Sandboxing Post: 302965409

Sponsored Content

Top Forums Programming Sandboxing Post 302965409 by jim mcnamara on Thursday 28th of January 2016 01:46:08 PM

01-28-2016

Registered User

Well, in a sense you can. Oversimplified:

Create a network that is physically disconnected from everything. You need a DNS server ( 1.1.1.2 which gives the answers to all inquiries as 1.1.1.0, a box called internet (1.1.1.0), a box called test (1.1.1.3).

These can be virtuals on a single server. But. Treat the whole server as poison so - There cannot be any network connection out of the box. Ever.

The US National labs do this to test potential malware. You run the bad guy on test. You run your program on internet to see what traffic you get aimed for where, for example. You then indepedently check "where" against known lists like Tor access points, bad sites in general. There is a blacklist that is updated daily, I believe.

I've oversimplified this a lot. As an example, you need to be able to munge any actual ip request like 8.8.8.8 -> 1.1.1.0. The labs work with dozens of virtuals simulating various sites out in the wild.

This is also done by companies who specialize in security software. I saw a demo by folks from Sandia Labs and a security vendor a while back. Very interesting. The vendor sells the system. Duh.

Once done testing you wipe everything and restore from tape or whatever. The "whatever" cannot ever be seen by the nasty system except after a complete wipe.
The labs also reflash the bios and do some other cleansing.

jim mcnamara

View Public Profile for jim mcnamara

Find all posts by jim mcnamara

LEARN ABOUT CENTOS

glscissor

GLSCISSOR(3G)							   OpenGL Manual						     GLSCISSOR(3G)

NAME

       glScissor - define the scissor box

C SPECIFICATION

       void glScissor(GLint x, GLint y, GLsizei width, GLsizei height);

PARAMETERS

       x, y
	   Specify the lower left corner of the scissor box. Initially (0, 0).

       width, height
	   Specify the width and height of the scissor box. When a GL context is first attached to a window, width and height are set to the
	   dimensions of that window.

DESCRIPTION

       glScissor defines a rectangle, called the scissor box, in window coordinates. The first two arguments, x and y, specify the lower left
       corner of the box.  width and height specify the width and height of the box.

       To enable and disable the scissor test, call glEnable() and glDisable() with argument GL_SCISSOR_TEST. The test is initially disabled.
       While the test is enabled, only pixels that lie within the scissor box can be modified by drawing commands. Window coordinates have integer
       values at the shared corners of frame buffer pixels.  glScissor(0,0,1,1) allows modification of only the lower left pixel in the window,
       and glScissor(0,0,0,0) doesn't allow modification of any pixels in the window.

       When the scissor test is disabled, it is as though the scissor box includes the entire window.

ERRORS

       GL_INVALID_VALUE is generated if either width or height is negative.

ASSOCIATED GETS

       glGet() with argument GL_SCISSOR_BOX

       glIsEnabled() with argument GL_SCISSOR_TEST

SEE ALSO

       glEnable(), glViewport()

COPYRIGHT

       Copyright (C) 1991-2006 Silicon Graphics, Inc. This document is licensed under the SGI Free Software B License. For details, see
       http://oss.sgi.com/projects/FreeB/.

AUTHORS

       opengl.org

opengl.org							    06/10/2014							     GLSCISSOR(3G)