All of lore.kernel.org
 help / color / mirror / Atom feed
* Using Qemu to isolate/virtualize applications
@ 2022-06-09 12:46 jan
  0 siblings, 0 replies; only message in thread
From: jan @ 2022-06-09 12:46 UTC (permalink / raw)
  To: qemu-devel


[-- Attachment #1.1: Type: text/plain, Size: 2782 bytes --]

Hi,

I'm interested in investigating the possibility of running applications in a
virtualized/isolated manner to minimize access to the OS
(Windows/Linux/Android). Preferably there should be no or minimal software
changes to the guest OS or application binary.

 

Generally applications in an OS can perform the following hardware
read/write operations:

*                   Memory

*                   Internal and external disks (file system APIs)

*                   Network (Ethernet, WiFi) (socket APIs)

*                   Ports (for low level hardware access) (assembler
instructions)

 

My understanding is that memory, disk, network and ports are virtualized
through Qemu and therefore it may be possible to:

*                   monitor access (beyond the monitoring provided by the
guest OS)

*                   manage access (beyond the access rights provided by the
guest OS)

*                   undo disk changes without rebooting the guest OS

from Qemu regardless of the guest OS.

 

Assume a zero trust model for the guest OS and the application being
executed on it:

*	a hacker can compromise the admin or root account 
*	kernel and user APIs can be exploited with or without admin or root
access due to vulnerabilities

 

The network layer may be the easiest to implement if you want to just deny
incoming/outgoing packets regardless of the process or kernel/user context. 

 

The problem with memory, disk, network and port access is that the CPU has
no concept of process IDs or user IDs. The OS does the context switching to
provide a time slice to each process during which the CPU executes the
relevant instructions. Therefor one will have to develop drivers that can
pass the process and user IDs to such an access monitoring/control system.

 

The ideal is to restrict user mode applications to:

*	Only access memory that belongs to the application process
*	Only access files/folders that it has been granted access to via an
external mechanism
*	Only send/receive network data that it has been granted access to
via an external mechanism
*	Only access ports that it has been granted access to via an external
mechanism

 

By external mechanism, I mean that the permissions are granted and managed
outside the guest OS and if Qemu is used, that would be the host OS.  If
restricting these actions are not possible, monitoring/detecting these
actions would already be useful.

 

My question is whether Qemu would be a useful tool in such a system.  The
emulation feature of Qemu could perhaps be used to instrument certain CPU
instructions, even if the guest and host are the same architecture.  

 

I will appreciate your thoughts on this

Best regards

Jan Louw

 

CTO AITechGroup

South Africa

https://aitechgroup.co.za/

 



 

 

 


[-- Attachment #1.2: Type: text/html, Size: 21189 bytes --]

[-- Attachment #2: image001.png --]
[-- Type: image/png, Size: 8088 bytes --]

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2022-06-09 14:11 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-09 12:46 Using Qemu to isolate/virtualize applications jan

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.