Sandboxing for Antivirus Solutions full report
#1

ABSTRACT
Virus attacks and intrusion attempts have been causing lots of troubles and serious damages to almost all the computer users. Ever the day, one starts using a computer, virus infection becomes an issue of concern. One is always left in a frightened situation, worried about the security of crucial data, completion of mission critical tasks and achievement of important goals.
Antivirus software currently available is particularly suitable for detecting and eliminating known viruses. This traditional concept is becoming obsolete because it doesnâ„¢t do anything about new threats. Encrypted viruses pose a major headache. These are viruses coded using encryption software, which cannot be identified by antivirus software. The only product which can defend against these is antivirus software with so-called sandboxing abilities. This means that they can track down and neutralize viruses despite their encryption. This is modeled on the multiple operating systems at the same time concept. It allows us to run malicious code in a protected environment so that the code canâ„¢t harm our data. Sandboxing can protect our system against unknown threats because it operates within a few simple rules. We could, for example, define our system registry as being off-limits to changes.
Sandboxing is where an antivirus program will take suspicious code and run it in a Virtual Machine (secure from the rest of the system) in order to see exactly how the code works and what its purpose is. The proactive antivirus technology basically involves enclosing a running application in what is called a SANDBOX. The sandbox is responsible for trapping downloaded applications in a controlled environment such as the temporary files folder where it monitors them for malicious code. This means that before we have a chance to release a potentially harmful virus into our network, the software will lock it away from critical network resources.
CONTENTS
CHAPTERS INDEX PAGES
Chapter 1. INTRODUCTION 1
Chapter 2. WHAT IS MALICIOUS CODE 2
2.1.Types of attacks
Chapter 3. WHAT IS ACTIVE CONTENT 4
3.1.Where does active content operate
Chapter 4. DIFFERENT SECURITY TECHNIQUES 7
4.1. Digital signature
4.2. Virus detection
4.3. Sandboxing
Chapter 5. WHAT IS A SANDBOX 10
5.1.Components of sand box
Chapter 6. WORKING OF THE SANDBOX 12
6.1. Simulating process memory
6.2. What is a LAN and how do viruses use them
6.3. How do viruses send E-mails
6.4. Connect the simulated computer to the internet
6.5. Update the simulated computer and the LAN
Chapter 7. NORMAN SANDBOX 2005 14
7.1. Support for more than 3000 different APIs
7.2.Multithread support
7.3. Support for thread injection to remote processes
7.4. Detection of email harvesting
7.5. Improved network support
7.6. Support for Instant Messaging communication
Chapter 8. PROTECTION FROM DAY-ZERO ATTACKS 16
Chapter 9. SANDBOX SECURITY MODELS 18
9.1.Java applets
9.2.Capability based security system
9.3.On Unix systems
9.4.Virtual machine emulator
Chapter10. CONCLUSION 19
REFERENCE 20
CHAPTER 1
INTRODUCTION
Due to a variety of reasons, signature based antivirus scanning is becoming largely ineffective as the main tool against newer varieties of malicious computer code. Many of those infected were probably good Internet citizens, running antivirus software with up-to-date signatures that should have stopped every known virus in the world. Unfortunately, too often today, worms get into the wild before antivirus companies can create and distribute appropriate signatures. Technically, most recent worms are fairly unsophisticated, but they all use clever social-engineering tricks (the email address of someone known to the recipient, with enticing subject lines, message text, and attachment names) to make people open the files, thus kicking off incredibly rapid outbreaks.
Even the most talented and nimble antivirus companies, however, need a few hours to capture and examine a virus and write a signature so that customers can update their antivirus. This cause the major attacking scenario called DAY ZERO ATTACK. Clearly we will need a way to detect viruses and worms based on something other than signatures. Heuristic scanning does this. But the problem with this technique is that it takes so many system resources. So this becomes ineffective for desktop systems. The problems mentioned above caused the arrival of new technology called SANDBOXING. It is uses the general concept of running more than one operating system in a single environment.
CHAPTER 2
WHAT IS MALICIOUS CODE
Malicious code is code that performs behavior unexpected by its user, through the intention of a programmer. Malicious code can be a program or part of a program; a program part can even attach itself to another program so that the malicious effect occurs whenever the good program runs.
