Deutsch
English
Anoubis consists of different functional modules:
Application Level Firewall (ALF)
The Application Level Firewall filters network traffic
initiated by applications. It is possible to allow specific
network connections for one application while other applications
are not allowed to access the network at all.
This way an application can only use the network resources and ports that it actually needs. If an application is compromised, it can still only access these resources, and cannot extend it's reach. For example, a PDF viewer cannot download an update via HTTP without this being noticed, although the WWW browser has access to the web.
Sandbox (SB)
The sandbox filters filesystem accesses, which are requested by a
specific application.
It is possible to make only those filesystem-areas available, that an
individual application needs.
Access to other areas will be prevented.
This ensures that applications, even if they run with the privileges of a user, can only perform authorized accesses to data on the system.
Secure Filesystem (SFS)
With Anoubis you can ensure the integrity of files by using signed
checksums.
This can be used to implement two important features:
Building of a trustworthy system and detection of manipulation.
The design of this trusted system ensures, that permissive policies of the Sandbox and the Application Level Firewall are only applied to selected applications (identfied with the help of signed checksums).
Even if an attacker succeeds in manipulating files on the system, this will be detected with the help of signed checksums. Execution of the manipulated application or access to the manipulated file is prevented. The signature is user-based, which means that each user can determine, if his own files were changed. This way a user can for example detect, if the user root has changed a file signed by the user, even if the root user has a new (for root) signature for the file.