SEES: Secure Execution Environment Server PDF Print Email
Article Index
SEES: Secure Execution Environment Server
Key Features SEES
FAQ SEES
System Requirement SEES
All Pages
Page 1 of 4

Overview

Email Virus

  • More than 90% of the viruses that successfully enter an enterprise is through email
  • Examples: ILoveYou, Melissa, Party, Klez
  • Existing anti-virus solutions:
    • Scanning/filtering at the firewall
    • Scanning/filtering at the email server
    • Behavior blocking at the end user machine

What is the problem?

  • Conventional anti-virus products depend on signatures/heuristics, an unreliable tactic
  • Newer behavior blocking products use system call monitoring and filtering, and require setting security policy carefully to balance between security and convenience
  • Tenet: Security products have to be easy to use, otherwise users will disable them

 

Secure Email Attachment Execution

  • Idea: what if we set up a “playground’’ machine on which to run potentially dangerous email attachments and other mobile code but display the result on the end user machines
  • Key advantage: damage isolation
  • Other advantages:
    • No need for periodic virus signature updates
    • No need for per-machine security policy setting
    • It is OK to loosen up the security constraints

SEES Protection Mechanism

  • End user machine: guarantees that no dangerous email attachments or downloaded files can damage or steal end user' data
  • What if SEES server is down?
    • Unlikely because SEES server's security configuration is air tight, plus it includes system call monitoring and filtering technology to protect itself
    • Even when it does fail, users can still invoke email attachments or other mobile code locally, as a fall-back measure

Potential Questions

  • Scalability: the SEES server only runs email attachments and other mobile code, and includes a time-out mechanism to disconnect idle clients. 1-GHz Pentium-4 server with 512 Mbytes should be able to support up to 50 active users
  • Latency: On a 100Mbps Ethernet, MS Office applications remain interactive
  • Flexibility:
    • Local save: OK
    • Look and feel: almost the same
    • Long-term use of attachment applications: prohibited
    • Maximum number of sessions per client: configurable
    • File types that is safe to run locally: configurable
    • Supported email clients: configurable

 

Fine Prints

  • Only dangerous email attachments and other mobile code are invoked on the SEES server; audio/video attachments are viewed locally
  • Files downloaded from web browsers will be marked and executed on the SEES server: an additional protection against malicious content from network
  • Local files with .sees extension will also be executed on the SEES server: a useful feature to test-run mobile code
  • SEES server has a configurable security policy to sandbox the execution of email attachments and potentially malicious downloaded files

 

SEES Products

  • SEES 3.0 Enterprise Edition: A product that can defend an enterprise against malicious email attachment and zero-day malicious mobile code
  • SEES 3.0 Professional Edition: A product that extends the architecture of SEES Enterprise Edition: Local sessions with low privileges replace a separate SEES server, giving more flexibility and scalability to small businesses and home users

 


Prev - Next >>