The Security and Network Impact of Seattle

Installing any software on a computer involves risk. One of our key design goals with Seattle is to mitigate that risk to the extent that is possible. Seattle is designed to safely execute general-purpose programs from untrusted users. Seattle does this by isolating the performance and execution of programs using virtualization. This means that Seattle never takes more than a fixed amount of resources on your machine (by default 10%), while virtualization protects against malicious programs. Our end goal is to provide a platform that provides a safer way for users to execute applications.

Quick Links

FAQ

Q: Is it safe to run Seattle on my home machine?
A: Our intent from the outset has been to maximize security. We believe our system is safer than existing code sandboxes for web applications that are prevalent on all systems. However, any software adds risk.

Q: What sort of network traffic will my computer send?
A: By default, Seattle only allows a user to listen on TCP and UDP using local ports 63100 - 63199 (inclusive). Outgoing traffic will use ports greater than 1024. There is an optional module under development that will restrict the source and / or destination of Seattle traffic to only other Seattle nodes.

Q: What files are accessible by programs running in the Seattle virtual machines?
A: Programs running on Seattle are restricted to reading and writing files in a single directory that is below the Seattle installation directory.

Q: Can't a malicious person write a program that consumes all of the resources on my machine?
A: We've done some testing and believe it's not possible for a malicious party to negatively impact your performance. We used a common set of benchmarks used to test virtual machine isolation (fork bombs, disk and network I/O stress tests, spinning in a loop, grabbing all available memory, etc.) and scored better than most of the industry standard isolation techniques used in data centers.

Q: What resources do you performance restrict?
A: CPU, memory, disk read / write rate, random number generation, disk space, network read / write rate, network port use, loopback read / write rate, threads, and open file handles.

Q: How do you set the resource restriction values?
A: When our installer is run, we benchmark your system and try to get a conservative estimate of the resources on your system. We then set the overall restrictions to be that value multiplied by the percent you are donating (by default 10%).

Q: My question is not answered. Who do I contact?
A: Please contact our team at seattle-devel@googlegroups.com if you have any further questions concerning Seattle.

This material is based upon work supported by the National Science Foundation under Grant Numbers (0834243, 1205415, and 1223588). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.