How do user privileges interact with BZ policies?

Eyal Dotan: BZ doesn't interfere with user privileges; rather it adds an additional virtualization layer which is transparent to normal user operations. When paths are redirected elsewhere, we copy the existing security attributes.

We copy the Windows security attributes to the BZ virtualization repository. This then allows a user "Write" operations which would be denied against the real Windows resources to be fulfilled through access to the BZ's virtual files-system and registry. "Read" operations are blocked according to Windows' ACLs (this way, a user cannot access another user's files for example).

How does the corporate version distribute and update policies?

Eyal Dotan: We utilized a configurable pull request every "n" minutes which runs across a private protocol known only to BZ. The approach is very straightforward with nothing really exciting to say here.

Trustware is about to release a plug-in for Microsoft's GPO which will allow lightweight and easy control of BZ agents.

Would you like to talk about this plugin?

Eyal Dotan:

The choice of using these tools lies with the user. With the GPO plug-in which integrates into Microsoft's native administration tools, the IT manager is provided with the tools to enforce the wrapping of these dangerous programs inside the BZ.

It also lets the administrator enforce such things as password protection for the BZ agent, protection against unload, and deciding which programs must run in the BZ.

What is the role of the kernel module?

Eyal Dotan: It is a very complex technical component that intercepts and filters I/O to files, the Registry and some critical native Windows APIs. It watches running processes, and takes special actions for those flagged as "BufferZone."

Our internal algorithms decide which of the I/O calls are considered of interest to BZ and then processes or redirected these calls accordingly.

This is similar to systrace...

Eyal Dotan: Are you referring to the hooking mechanism? Well to that extent, it's a very common mechanism on Windows which is also utilized by desktop firewalls and HIPS (Host Intrusion Prevention System) software to hook file activity. Our uniqueness is in what we do to these I/O calls.

Instead of denying them or scanning the associated files content like regular security software, we allow them to execute securely in the BZ. It allows more flexibility (most programs work properly with no need to generate annoying pop-ups to ask user/admin for a complex forbid/deny response) which in turn brings more security (the entire registry and file system are protected, not just some parts of them).

BZ is cognizant of certain operations which must be forbidden in order to ensure the integrity of the system. Some of these operation classes include:

• a BZ program cannot access the Kernel or send e-mail.
• a BZ program cannot inject, hook, modify or kill processes outside of BZ.

Would this approach be portable to other platforms such as MacOS X or GNU/Linux?

Eyal Dotan: Since the approach requires development of kernel-level technology, the actual implementation is OS-dependent. However, the general approach is very much OS-independent as all major commercial operating systems have facilities that would allow our approach to work. That said, Trustware is currently focused on Windows where the vast majority of the issues we are addressing currently reside.