[tor-talk] TorBrowser Sandboxing as alternative enterprise equivalent: BitBox
Fabio Pietrosanti (naif) - lists
lists at infosecurity.ch
Tue Jan 3 13:43:27 UTC 2017
Hello,
thinking about the problem of Tor Browser Sandboxing, i would suggest to
look at the excellent approach taken by the commercial Crypto company
Sirrix AG with their product (partially opensource) BitBox.
BitBox uses a model somehow similar to Whoonix but with a
user-experience that's completely transparent, leaving the end-user with
the experience on using a normal browser while in the backend on his
desktop computer there are two sandboxed operating system using
virtualbox to interact each other.
That architecture and security model could be the one to look forward
for TorBrowser future rather than just looking at "application-level"
alternatives.
References:
- BitBox product
https://www.sirrix.com/content/pages/BitBox_en.htm
- Installation Manual of BitBox Opensource Edition
http://download.sirrix.com/media/downloads/65964.pdf
- discussion on BitBox Security
http://security.stackexchange.com/questions/121266/how-secure-is-browser-in-the-box
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
https://ahmia.fi
More information about the tor-talk
mailing list