2

Today I have looked at the desktop application framework - Pokki. The first questions were: how it works and is it secured. What I have found about security architecture: Pokki Security Overview. So my questions are:

1) Is the sandbox architecture secure?

2) How can I test that a pokki application (or any other) has met all the requirements of this architecture (certified)?

boflynn
  • 111
  • 4
garik
  • 1,292
  • 15
  • 24
  • Secure from whose point of view? From a user's point of view? – user606723 Aug 24 '11 at 17:05
  • @user606723 of course – garik Aug 24 '11 at 17:06
  • Secure for what, from whom? – this.josh Aug 26 '11 at 01:56
  • The link to the Pokki Security Overview is broken. Does anyone have a more recent one? – D.W. Sep 08 '12 at 19:32
  • Pokki itself looks like crapware that's usually preinstalled on consumer PCs. I wouldn't trust it at all, let alone the apps running in it. –  May 27 '15 at 00:48
  • You may want to check out this presentation that gives you a fairly detailed overview of the google chrome sandbox and some potential security concerns. Hope you find it interesting. http://www.matasano.com/research/Escaping_The_Sandbox-2010.pdf – Eric Ness Aug 25 '11 at 04:56
  • The site is down. I can't read up anything about it, but I would highly doubt it is a secure sandbox architecture. – forest Dec 15 '17 at 01:06
  • @forest security is history )... Snowden says ) – garik Dec 15 '17 at 06:45
  • @garik That's not really true, otherwise this whole stackexchange would be obsolete. – forest Dec 15 '17 at 07:22
  • @forest just continue trusting into illusion ) – garik Dec 15 '17 at 11:13
  • @garik Security is a process for reducing risk. There is no such thing as perfect security, but that does not mean that mitigating certain threats to acceptable levels isn't often not only possible, but practical. – forest Dec 16 '17 at 02:07

1 Answers1

2

Pokki is secure the same way that chrome is.

  1. A Pokki process is severely limited and thus no malicious software can infect your system from within a Pokki without breaking several security layers simultaneously (very unlikely).
  2. There are no tests because the application itself doesn't have anything to do with the sandbox architecture except it runs ontop of it. I fit's a Pokku app then it's secure (in this way)

These security measures only stop malicious software from infecting your system.
It does not secure against anything else.

If you could be more specific about what you're trying to prevent, I could explain further.

user606723
  • 852
  • 5
  • 10
  • Can you please provide some sort of reference or document? I've never heard of Pokki and can't find anything on their site. What do they use to build their sandbox? What are the several layers if they do happen to use anything more than integrity levels? – Steve Dodier-Lazaro May 26 '15 at 18:44