2.1.TYPES OF ATTACKS
1.Virus
A virus is a program that can pass on malicious (1) code to other non-malicious programs by modifying them. The term virus arises because the affected program acts like a biological virus: modification of good programs is like a virus that infects other healthy subjects. A virus "infects" a program by attaching itself to the program and either destroying the program or co¬existing with it. A good program can be modified to include a copy of the virus program, so the infected good program begins to act as a virus, infecting other programs itself. The infection spreads at a geometric rate. The viruses can eventually overtake an entire computing system and spread to all other connected systems.
A virus can be either transient or resident. A transient virus runs when its attached program executes and terminates when its attached program ends. A resident virus locates itself in memory so that I can remain active, or be activated, even after its attached program ends.
2.Trojan Horse
A Trojan horse is a piece of malicious code that, in addition to its primary effect. Has a second, non-obvious malicious effect. An example of a computer Trojan horse is a login script that solicits a user's identification and password, passes the identification information on to the rest of the systems for login processing, but also retains a copy of the information for later, malicious use. In this example, the user sees only the login occurring as expected, so he or she has no evident reason to suspect anything else.
3.Worm
A worm is a program that spreads copies of itself through a network. The primary difference between a worm and a virus is that a worm operates through networks and a virus can spread through any medium, but usually copied program or data files. Additionally, the worm spreads copies of itself as a stand-alone program, whereas the virus spreads copies of itself as a program that attaches to other programs.
CHAPTER 3
WHAT IS ACTIVE CONTENT
Active Content refers to software components that are embedded in an electronic document which can carry out or trigger actions automatically (and dynamically), often without the user's approval or even knowledge. Active Content is delivered to the user's computer while browsing the web, enabling web sites to provide increased functionality, such as interacting dynamically with visitors, delivering animation and interactive applications, and much more. Of course, Active Content can be delivered also via email, file transfers, instant messaging and other means of communication. Active Content is sometimes referred to also as Mobile Code.
Active Content technologies include: Java applets, ActiveX controls, Java Scripts or Visual Basic Scripts (either as independent (standalone) files or as an embedded part of an HTML web page) contained in web pages. Macros, spreadsheet formulas, or other interpretable or executable code contained in proprietary desktop-application formatted files.
In most cases, Active Content serves legitimate purposes, being used in common business applications such as web conferencing, e-learning, e-commerce, web mail and others. However, at the same time, Active Content technology may be exploited to carry malicious mobile code, which is downloaded and executed on a local system without the explicit knowledge or consent of the user. This dichotomy creates a difficult security challenge for enterprises and businesses.
The figure below illustrates how Active Content can be used for both business (left side) and malware (right side) purposes.
Fig.3.1.Active content used for business and malicious purposes
Active Content using malicious codes are growing exponentially and account for the vast majority of today's malware. These attacks have a direct impact on businesses' bottom lines, as they result in a massive loss of valuable time and resources, reduced productivity and lost revenue. In addition, Active Content can expose or even leads to theft of confidential or competitive information.
3.1.WHERE DOES ACTIVE CONTENT OPERATE
From the perspective of the OSI network-layers model, we can observe that active content, such as Java applets, Active X controls, JavaScript, VBScripts and executable files, operate at a layer above the Application Layer (Layer 7), which we refer to as the "Mobile Code Layer" - this layer can be conceptualized as a 'Virtual Layer 8". The Active Content objects serve as the enablers of higher level applications such as web conferencing, that uses HTTP (layer 7) for transport, and the browser as a platform for operation.
In order to differentiate the legitimate business active content from malware using these same active content elements, security solutions must analyze behavior at the "mobile code layer". Sophisticated active content-driven malware, such as spyware or certain worms, do not leave "fingerprints" at the network or data layers that are sufficient
to distinctively identify them. .
Fig.3.2 .Viruses, Trojans, worms and Spyware operate at Layers 7 and above (Layer 8).
