hinkle Professional Services Practice principal February 18 th, 2009

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

OPERATING SYSTEMS Chapter 13 Virtual Machines. CS3502 Spring 2017

Lecture 3 MOBILE PLATFORM SECURITY

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware View. John Mah Systems Consultant HP: +60 (12) VMware Malaysia

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

System Configuration as a Privilege

Securing the Modern Data Center with Trend Micro Deep Security

VMware Overview VMware Infrastructure 3: Install and Configure Rev C Copyright 2007 VMware, Inc. All rights reserved.

Mitigating Risks with Cloud Computing Dan Reis

Reference Policy for Security Enhanced Linux Christopher J. PeBenito, Frank Mayer, Karl MacMillan Tresys Technology

Dynamic Datacenter Security Solidex, November 2009

A COMPARISON OF FREE "VIRTUAL MACHINE PROGRAMS" FOR YOUR REAL "WINDOWS.." COMPUTER

Fouad Riaz Bajwa. Co-Founder & FOSS Advocate FOSSFP - ifossf International Free and open Source Software Foundation, MI, USA.

X.org security. Recap, vulnerabilities, attacks and discussions on the graphic stack s security. Martin Peres & Timothée Ravier

Multi-tenancy Virtualization Challenges & Solutions. Daniel J Walsh Mr SELinux, Red Hat Date

Core Policy Management Infrastructure for SELinux

Dell EMC Forum. Martin Niemer 5.October VMware Inc. All rights reserved.

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Secure Containers with EPT Isolation

ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project

IT Service Delivery And Support Week Four - OS. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao

Citrix Provisioning Server for Desktops 4.5: Customer Overview

InstallFree Application Compatibility Solution for Windows 7 Migrations

Old, New, Borrowed, Blue: A Perspective on the Evolution of Mobile Platform Security Architectures

Mobile & Secure End-Point Computing with Managed Virtual Machines. Monica Lam Stanford University

VMware Mirage Getting Started Guide

Security Enhanced Linux

Certified Secure Web Application Engineer

IT HealthCheck Feature List

Recommendations for Device Provisioning Security

Solution Track 4 Design a Scalable Virtual Desktop Infrastructure

VMware Mirage Getting Started Guide

Asset Analysis -I. 1. Fundamental business processes 2.Critical ICT resources for these processes 3.The impact for the organization if

SERVER HARDENING CHECKLIST

IX: A Protected Dataplane Operating System for High Throughput and Low Latency

Kubernetes The Path to Cloud Native

CS 290 Host-based Security and Malware. Christopher Kruegel

Alpha Anywhere Standard Application Server

18-642: Security Mitigation & Validation

Adobe Flash Player 12 Problems Windows 7 S

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

OWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13

Software Vulnerability Assessment & Secure Storage

6.858 Quiz 2 Review. Android Security. Haogang Chen Nov 24, 2014

Desktop Virtualization: The Next Big Thing? Poh Wah Lee Regional Consulting Manager, Asia South October 2008

PCI DSS Compliance. White Paper Parallels Remote Application Server

OPS-9: Fun With Virtualization. John Harlow. John Harlow. About John Harlow

Hillstone IPSec VPN Solution

Dell DVS. Enabling user productivity and efficiency in the Virtual Era. Dennis Larsen & Henrik Christensen. End User Computing

1 TABLE OF CONTENTS UNCLASSIFIED//LES

Security Considerations for IPv6 Networks. Yannis Nikolopoulos

Android System Architecture. Android Application Fundamentals. Applications in Android. Apps in the Android OS. Program Model 8/31/2015

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

CSE543 - Computer and Network Security Module: Virtualization

P a g e 1. Teknologisk Institut. Online kursus k SysAdmin & DevOps Collection

Privilege Escalation

[TITLE] Virtualization 360: Microsoft Virtualization Strategy, Products, and Solutions for the New Economy

Security as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS

Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation

WHITE PAPER. RedHat OpenShift Container Platform. Benefits: Abstract. 1.1 Introduction

Container Deployment and Security Best Practices

W11 Hyper-V security. Jesper Krogh.

