First off, this is really just kind of thinking out loud and i am not a security expert at all… I’m just curious what your thoughts are.
I got to thinking about how the sandbox works. At the root of it all, the os is really just a resource divider. But the interconnection of the system and the applications is exactly what creates so much complexity and so many loop holes for maleware to penetrate… I don’t truly understand how the os allocates resources but why isn’t possible for an application to be given a hardened “shell” so to speak? This shell imo should include all the ram, files, etc. I would like to see a program query for a file (in the encrypted storage) be completed by the os in such a manner that decryption also verifies the code and data before injection into the shell for use by the program.
Basically, what im saying is why can’t we seperate the os from our data and prgrams in such a manner that malware intrusion never has a chance see decrypted data, or enter the shell where it can cause damage. The os would never even see any data… As far as the os knows, it just has memory and cpu resources that are absolutely not to be interfered with.
Kind of the opposite of the way the sandbox works in keeping bad prgrams contained, now we are putting good prgrams in the container and laughing at the malware that can’t get access to any resources. Any executable that doesn’t pass the code integrity test, or have a decryption key matching what your shells Require would instantly be terminated and removed.
I THINK this is sort of how some of the current windows security works… Specifically the code integrity portions… So if we have a hardened os via code integrity, hardened application shells that nothing can get into and out of without some sort of authentication, and then an encypted communication protocol for printing, external devices etc… Then how can malware ever get a foothold?
Would this takes a complete rewrite and rethinking of the way apps and os currently interact? Does it even make sense the way I’m describing it?