Version 1 (modified by mikeryan, 13 years ago) (diff)

rough outline

Table of Contents

  1. Running the malware
    1. Infrastructure security
    2. Isolation from other experiments
  2. Storage and Leakage
    1. Leakage of binaries
    2. Storage
  3. Policy Issues
  4. Miscellaneous

Needs attention:

  • When Steve finds out how large the repo is, update the storage section
  • Someone investigate encrypted loopback images and expand that section
  • Policy issues needs more work

Running the malware

Infrastructure security

Revisit the firewall rules on router to prevent leakage channels. Absolute minimum set of services should be allowed from testbed -> users/boss/etc.

Isolation from other experiments

Control net separation

Storage and Leakage

Primary goals are to allow vetted users to access the malware safely and prevent unauthorized users from gaining access.

Leakage of binaries

Some belt-and-suspenders support to prevent leakage is to export NFS shares read-only:

  • /proj, /groups, /share, etc.
  • home directories

Storage

Where/how we store it depends on how large it is. Steve is looking into this.

  • Loopback encrypted file system on users:/share, read only
    • Encryption options
    • Shared password
    • Revocation (is this necessary)
  • OS ID with strict access controls
    • Is it possible to limit the projects this is exported to?

Policy Issues

  • Do not copy it off experiment
  • Do not attempt to run on non-malware experiment

Miscellaneous

Updates will probably be done via HTTPS with a client certificate. This depends on the GA guys.

How will we annotate the experiment file to let the testbed know this needs special treatment (i.e., read-only mounts, copy encryption key/token to box)?