TxBox: Building secure, efficient sandboxes with system transactions

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2011, Pages 329-344

  Jana, Suman ^a   Porter, Donald E ^b   Shmatikov, Vitaly ^a  

^a UNIVERSITY OF TEXAS AT AUSTIN   (United States)

^b STONY BROOK UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANTI-VIRUS SCANNING; AUTOMATIC RECOVERY; MULTIPLE SYSTEMS; PERFORMANCE GAIN; SANDBOXING; SECURITY CHECKS; SECURITY POLICY; SYSTEM CALLS;

COMPUTER VIRUSES;

EID: 80051954621     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2011.33     Document Type: Conference Paper

References (63)

1. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity. In CCS, 2005.
2. A. Acharya and M. Raje. MAPbox: Using parameterized behavior classes to confine applications. In USENIX Security, 2000.
3. A. Berman, V. Bourassa, and E. Selberg. TRON: Process-specific file protection for the UNIX operating system. In USENIX Winter, 1995.
4. M. Bernaschi, E. Gabrielli, and L. Mancini. REMUS: A security-enhanced operating system. TISSEC, 5(1), 2002.
5. S. Bhatkar, A. Chaturvedi, and R. Sekar. Dataflow anomaly detection. In S&P, 2006.
6. A. Birgisson, M. Dhawan, U. Erlingsson, V. Ganapathy, and L. Iftode. Enforcing authorization policies using transactional memory introspection. In CCS, 2008.
7. M. Christodorescu, S. Jha, and C. Kruegel. Mining specifications of malicious behavior. In ESEC-FSE, 2007.
8. J. Chung, M. Dalton, H. Kannan, and C. Kozyrakis. Thread-safe dynamic binary translation using transactional memory. In HPCA, 2008.
9. Clam AntiVirus. http://www.clamav.net/lang/en/.
10. D. Clark and D. Wilson. A comparison of commercial and military computer security policies. In S&P, 1987.
11. C. Cowan, S. Beattie, G. Kroah-Hartman, C. Pu, P. Wagle, and V. Gligor. SubDomain: Parsimonious server security. In LISA, 2000.
12. Dazuko. Dateizugriffskontrolle (file access control). http://www.dazuko.org.
13. J. Douceur, J. Elson, J. Howell, and J. Lorch. Leveraging legacy code to deploy desktop applications on the web. In OSDI, 2008.
14. G. Dunlap, S. King, S. Cinar, M. Basrai, and P. Chen. ReVirt: Enabling intrusion analysis through virtual-machine logging and replay. In OSDI, 2002.
15. P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and event processes in the Asbestos operating system. In SOSP, 2005.
16. U. Erlingsson and F. Schneider. SASI enforcement of security policies: A retrospective. In NSPW, 1999.
17. H. Feng, O. Kolesnikov, P. Fogla, W. Lee, and W. Gong. Anomaly detection using call stack information. In S&P, 2003.
18. B. Ford and R. Cox. Vx32: Lightweight userlevel sandboxing on the x86. In USENIX ATC, 2008.
19. T. Fraser, L. Badger, and M. Feldman. Hardening COTS software with generic software wrappers. In S&P, 1999.
20. D. Gao, M. Reiter, and D. Song. Gray-box extraction of execution graphs for anomaly detection. In CCS, 2004.
21. T. Garfinkel. Traps and pitfalls: Practical problems in system call interposition based security tools. In NDSS, 2003.
22. T. Garfinkel, K. Adams, A. Warfield, and J. Franklin. Compatibility is not transparency: VMM detection myths and realities. In HotOS, 2007.
23. T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A virtual machine-based platform for trusted computing. In SOSP, 2003.
24. T. Garfinkel, B. Pfaff, and M. Rosenblum. Ostia: A delegating architecture for secure system call interposition. In NDSS, 2004.
25. T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In NDSS, 2003.
26. J. Giffin, S. Jha, and B. Miller. Efficient context-sensitive intrusion detection. In NDSS, 2004.
27. I. Goldberg, D. Wagner, R. Thomas, and E. Brewer. A secure environment for untrusted helper applications: Confining the wily hacker. In USENIX Security, 1996.
28. Google. V8 benchmark suite. http://v8.googlecode.com/svn/data/benchmarks/ v2/.
29. T. Harris and S. Peyton-Jones. Transactional memory with data invariants. In TRANSACT, 2006.
