From the course: Threat Modeling: Denial of Service and Elevation of Privilege

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Bolt-on or built-in defenses

Bolt-on or built-in defenses

From the course: Threat Modeling: Denial of Service and Elevation of Privilege

Start my 1-month free trial

Bolt-on or built-in defenses

- [Instructor] It's hard to build a sandbox that usefully encapsulates code that's not designed to work in a sandbox. Fortunately, the engineers building Android and iOS we're able to look at the plague of malware that impacted desktops and design a very different set of sandboxes. Because there were no Android or iOS apps, they had far more flexibility than the creators of say Docker. When greenfielding or rearchitecting in a move to the cloud, it's very valuable to take strong advantage of the various available sandboxes. For example, AWS Lambda uses a mix of cgroups, namespaces, seccomp-bpf, iptables and chroot to provide you with a fairly robust sandbox with a documented shared responsibility model. And because you're rearchitecting for Lambda, you can take advantage of all of those things. In fact, you have to. Not all hope is lost if you're using a more traditional operating system. More and more functionality is…

Contents