CHAPTER 4
DIFFERENT SECURITY TECHNIQUES
There are various other techniques, which could be used to ensure the integrity of the email attachment. These techniques could also be used to allow secure interactive email. We will now compare sandboxing and two other different techniques.
4.1. DIGITAL SIGNATURE
A digital signature is an electronic signature that is used to authenticate the identity of the sender of a message or the signer of a document, and possibly, to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
A digital signature can be used with email messages, so that the receiver can be sure of the sender's identity and that the message arrived intact. If the interactive email is digitally signed by a trusted source, then the receiver can trust that interactive email contains no malicious code
The disadvantage with this approach is that the protection offers by this approach is based completely and solely on the trusts model. Security can be easily exploited using this technique, one example would be if an interactive email that have been digitally signed by a trusted person tries to theft critical information from a system, then the . system will be completely opened for such attacks.
2.VIRUS DETECTION
Fig 4.1 Three methods for virus detection
A traditional Antivirus program uses signa¬tures”byte strings unique to specific viruses”and compares the code being scanned against the signatures in its database. The problem is that even the most talented antivirus companies take some time to capture and examine a virus and write a signature so that customers™ software can detect it. And the signature needs to be distributed to customers before their software will recognize the new threat.
Heuristic virus detection involves scrutinizing the code to find indications of suspicious activity. For example, does the code delete files, change the Registry, or format drives
The disadvantage of this technique is the increased number of false positives .A false positive means an innocent code is interpreted as malicious code. Also it takes too many resources and so is time consuming.
Virus scanners work in several ways. The most common is fingerprints matching, where the scanner looks inside files for a string of bytes which match those in its database of known viruses. This string of bytes is known as fingerprints. This will find the majority of viruses. Most common virus scanners, like McAfee and Norton Antivirus, use the fingerprinting approach. These antivirus programs contain a database of thousands of binary fingerprints extracted from known virus.
To detect viruses, which use techniques such as polymorphism to change their code slightly each time they infect, scanners also have to use more sophisticated inspection techniques. One disadvantage of virus scanning is that, it cannot provide protection of new and unknown virus strains to a system. This need the virus to appear in the internet before their signatures can be found and updated in the virus definition database, which creates a time lag between detection and protection of a virus and would be enough for it to cause some serious damages.
4.3.SANDBOXING
. Sandboxing lets programs, including viruses, run in an area sequestered from the rest of the system. If a program does something untoward, the antivirus utility shuts it down.
Secure VS Trusted
While digital code signing relies completely on trust, and virus scanners require scanning of the email attachment before executing, sandboxing offers protection at runtime. Sandboxing technique unlike digital signing does not operate on trust. Sandboxing does not have the time lag problem which virus scanning suffers from.
Sandboxing is a method of containing an intruder by directing them into ahoneypotsubnet or system. This system, which appears similar to an organizationâ„¢s legitimate network or system is in fact specifically set up to engage and contain the intruder so that they may be monitored or traced.
Sandboxing is a simple security concept; a sandbox is a "sealed" container, which allows un-trusted programs to have executed within the sandbox. Essentially, programs can only "plays" within the sandbox, much as children were allowed to make anything they want to within the confined limits of a real sandbox. The sandbox can be conceived as a small area within the user's computer where an application's code can play freely - but it's not allowed to play anywhere else.
4.3.1. Sandboxing and Secure Interactive Email
Interactive email operates on the concept of untrusted code, and untrusted codes introduce risks of malicious attacks. Since sandboxing provides concrete security protection against malicious attacks regardless of the content of the un-trusted programs, it could have used to ensure the "secure" execution of interactive emails. Theoretically speaking, if the sandbox is got implemented correctly, then the user can execute any interactive email that is infected with the most vigorous virus inside the sandbox, and still be guaranteed that the virus will not be able to do any harm to the machine.
CHAPTER 5
WHAT IS A SANDBOX
Sandboxing is a simple security concept; a sandbox is a "sealed" container, which allows un-trusted programs to have executed within the sandbox. Essentially, programs can only "plays" within the sandbox, much as children were allowed to make anything they want to within the confined limits of a real sandbox. The sandbox can be conceived as a small area within the user's computer where an application's code can play freely - but it's not allowed to play anywhere else.