30. M. Hill, D. Hower, K. Moore, M. Swift, H. Volos, and D. Wood. A case for deconstructing hardware transactional memory. Technical Report CS-TR-2007-1594, Dept. of Computer Sciences, University of Wisconsin-Madison, 2007.
31. S. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. J. Comput. Secur., 6(3), 1998.
32. K. Jain and R. Sekar. User-level infrastructure for system call interposition: A platform for intrusion detection and confinement. In NDSS, 2000.
33. C. Kolbitsch, P. Milani, C. Kruegel, E. Kirda, X. Zhou, and X. Wang. Effective and efficient malware detection at the end host. In USENIX Security, 2009.
34. M. Krohn, A. Yip, M. Brodsky, N. Cliffer, F. Kaashoek, E. Kohler, and R. Morris. Information flow control for standard OS abstractions. In SOSP, 2007.
35. B. Lampson. A note on the confinement problem. CACM, 16(10), 1973.
36. A. Lanzi, D. Balzarotti, C. Kruegel, M. Christodorescu, and E. Kirda. AccessMiner: Using system-centric models for malware protection. In CCS, 2010.
37. J. Larus and R. Rajwar. Transactional Memory. Morgan & Claypool, 2006.
38. M. Locasto, A. Stavrou, G. Cretu, and A. Keromytis. From STEM to SEAD: Speculative execution for automated defense. In USENIX ATC, 2007.
39. Mozilla Firefox JavaScript engine vulnerability. http://cve.mitre.org/ cgi-bin/cvename.cgi?name=CVE-2009-3982.
40. E. Nightingale, D. Peek, P. Chen, and J. Flinn. Parallelizing security checks on commodity hardware. In ASPLOS, 2008.
41. Novell. AppArmor application security for Linux. http://www.novell.com/ linux/security/apparmor/.
42. NSA. Security-enhanced Linux. http://www.nsa.gov/research/selinux/.
43. N. Petroni, T. Fraser, J. Molina, and W. Arbaugh. Copilot - a coprocessor-based kernel runtime integrity monitor. In USENIX Security, 2004.
44. N. Petroni and M. Hicks. Automated detection of persistent kernel control-flow attacks. In CCS, 2007.
45. Hard link vulnerability. http://plash.beasts.org/wiki/PlashIssues/ HardLinkVulnerability?highlight=%28PlashIssues/%29|%28CategoryPostponed%29.
46. open() with O.CLOEXEC returns an error. http://plash.beasts.org/wiki/ PlashIssues/CloexecOpenFails?highlight=%28PlashIssues/ %29|%28CategoryPostponed%29.
47. D. Porter. Operating system transactions. PhD thesis, The University of Texas at Austin, 2010.
48. D. Porter, O. Hofmann, C. Rossbach, A. Benn, and E. Witchel. Operating system transactions. In SOSP, 2009.
49. N. Provos. Improving host security with system call policies. In USENIX Security, 2003.
50. R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In USENIX Security, 2004.
51. M. Seaborn. Plash. http://plash.beasts.org/wiki/.
52. R. Sekar, M. Bendre, D. Dhurjati, and P. Bollineni. A fast automaton-based method for detecting anomalous program behaviors. In S&P, 2001.
53. M. Seltzer, Y. Endo, C. Small, and K. Smith. Dealing with disaster: Surviving misbehaved kernel extensions. In OSDI, 1996.
54. S. Sidiroglou and A. Keromytis. Execution transactions for defending against software failures: use and evaluation. Int. J. Inf. Secur, 5(2), 2006.
55. W. Sun, Z. Liang, R. Sekar, and V. Venkatakrishnan. One-way isolation: An effective approach for realizing safe execution environments. In NDSS, 2005.
56. D. Wagner and D. Dean. Intrusion detection via static analysis. In S&P, 2001.
57. Z. Wang, X. Jiang, W Cui, and P. Ning. Countering kernel rootkits with lightweight hook protection. In CCS, 2009.
58. R. Watson. Exploiting concurrency vulnerabilities in system call wrappers. In WOOT, 2007.
59. R. Watson, J. Anderson, K. Kennaway, and B. Laurie. Capsicum: Practical capabilities for UNIX. In USENIX Security, 2010.
60. A. Wespi, M. Dacier, and H. Debar. Intrusion detection using variable-length audit trail patterns. In RAID, 2000.
61. Microsoft Windows JavaScript engine arbitrary code execution vulnerability. http://tools.cisco.com/security/center/viewAlert.x?alertId=18969.
62. B. Yee, D. Sehr, G. Dardyk, B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native Client: A sandbox for portable, untrusted x86 native code. In S&P, 2009.
63. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In OSDI, 2006.