Application Virtualization and Desktop Security Karl MacMillan kmacmillan@tresys.com Tresys Technology 1
Application Virtualization Introduction Encapsulates a single application Bundles application into a deployable package Virtualizes files, DLLs, registry values, etc. vs. virtualizing low-level hardware Enables zero install application delivery Provides many functional benefits: Simplified deployment and updating Reduced application conflicts Tracking of application usage License management What about increased security? 2
What causes desktop insecurity? All software contains flaws Smallest flaw may be a vulnerability No real solution likely in the near future Users often granted excessive privilege Access control is only about users not apps Applications granted same access as user Allows exploited applications broad access Data with differing properties is freely mixed User data is all treated exactly the same Highly confidential data often cannot even be identified Any vulnerability compromises entire desktop 3
Desktop Security Solutions Reduce user privilege Use non-administrator accounts Use group policy, file access controls, etc. Separate application access from user access E.g., email app only has access needed to send email Impact of vulnerabilities greatly limited Security no longer dependent on application correctness Maintain data separation Common practice on servers Can only be partially addressed by encryption Three approaches to implement these solutions MAC, OS virtualization, and application virtualization 4
Mandatory Access Control Fine-grained control over applications and data Controls application/user access to files, network, etc. Protects system integrity and data confidentiality Implemented as an operating system feature Vista: Windows Integrity Mechanism Linux: Security Enhanced Linux (SELinux) Mac OS X: Sandbox Benefits: secure, flexible, excellent performance Challenges around deployment and management Requires carefully crafted policies OS Version specific 5
6
OS Virtualization Security Coarse-grained control over OS and applications Controls access to network, devices, shared files Maintains separation of applications and data Secure desktop virtualization solutions available VMware Ace: layered security solution Tresys VM Fortress: high-end desktop security Security benefits Can offer strong security and separation Controls applications without compatibility concerns Current challenges Separation limited to OS boundary Heavy-weight solution 7
Application Virtualization Security Practical control over applications Limits access to application files, system files, registry Controls users access to applications Security benefits Often removes need for administrator user access Separates applications into private sandboxes Accelerates delivery of patches Allows revocation of application access Current challenges Cannot control all application access Lacks strong data separation 8
Conclusions Desktop security is improving Solutions are fundamental rather than reactionary Organizations can choose right security level Virtualization is a valuable security technology Inserts control at key points in the software stack Addresses security while maintaining compatibility Application virtualization offers balanced security Offers important, practical security advantages Effectively reduces required user privilege Potential greater control in future versions 9
Questions / Comments? Karl MacMillan kmacmillan@tresys.com Tresys Technology 10