Advanced Systems Security: Virtual Machine Systems

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

CSE543 - Computer and Network Security Module: Virtualization

Windows Server Discussion with BCIU. Kevin Sullivan Management TSP US Education

SELinux. Daniel J Walsh SELinux Lead Engineer

Runtime Application Self-Protection (RASP) Performance Metrics

Copyright 2011 Trend Micro Inc.

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Advanced Systems Security: Ordinary Operating Systems

Server Consolidation Assessments with VMware CapacityPlanner. Rich Talaber

Desktop Virtualization Briefing Maryland Intelligence Center s Center for Innovation 25 June Innovation Center Contacts:

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

the SWIFT Customer Security

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Manual Internet Explorer 8 For Windows 7 64 Bit Full

Agenda 1 Types of VMware Tools 2 Status Display in vsphere 3 Lifecycle and Supported Guests 4 Standardization Approach 5 Keeping Tools Updated #SER195

Using Network Virtualization in DevOps environments Yves Fauser, 22. March 2016 (Technical Product Manager VMware NSBU)

TEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist

G/On OS Security Model

PREVENTING EXPLOITS WITH SECURITY ENHANCED LINUX

What is Dell EMC Cloud for Microsoft Azure Stack?

ANATOMY OF AN ATTACK!

Question No : 1 You install Microsoft Dynamics CRM on-premises. The Microsoft Dynamics CRM environment must have a Uniform Resource Locator (URL) that

Securing Cloud Computing

Amir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus

Cisco HyperFlex and the F5 BIG-IP Platform Accelerate Infrastructure and Application Deployments

Secure Architecture Principles

Container Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center

Laying a Secure Foundation for Mobile Devices. Stephen Smalley Trusted Systems Research National Security Agency

Advanced Systems Security: Principles

Transcription:

Application Virtualization and Desktop Security Karl MacMillan kmacmillan@tresys.com Tresys Technology 1

Application Virtualization Introduction Encapsulates a single application Bundles application into a deployable package Virtualizes files, DLLs, registry values, etc. vs. virtualizing low-level hardware Enables zero install application delivery Provides many functional benefits: Simplified deployment and updating Reduced application conflicts Tracking of application usage License management What about increased security? 2

What causes desktop insecurity? All software contains flaws Smallest flaw may be a vulnerability No real solution likely in the near future Users often granted excessive privilege Access control is only about users not apps Applications granted same access as user Allows exploited applications broad access Data with differing properties is freely mixed User data is all treated exactly the same Highly confidential data often cannot even be identified Any vulnerability compromises entire desktop 3

Desktop Security Solutions Reduce user privilege Use non-administrator accounts Use group policy, file access controls, etc. Separate application access from user access E.g., email app only has access needed to send email Impact of vulnerabilities greatly limited Security no longer dependent on application correctness Maintain data separation Common practice on servers Can only be partially addressed by encryption Three approaches to implement these solutions MAC, OS virtualization, and application virtualization 4

Mandatory Access Control Fine-grained control over applications and data Controls application/user access to files, network, etc. Protects system integrity and data confidentiality Implemented as an operating system feature Vista: Windows Integrity Mechanism Linux: Security Enhanced Linux (SELinux) Mac OS X: Sandbox Benefits: secure, flexible, excellent performance Challenges around deployment and management Requires carefully crafted policies OS Version specific 5

6

OS Virtualization Security Coarse-grained control over OS and applications Controls access to network, devices, shared files Maintains separation of applications and data Secure desktop virtualization solutions available VMware Ace: layered security solution Tresys VM Fortress: high-end desktop security Security benefits Can offer strong security and separation Controls applications without compatibility concerns Current challenges Separation limited to OS boundary Heavy-weight solution 7

Application Virtualization Security Practical control over applications Limits access to application files, system files, registry Controls users access to applications Security benefits Often removes need for administrator user access Separates applications into private sandboxes Accelerates delivery of patches Allows revocation of application access Current challenges Cannot control all application access Lacks strong data separation 8

Conclusions Desktop security is improving Solutions are fundamental rather than reactionary Organizations can choose right security level Virtualization is a valuable security technology Inserts control at key points in the software stack Addresses security while maintaining compatibility Application virtualization offers balanced security Offers important, practical security advantages Effectively reduces required user privilege Potential greater control in future versions 9

Questions / Comments? Karl MacMillan kmacmillan@tresys.com Tresys Technology 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback