Sandbox), also known as Sandbox, is one of the most widely used technologies in the information security field in recent years. Google Chrome and MS Office2010 all use sandbox technology to improve their security. In the current IT field, Sandbox technology is widely used in the anti-virus software industry. For example, IT is used for virus experiments and various sandbox Security modes in user applications.
So what is sandbox technology? Simply put, sandbox is an "environment" that provides a testing environment for programs with untrusted sources, destructive power, or inability to determine program intentions. However, all changes in the sandbox do not cause any loss to the operating system.
The most basic starting point of sandbox is the ultimate goal. It is to provide a separate environment for the programs running in it, regardless of the running result, does not affect the system environment other than sandbox. By extending this principle to applications at the upper layer, it theoretically provides a new direction for the Intranet security field, that is, the application of sandbox technology, isolate behaviors that may cause harm to the overall Intranet security, so as to minimize security risks.
According to Huang Kai, R & D Director of Yixin technology, IP-guard, a well-known Intranet security product in China, considering the security characteristics of sandbox technology and the Industry Characteristics of Intranet security, in the next few years, the Intranet security field may be applied to sandbox Technology in multiple aspects.
I. Apply sandbox technology to reduce security risks of unknown programs
To complete various tasks, a variety of applications, such as email, text processing, and instant messaging, may be installed on the computer of an intranet user. Generally, mature IT systems are under unified IT policy management. To prevent security risks caused by unknown programs, which applications are allowed and prohibited by users' computers, there are clear provisions. However, in actual management, especially in many domestic organizations, IT management is not standardized, and the user's security knowledge level is also uneven, simply managing the application blacklist or whitelist does not cover all applications. In this case, the Organization's Intranet security level depends largely on the user's IT security awareness level, this is obviously a token.
The existence of sandbox technology provides new ideas for solving application compliance. Using sandbox technology, IT administrators can automatically put untrusted or non-whitelist programs into the sandbox for operation, even if a program with potential risks is downloaded and run due to insufficient security awareness, the running of the program in the sandbox will not adversely affect the system other than the sandbox, moreover, due to the isolation of sandbox, malicious programs cannot access confidential information that exists in the intranet and computers, thus improving the overall security level of the Intranet. At the same time, for applications that are not included in the whitelist but may be required by users, compared with the previous "one-stop-to-one" or "one-stop-all ", the existence of sandbox also gives the third option of flexible road.
2. Use sandbox technology to build a trusted and secure Intranet environment
When a user uses a computer, it involves accessing and using data from various locations, such as local data and document servers. In this case, there is a risk of information leakage. Without restrictions, information may be transmitted through networks, mobile storage devices, and other methods due to user negligence or subjective and malicious behaviors. At the same time, the existence of various spyware and risky programs also threatens data security at all times. The existence of sandbox shows us another way, that is, using sandbox technology to create a trusted security environment for classified applications.
Taking Yixin technology's internal CRM system as an example, when a user needs to use a CRM system that is considered to store highly confidential information, the system automatically puts the program into the sandbox for operation. At this time, because it is in the sandbox, other programs except the sandbox cannot call the data in the CRM program process, and the data in CRM cannot be leaked to other processes through the sandbox. After the program stops running in the sandbox, all traces and data disappear due to the disappearance of the sandbox, thus achieving the purpose of confidentiality.
In fact, by extending the above CRM program, Sandbox technology can even help build a secure environment. For example, when a user enters the working state and needs to access or use some sensitive information, the system is automatically placed under the sandbox environment, at the same time, make necessary restrictions on network access, device applications, and other existing management and control functions of IP-guard and other products in the sandbox state, the information used and processed is encrypted in the sandbox environment. Once the user completes the work and exits the sandbox environment, all information and operation traces are deleted instantly. System Applications Running in normal environments are not restricted. systems running in sandbox environments are highly isolated, which completely isolates normal and confidential environments, build a trusted Intranet environment.
3. Apply sandbox technology to improve application reliability.
Google acquired GreenBorder, the originator of sandbox technology, and applied the sandbox technology in its Chrome browser, each tag runs in an independent sandbox, which effectively avoids browser and even system crashes caused by TAG crashes during multi-tag browsing and improves application reliability.
Similarly, Sandbox technology can effectively improve the reliability of Intranet security applications. For example, in recent years, the Intranet security field has been quite common, and it is also the document transparent encryption technology applied by the IP-guard New Product V + omnidirectional document encryption. Because it is process-based encryption, that means no matter how many documents are opened, since the process can only be reflected as one process, if one of the documents is damaged due to some reasons, other documents have the same risk of damage. The Sandbox technology can be used to place the encryption process of each document in a separate sandbox. The damage to a single document will not cause damage to other documents, which can effectively improve the system reliability.
In addition, the isolation feature of sandbox can also make the encryption of different documents in the same document format but confidentiality requirements more flexible. For example, some documents received by users from external sources may not be easily encrypted. For these documents, they can be run in the sandbox without being encrypted, this effectively separates documents of different security levels during use, making encryption more practical and flexible. When talking about this, Huang Kai is quite touched: "similar to this kind of" micro-innovation ", it does not significantly improve the security of the system, but it is precisely this tiny innovation, it embodies the product innovation philosophy of IP-guard and other excellent products from the user perspective and pursuing User Experience Improvement.
Limitations of sandbox Technology
As mentioned above, Sandbox technology may be used in the future in the field of Intranet security. Its main idea is to use the isolation feature of sandbox technology to improve the security and reliability of applications, ensure that local risks do not affect the overall security level. In fact, some Intranet security products have already applied the sandbox technology or the concept of sandbox, such as some disk encryption environment switch products. Virtual machines, thin clients, and other products are also similar to sandbox technology to some extent.
However, we must also see that the development of any emerging technology, in addition to the benefits of innovation, may also have its limitations. At this point, Sandbox technology is no exception.
First, Sandbox technology is not anti-virus software or its security products, which means it can only be isolated and cannot detect encrypted or complex security threats. Therefore, the idea that all security threats are no longer threats after sandbox is applied is obviously tricky, and sandbox cannot completely solve all problems. Secondly, because of the existence of the sandbox, an application is added between the user and the application. Theoretically, an attack vulnerability is added. Sandbox programs are not impeccable, which may provide a new starting point for malicious behaviors. Finally, the sandbox technology itself is a single application. To implement the various features mentioned above, we need to make special Optimization designs for different applications to improve their availability, this is also the key to testing product managers.
Sandbox technology is not mysterious. According to Huang Kai, the above mentioned points may be available in the future of IP-guard. Talking about innovation again, Huang Kai said: "Many new technologies, including sandbox technology, may only improve the availability, ease of use, or stability of products from a tiny angle. However, these tiny innovations have accumulated to form excellent products. As a matter of fact, IP-guard has been continuously innovating and applying new technologies based on the customer's actual needs for ten years since its development. Up till now, some of our colleagues have been independently engaged in R & D and have been persistently exploring new technologies, it is to add more useful micro-innovations to IP-guard or other products to bring more real benefits to users. We have won the Computex award. For this award, we are more inclined to understand it as an encouragement for micro-innovation based on user needs rather than being awarded to excellent technologies ."