5.1.COMPONENTS OF SANDBOX
There are 4 main components, which make up a complete sandbox environment. The four major components are:
1.the application that is to be executed,
2.the sandbox itself which provides the restrictive access,
3.the sandbox manager, which controls the sandbox and
4.the system resources those malicious codes, will try to access.
Figure illustrates an overview of a sandbox environment.
Fig.5.1.An overview of the sandbox environment
5.1.1. Applications
There are two types of applications: Trusted and non-trusted.
Trusted Application
If content and integrity of an application is completely trusted. It is called trusted application A trusted application should be given full access to critical system resources, as the content of the trusted application is believed to be legitimate.
Untrusted Application
An un-trusted application is an application which its content and integrity is unknown. The actions that the un-trusted application performs can be legitimate or malicious. Since the content of the un-trusted application cannot be determined until, it is actually executed. It is necessary to execute it inside a sandbox, which it could access only limited resources.
5.1.2. Sandbox
Sandbox is the restrictive environment which applications can be executed in. It provides restricted and limited resources, which applications inside it can access.
5.1.3. Sandbox Manager
A sandbox manager controls the sandbox. It is responsible for determining which resource accesses are allowed. If the resources that the un-trusted application inside the sandbox tries to access are non-critical, access will be automatically given; otherwise, if the resources are critical or sensitive, the Sandbox Manager will then have to alert the user, possibly block such access, or prompt for user's input.
5.1.4. System Resources
These are hardware or software resources access to which is allowed or denied. Eg; files, network connections etc.
CHAPTER 6
WORKING OF THE SANDBOX
Sandbox works in its own simulated operating system capable of emulating any OS, including DOS, OS/2, and Windows.
The advantage of simulating multiple operating systems is that it allows to catch viruses created for different platforms. It could, for example, stop Linux viruses on a Windows machine that's not even running Linux. That should reduce the number of potential virus carriers out there in the world.
The sandbox security model provides a tightly controlled set of resources for foreign programs to run in, such as a small "scratch-space" on the disk and a section of memory to carry out instructions. The sandbox may allow some user interaction, and the user may be prompted to allow or disallow certain actions as the program runs.
Sandbox freezes an image of its simulated machine or speed up. It's like setting Windows in hibernation mode so that it doesn't have to go through the entire boot-up process when it's called upon.
6.1. SIMULATING PROCESS MEMORY
To make most Win32 viruses work in a simulated computer, thread support per process must be supported by the simulated operating system. A slot of CPU cycles must be given to each thread running. The simulated OS faces the same 'problems' as the real one does with regard to over¬head in management of all these threads. It is extremely easy to make threads, and viruses make remote threads in other processes. If this isn't supported, many viruses can't be detected.
There are several ways viruses can go resident in the windows Operating System. The first Windows9x viruses allocated memory pages and hooked the file system. The new major viruses have started external threads of already running applications giving then new functionality. To make these viruses also work on the simulated computer, our Windows clone Operating System must provide the same possibilities and APIs.API means Application Program Interface. It is the interface between the application to be run and the software module. These APIs must also be simulated to provide viruses the chance of looking at the already running processes and act there upon. Since the application running doesnâ„¢t have direct access to the memory space of other running applications, APIs are provided to do this. Security identifiers are also provided for additional security and these should be included in the Windows clone Operating System.
6.2. WHAT IS A LAN AND HOW DO VIRUSES USE THEM
Luckily, viruses can't physically look at the computer and say - 'Hey, it's a fake'. They cannot follow the physical cable and verify to whom they're actually speaking. They are relying on APIs and looking intro structures to 'explore' network capabilities. Extending the simulating computer towards LAN and Internet simulation is a matter of simulating the right APIs and filling in the correct structures.
The various 'networked' simulated computers can communicate within the LAN using given APIs. It is not connected to the real Internet.
6.3. HOW DO VIRUSES SEND E-MAILS
Viruses can emails in a number of ways. Some contain more code than others. Many pre¬pare the mail as a big chunk of data, and send it off to a SMTP server. Using high-level lan¬guages, like Visual Basic Scripts (VBS), the virus author doesn't need to know the details of how it works - general APIs are provided. Building the entire architecture for simulation purposes, you do need to know the details of how it works.
