From the course: Threat Modeling: Denial of Service and Elevation of Privilege
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Sandboxes and isolation protect your environment
From the course: Threat Modeling: Denial of Service and Elevation of Privilege
Sandboxes and isolation protect your environment
- [Instructor] The fundamental job of an operating system is to control what code can do. This requires restricting its access to the hardware, and it often involves separation into accounts. The operating system isolates hardware and the different accounts from each other. Similarly, a firewall isolates network segments from each other. Both the operating system and a firewall are semipermeable. Each allows some things to go through based on a set of rules, a policy. If you don't need a policy, you just need wire cutters. When you have policies, it's important for them to express what you want, for it to be easy to express those policies, and for it to be easy for both people and code to analyze those properties and, wait for it, it's hard to get all those in one universal package. So, for example, old-fashioned units accounts isolate from one another and the operating system protect root and ring zero from normal…
Contents
-
-
-
-
-
-
-
-
Ways to defend against EOP1m 10s
-
Validation to defend against elevation1m 32s
-
Validate for purpose to prevent elevations1m 56s
-
Validation not sanitization for defense1m 13s
-
Attenuation in defense2m 14s
-
Memory safety as a defensive tool2m 1s
-
Stack canaries to protect your code2m 20s
-
Sandboxes and isolation protect your environment2m 8s
-
Bolt-on or built-in defenses1m 26s
-
-