A secure jailing system for confining untrusted applications

SECRYPT 2007 - International Conference on Security and Cryptography, Proceedings

Volumn , Issue , 2007, Pages 414-423

  Noordende, Guido Van't ^a   Balogh, Ádám ^b   Hofman, Rutger ^a   Brazier, Frances M T ^a   Tanenbaum, Andrew S ^a  

^a VU UNIVERSITY AMSTERDAM   (Netherlands)

^b EÖTVÖS LORÁND UNIVERSITY   (Hungary)

Author keywords

Application confinement; Jailing; System call interception

Indexed keywords

APPLICATION CONFINEMENT; EXISTING SYSTEMS; JAILING; LINUX KERNEL; RACE CONDITION; SANDBOXING; SYSTEM CALL INTERCEPTION; SYSTEM CALLS; UNIX SYSTEMS;

CRYPTOGRAPHY;

UNIX;

EID: 50649095121     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (18)

1. Alexandrov, A., Kmiec, P., and Schauser, K. (1999). Consh: Confined execution environment for internet computations. http://www.cs.ucsb.edu/ ̃berto/papers/99- usenix-consh.ps.
2. Back, G. and Hsieh, W. (1999). Drawing the red line in java. Workshop on Hot Topics in Operating Systems (HotOS VII). pp. 116-121.
3. Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Pratt, I., Warfield, A., Barham, P., and Neugebauer., R. (2003). Xen and the art of virtualization. Proc. ACM Symposium on Operating Systems Principles (SOSP).
4. Efstathopoulos, P., Krohn, M., VanDeBogart, S., Frey, C., Ziegler, D., Kohier, E., Mazières, D., Kaashoek, F., and Morris, R. (2005). Labels and event processes in the asbestos operating system. Proc. 20th Symposium on Operating Systems Principles (SOSP), Brighton, United Kingdom.
5. Engler, D., Kaashoek, M., and O'Toole Jr., J. (1995). Exokernel: an operating system architecture for application-specific resource management. Proc. FI teenth ACM Symposium on Operating Systems Principles (SOSP). pp. 251-266.
6. Garfinkel, T. (2003). Traps and pitfalls: Practical problems in system call interception based security tools. Proc. Symposium on Network and Distributed System Security (NDSS). pp. 163-176.
7. Garfinkel, T., Pfaff, B., and Rosenblum, M. (2004). Ostia: A delegating architecture for secure system call interposition. Proc. ISOC Network and Distributed System Security Symposium (NDSS).
8. Ghormley, D., Rodrigues, S., Petrou, D., and Anderson., T. (1998). Slic: An extensibility system for commodity operating systems. USENIX 1998 Annual Technical Conference.
9. Goldberg, I., Wagner, IX, Thomas, R., and Brewer, E. (1996). A secure environment for untrusted helper applications - confining the wily hacker. Proc. 6th Usenix Security Symposium. San Jose, CA, USA.
10. Jam, K. and Sekar, R. (2000). User-level infrastructure for system call interposition: A platform for intrusion detection and confinement. ISOC Network and Distributed System Security Symposium (NDSS). pp. 19-34.
11. Kamp, P. and Watson, R. (2000). Jails: Confining the omnipotent root. Proc. 2nd Intl. SANE Conference.
12. Liang, Z., Venkatakrishnan, V., and Sekar, R. (2003). Isolated program execution: An application transparent approach for executing untrusted programs. 19th Annual Computer Security Applications Conference (ACSAC), Las Vegas, Nevada.
13. Mazières, D. and Kaashoek, M. (1997). Secure applications need flexible operating systems. Workshop on Hot Topics in Operating Systems (HotOS).
14. Ousterhout, J., Levy, J., and Welch., B. (1997). The safetcl security model. Sun Microsystems Laboratories Technical Report TR-97-60.
15. Peterson, D., Bishop, M., and Pandey, R. (2002). A flexible containment mechanism for executing untrusted code. Usenix Security Symposium.
16. Provos, N. (2003). Improving host security with system call policies. Proc. 12th USENIX Security Symposium. pp. 257-272.
17. van 't Noordende, G., Balogh, A., Hofman, R., Brazier, F, and Tanenbaum, A. (2006). A secure and portable jailing system. Technical report IR-CS-025, Vrije Universiteit.
18. Wallach, D., Balfanz, D., Dean, D., and Felten, E. (1997). Extensible security architectures for java. 16th ACM Symposium on Operating Systems Principles. pp. 116-128.