Basically, they open a socket against a SMTP server and send the contents they want transmitted. They must insert the commands and headers, and do some decoding if it is going to attach some¬thing binary from the already infected system. Some viruses talk to predefined SMTP servers; others carry addresses of SMTP servers they successfully communicated with earlier, and other again use the configuration in the 'Default mail account' settings in the Registry.
6.4. CONNECT THE SIMULATED COMPUTER TO THE INTERNET
The simulated computer isn't connected to the 'real world', and cannot see whether files or IP addresses are valid or available. An option is to make callbacks available to the engine to verify addresses or download files. This must be an option, or many home users will suffer from band¬width problems on their analogue lines, or even large corporations with thousands employees scanning their computers - image on access systems. It's more realistic a feature to put on the mail gateway, and scan mail attachments. The contents downloaded from an address could be copied into the simulated computer, and cannot touch the 'real' computer.
6.5. UPDATE THE SIMULATED COMPUTER AND THE LAN
All the software residing on the simulated hard disk is located in our signature data file. This signature file can be updated using incremental signature files.
CHAPTER 7
NORMAN SANDBOX 2005
Norman Sandbox is an Antivirus technology based on sandboxing. It is a product of Norman ASA.
Norman Sandbox 2005 has improved support for several functions. The Sandbox simulates a fake computer and network environment, completely separated from the internal computer resources. All files that enter the Sandbox are expected to execute certain tasks or to behave in a certain way. If a file suddenly starts performing tasks beyond a defined framework, this will be detected as non-standard behaviour and Norman Sandbox will make the file inoperable and deny access to your real computer system.
The Sandbox also informs the user of the kind of malware that has been detected and suggests further action. Norman has integrated the Sandbox solution into all its antivirus products and has experienced great success with the solution.
With the new and improved Norman Sandbox 2005 it will be harder for the malware to bypass the Sandbox.
7.1. Support for more than 3000 different APIs
Norman Sandbox 2005 now emulates more than 3000 APIs. This means that the Sandbox now emulates more than 3000 ways to connect to your operating system or other software in your computer.
7.2.Multithread support
A virus may have several threads that enable the virus to perform several independent actions in parallel. Each thread can help the virus to survive and to resist possible antivirus attacks. Sandbox 2005 now has multithread support, meaning that it can emulate several threads simultaneously.
7.3. Support for thread injection to remote processes
Sandbox 2005 has the ability to detect thread injection to remote processes. When some viruses take control of a system, they will inject their own threads into other running processes. Thereby, they can perform their actions by camouflaging themselves by hiding in other processes. This possibility is now closed in Sandbox 2005.
7.4. Detection of email harvesting
Many criminals are creating malicious programs that are harvesting email addresses either for their own use or in order to sell them to other criminals. This form of email-harvesting attempts will now be detected in our Sandbox 2005.
7.5. Improved network support
Sandbox 2005 has improved support for Peer-to-Peer (P2P) networks - thus creating better protection for file-sharing services. Many worms are aware of P2P networks, and try to spread using these mechanisms. The simplest form is just dropping themselves as interesting file names" into the upload/download directory. Because of the improved emulation inside Sandbox 2005, this will now be detected.
Sandbox 2005 has improved support for Internet network services, such as Newsgroups. Newsgroups are one of the most popular means for Internet communication and viruses often try to spread through these channels. Sandbox 2005 also has improved support for other Internet network services such as POP3, DNS, IRC, Web and others.
Sandbox has installed an enhanced LAN and is now able to support more complex local area networks.
7.6. Support for Instant Messaging communication
The use of Instant Messaging (IM) communication, such as ICQ, is growing rapidly and the new Norman Sandbox 2005 now supports IM protocols.
Now a handful of security companies, including Norman ASA, have revitalized this idea to help stop computer viruses and other malicious code. What Norman has done is a little different from traditional sandbox technology. Instead of simulating only a Windows environment like other sandboxes, Norman created its own simulated operating system capable of emulating any operating system, including DOS, OS/2,Windows.It will soon be available soon for Linux and other platforms.
