Data sandboxing: A technique for enforcing confidentiality policies

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2006, Pages 223-232

  Khatiwala, Tejas ^a   Swaminathan, Raj ^a   Venkatakrishnan, V N ^a  

^a University of Illinois at Chicago   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

NETWORK CONNECTION; PROGRAM SLICING; SANDBOXING;

COMPUTER PROGRAMMING LANGUAGES; INFORMATION ANALYSIS;

SECURITY OF DATA;

EID: 39049154912     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2006.22     Document Type: Conference Paper

References (25)

1. A. Acharya and M. Raje. Mapbox: Using parameterized behavior classes to confine applications. In USENIX Security Symposium, 2000.
2. D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations. Technical Report MTR-2547, Vol. 1, MITRE Corp., Bedford, MA, 1973.
3. D. Bernstein. The qmail mail transport agent. Available from http://cr.yp.to/qmail.html.
4. D. Brumley and D. Song. Privtrans: Automatic privilege separation. In USENIX Security Symposium, San Diego, 2004.
5. H. Chen and D. Wagner. MOPS: an infrastructure for examining security properties of software. In ACM Conference on Computer and Communication Security (CCS), 2002.
6. D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Symposium on Operating Systems Design and Implementation (OSDI), 2000.
7. T. Garfinkel. Traps and pitfalls: Practical problems in in system call interposition based security tools. In NDSS, 2003.
8. I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A secure environment for untrusted helper applications: confining the wily hacker. In USENIX Security Symposium, 1996.
9. D. Larochelle and D. Evans. Statically detecting likely buffer overflow vulnerabilities. In USENIX Security Symposium, Washington, D.C., August 2001.
10. S. McPeak, G. C. Necula, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for C program analysis and transformation. In Conference on Compiler Construction, 2002.
11. A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering Methodology, 1999.
12. J. Newsome and D. Song. Dynamic taint analysis: Automatic detection, analysis, and signature generation of exploit attacks on commodity software. In Network and Distributed System Security Symposium (NDSS), San Diego, 2005.
13. V. Prevelakis and D. Spinellis. Sandboxing applications. In Usenix Technical Conference Proceedings: FREENIX Track, pages 119-126, Berkeley, CA, 2001.
14. N. Provos. Improving host security with system call policies. In 12th USENIX Security Symposium, 2003.
15. N. Provos, M. Friedl, and P. Honeyman. Preventing privilege escalation. In USENIX Security Symposium, Washington, D.C., August 2003.
16. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE J. Selected Areas in Communications, 21(1), Jan. 2003.
17. K. Scott and J. Davidson. Safe virtual execution using software dynamic translation. In 18th Annual Computer Security Applications Conference, Las Vegas, Nevada, 2002.
18. R. Sekar, V. Venkatakrishnan, S. Basu, S. Bhatkar, and D. C. DuVarney. Model carrying code: a practical approach for safe execution of untrusted applications. In ACM Symposium on Operating System Principles, Bolton Landing, New York, October 2003.
19. U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In USENIX Security Symposium, Washington, D.C., August 2001.
20. F. Tip. A survey of program slicing techniques. Journal of programming languages, 3:121-189, 1995.
21. D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):167-187, 1996.
22. R. Wahbe, S. Lucco, T. Anderson, and S. Graham. Efficient software-based fault isolation. In proceedings of the Symposium of Operating System Principles, 1993.
23. W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In USENIX Security Symposium, 2006.
24. S. Zdancewic. Challenges for information-flow security. In 1st International Workshop on the Programming Language Interference and Dependence, 2004.
25. S. Zdancewic, L. Zheng, N. Nystrom, and A. C. Myers. Untrusted hosts and confidentiality: Secure program partitioning. In ACM Symposium on Operating System Principles, 2001.