1. Field
Invention relates to containment of damages to computing resources, and in particular to containment of damages originating from untrusted or malicious logic modules such as viruses.
2. Related Art
An improperly guarded provider module, such as a software module providing a service or a resource, can be taken over by an untrusted user module, such as a virus. Such an untrusted user module may cause considerable damage by using system resources, by accessing and/or corrupting the provider module's data, by copying itself to other machines, and so on. Hence, it is desirable to contain the untrusted user module and limit its destruction to the extent possible.
An ideal solution would ensure a logic module's immunity to such attacks. However, as logic modules become increasingly complex, such immunity is increasingly difficult to accomplish. Furthermore, it is impossible to fully audit third party modules (such as software applications and shared libraries) and verify that they are immune to attacks from untrusted parties. Every new module and every change in existing modules must be similarly inspected, with the risk of allowing attacks in case such an inspection is not thoroughly exhaustive. Such an inspection process, even if possible, will consume large amounts of resources and time and typically will not be performed except in a highly secure environment.
A second option is to operate a provider module in a sandbox and provide no more resources than the provider module needs, thereby confining threats to the provided resources. However, such resources may still be critical and are vulnerable to considerable damages.
Accordingly, there is a need for stronger means of damage containment.