Norman Sandbox technology has identified most of the major virus attacks during the last year. In some cases days before any competing products have been able to do the same. The proactive detection system has caused dramatically less attacks for Normanâ„¢s customers. Experts say that this is the only solution on the market that can identify the true behaviour of Active content and protect against unknown attacks the first time they strike.
CHAPTER 8
PROTECTION FROM DAY-ZERO ATTACK
Several indicators suggest just that. Today the most alarming threat is the so-called Day Zero Attack". This is becoming one of the IT security communityâ„¢s most common buzzword and users are desperately looking for the next generation of antivirus protection. The Day Zero Attack" is an attack that takes place on the very same day as vulnerability has been identified. Thus proactive detection is paramount. Proactive detection is the ability to identify and deal with a threat as it arises, rather than wait for the creation and distribution of signature files. By that time it may be too late for many organizations to avoid getting infected.
Fig.8.1
The average release delay is 6-24 hours from the moment a new virus hits until the users are able to receive the updates. Obviously, a signature-based procedure does not provide real-time protection from new and unknown viruses. Most corporations correctly find this to be insufficient, as it leaves their networks vulnerable and unprotected until they can distribute the required detection files to get their virus protection back on track. This can cause tremendous damage and heavy expenses to the corporation
The average release delay is 6-24 hours from the moment a new virus hits until the users are able to receive the updates. Obviously, a signature-based procedure does not provide real-time protection from new and unknown viruses. Most corporations correctly find this to be insufficient, as it leaves their networks vulnerable and unprotected until they can distribute the required detection files to get their virus protection back on track. This can cause tremendous damage and heavy expenses to the corporation.
The best way of obtaining a proactive antivirus solution is to execute the suspicious file in a safe environment. In other words - simply to let the virus execute its game. By doing this, any unknown and suspicious file that is trying to enter the computer, is isolated and prevented from infecting the computer system during analysis. As the virus unfolds, the proactive solution will monitor and assess the behaviour of the suspicious file.
Based on the analysis, the system will determine whether to quarantine the file or to allow the file to enter the computer itself. Doing this on a real system is hardly feasible.
Many operating system settings may have to be altered before potential virus will spread (dependencies as date, time, build number, security settings, system-directory, etc). Using a real system would require many adjustments and, most likely, several reboots. In short: It would be very time-consuming and very inefficient. To be able to do this within an acceptable time frame and with efficient system resources, a separate module (Sandbox) with its own operating system is needed.
CHAPTER 9
SANDBOX SECURITY MODELS
9.1.Java applets
In the Java system, most applets are run in a Sandbox that provides a rectangle of screen space, some disk space and memory.
9.2.Capability based security system
This can be regarded as an extreme form of sandboxing, where the entire system consists of nested sandboxes defined by the current capability state of the system.
9.3.On Unix systems, one of the ways to construct a sandbox is to use a command called chroot command.
9.4.Virtual machine emulator
Another form of sandboxing is to run a program on a virtual machine emulator. For example, entire operating system environments may be run in a sandbox from within another operating system.
Sometimes a sandbox is set up to run programs that are still under development and have the potential to damage the system. These test systems replicate the actual computing environment for which software is being developed. The presence of such a safe, controlled environment allows developers to try experimental code without fear of damaging a mission-critical system.
CHAPTER 10
CONCLUSION
Sandboxing technology is the only solution that can effectively combat viruses against new, unknown attacks. But the vendors of Sandbox product donâ„¢t view them as a full security solution; rather sandbox acts as a safety net to catch attacks that slip through are main anti virus program and other protection. And also only signature scanning can precisely identify the worms and virus. The intention of normal sandbox is to detect current threats to our system. Legacy DOS COM viruses and other known executable viruses are not detected by Normal Sandbox. Ordinary virus definition files do this.
REFERENCE
[1].gfidocuments/rv/msepemag04.pdf
[2]. poly.edu/presentations/isolated.execution.pdf
Reply
#2
thanks a lot for having this topic
Reply
#3
presented By
T.S.Deepthi

[attachment=12053]
SANDBOXING: [A Host Protection Technique in Grid Computing]
Grid computing
 What Is Grid computing?
