What is Isolated Execution?

Isolated Execution is a software reference implementation of the security through isolation concept. It is not targeted at stopping mal-ware from running or avoiding its insertion in the user’s machine; it rather provides a contained environment where mal-ware can run without affecting the whole system.

Isolated Executions allows to handle a pool of such contained environments or sandboxes “ready to use” for running unknown or untrusted applications or opening suspicious files or programs from unverified third-parties. The user decides whether to open a file depending on the confidence the user has on the file origin. Using the “Send to sandbox VM” option from the context menu the file will be copied and opened in an isolated environment for its use. All the damage caused by this file, if any, will be limited to the sandbox scope. After closing the application the sandbox will be restarted and back to the pool without affecting the user environment.

Main benefits of Isolated Execution:

- Limit the scope: Limit the damage caused by Malware through sandboxing
- Delay an attack: Limit speed and propagation of worms and virus distribution due to containment
- Assist the user: Decrease the likelihood of human error initiating an attack
- Better detection: Allows for a more thorough and efficient detection capability

Even though the theory behind security through isolation is very complex and there is no implementation widely used nowadays, Isolated Execution tries to take advantage of the virtualization hardware technology available today in most platforms and apply it to solve some common problems that the user have every day when she uses the computer. For instance, zero day attacks could be managed by Isolated Execution, opening the file containing the exploit in a sandbox. We want to emphasize that this is only a proof of concept of the idea; we aim to collect feedback and discuss the pros and cons of this approach sharing with the community some interesting modules that Isolated Execution provides.