A flexible containment mechanism for executing untrusted code

Proceedings of the 11th USENIX Security Symposium

Volumn , Issue , 2002, Pages

  Peterson, David S ^a   Bishop, Matt ^a   Pandey, Raju ^a  

^a University of California   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

DESIGN ALTERNATIVES; GENERAL PURPOSE FRAMEWORK; INDIVIDUAL STRENGTH; PROTECTION DOMAINS; SANDBOXING; SANDBOXING TECHNIQUES; SECURITY POLICY; UNTRUSTED CODE;

NETWORK SECURITY;

EID: 85084160542     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (17)

1. Dennis, J., and VanHorn, E. Programming semantics for multiprogrammed computations. Communications of the ACM, 9:143–155, Mar. 1966.
2. Walker, K., Sterne, D., Badger, L., Petkac, M., Shermann, D., and Oostendorp, K. Confining root programs with domain and type enforcement (DTE). In Proceedings of the Sixth USENIX Security Symposium, Jul. 1996.
3. Security-enhanced linux . http://www.nsa.gov/selinux/.
4. Saltzer, J., and Schroeder, M. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, Sep. 1975.
5. Chang, F., Itzkovitz, A., and Karamcheti, V. User-level resource-constrained sandboxing. In Proceedings of the 4th USENIX Windows Systems Symposium, Aug. 2000.
6. Lal, M., and Pandey, R. A scheduling scheme for controlling allocation of cpu resources for mobile programs. Autonomous Agents and Multi-Agent Systems, 5(1):7–43, Mar. 2002.
7. Gong, L., Mueller, M., Prafullchandra, H., and Schemers, R. Going beyond the sandbox: An overview of the new security architecture in the java development kit 1.2. In Proceedings of the USENIX Symposium on Internet Technologies and Systems, Dec. 1997.
8. Necula, G., and Lee, P. Safe kernel extensions without run-time checking. In Proceedings of the USENIX 2nd Symposium on Operating Systems Design and Implementation, Oct. 1996.
9. Small, C. A tool for constructing safe extensible C++ systems. In Proceedings of the Third USENIX Conference on Object-Oriented Technologies and Systems, Jun. 1997.
10. Goldberg, I., Wagner, D., Thomas, R., and Brewer, E. A secure environment for untrusted helper applications (confining the wily hacker). In Proceedings of the Sixth USENIX Security Symposium, Jul. 1996.
11. Acharya, A., and Raje, M. MAPbox: Using parameterized behavior classes to confine applications. In Proceedings of the 9th USENIX Security Symposium, Aug. 2000.
12. Alexandrov, A., Kmiec, P., and Schauser, K. Consh: Confined execution environment for internet computations. http://www.cs.ucsb.edu/~berto/papers/99-usenixconsh.ps.
13. Balfanz, D., and Simon, D. WindowBox: A simple security model for the connected desktop. In Proceedings of the 4th USENIX Windows Systems Symposium, Aug. 2000.
14. Fraser, T., Badger, L., and Feldman, M. Hardening COTS software with generic software wrappers. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, May 1999.
15. Mitchem, T., Lu, R., and O’Brien, R. Using kernel hypervisors to secure applications. In Proceedings, 13th Annual Computer Security Applications Conference, Dec. 1997.
16. Dan, A., Mohindra, A., Ramaswami, R., and Sitaram, D. Chakravyuha (CV): A sandbox operating system environment for controlled execution of alien code. Technical Report 20742, IBM T.J. Watson Research Center, 1997.
17. Berman, A., Bourassa, V., and Selberg, E. TRON: Process-specific file protection for the UNIX operating system. In Proceedings of the 1995 Winter USENIX Conference, Jan. 1995.