 Aim of grid computing
Security in Grid computing
 Central issue
 Most significant challenge
Classification of Grid computing security
 Resource Level
 Service level
 Authentication &Authorization level
 Information level
 Management level
Resource Level Solution
 Sandboxing
 Virtualization
SANDBOXING
 A Secure isolated environment
 Framework that provides security to underlying machine
Virtual machine as Sandbox
 Virtual machine is a technology
 Decoupled from system software
 Fine grained resource allocation
 Enable process migration
Types of Sandboxes
1. Virtual Grid nodes
2. Eager pre-fetching, whole-file-caching sandboxes
3. Lazy, block-caching sandboxes
4. Lazy pre-fetching, whole-file caching sandboxes
Virtual grid Sandbox
 Simplest Sandbox
 Offers most of the benefits
 Different from physical node
 Provides isolation
Eager pre-fetching, whole-file-caching sandboxes
 Acts as a individual job container
 Design uses Virtual machine as AD-hoc entity
 Flexibility of launching a Virtual machine with a pre-configured environment
Lazy, block-caching sandboxes
 The boundary of the sandbox is extended to include
“SUBMIT MACHINE”
 Avoids any library or software compatibility issues
 Useful when an application has huge input file dependencies but makes few I/O calls.
 Not tight as sandbox2 and sandbox4.
Lazy pre-fetching, whole-file caching sandboxes
 Similar to sandbox2
 Decision to pre-fetch the files required by the job is done dynamically.
 Need to open up network access to the sandbox
Transparent Sandbox
 Transparent to the user
 It can be remote controlled
 It should be bullet proofed
 It needs a backdoor
 It should provide Instantiation
Additional Benefits
 Simplified application development
 System-level check pointing
 Legacy applications
 Enforce resource limits
Reply
#4
i need a full report and ppt on sandbox technology. plz help me.
Reply
#5
you can refer these page details of "Sandboxing for Antivirus Solutions full report"link bellow

http://studentbank.in/report-sandboxing-...0#pid51820
Reply
#6
1.since when sandboxing is used in antivirus?
2.latest development in sandboxing?
3.models and algorithms used in sandboxing
Reply
#7

to get information about the topic anti virus full report ppt and related topic refer the page link bellow

http://studentbank.in/report-computer-vi...ull-report

http://studentbank.in/report-sandboxing-...ull-report

http://studentbank.in/report-computer-vi...ort?page=2

http://studentbank.in/report-antivirus-software
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: virus antivirus seminar topic download pdf, windows vista antivirus, engineering maintenance solutions, seminar topic of operating system antivirus software, how to mobile antivirus project, what is signature based antivirus ppt seminar, virus antivirus seminar report,

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  computer networks full report seminar topics 8 42,007 06-10-2018, 12:35 PM
Last Post: jntuworldforum
  OBJECT TRACKING AND DETECTION full report project topics 9 30,647 06-10-2018, 12:20 PM
Last Post: jntuworldforum
  imouse full report computer science technology 3 24,889 17-06-2016, 12:16 PM
Last Post: ashwiniashok
  Implementation of RSA Algorithm Using Client-Server full report seminar topics 6 26,603 10-05-2016, 12:21 PM
Last Post: dhanabhagya
  Optical Computer Full Seminar Report Download computer science crazy 46 66,326 29-04-2016, 09:16 AM
Last Post: dhanabhagya
  ethical hacking full report computer science technology 41 74,434 18-03-2016, 04:51 PM
Last Post: seminar report asees
  broadband mobile full report project topics 7 23,311 27-02-2016, 12:32 PM
Last Post: Prupleannuani
  steganography full report project report tiger 15 41,325 11-02-2016, 02:02 PM
Last Post: seminar report asees
  Digital Signature Full Seminar Report Download computer science crazy 20 43,675 16-09-2015, 02:51 PM
Last Post: seminar report asees
  Mobile Train Radio Communication ( Download Full Seminar Report ) computer science crazy 10 27,932 01-05-2015, 03:36 PM
Last Post: seminar report asees

Forum Jump: