Secure isolation of untrusted legacy applications

Proceedings of the 21st Large Installation System Administration Conference, LISA 2007

Volumn , Issue , 2007, Pages 117-130

  Potter, Shaya ^a   Nieh, Jason ^a   Selsky, Matt ^a  

^a Och Spine at New York Presbyterian Hospitals   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATION COMPONENTS; INTRUSION PREVENTION; LEGACY APPLICATIONS; PROGRAM EXECUTION; SERVER APPLICATIONS; SOFTWARE UPDATES; VIRTUALIZATION LAYERS; VIRTUALIZED ENVIRONMENT;

VIRTUALIZATION;

EID: 85094316228     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (33)

1. Acharya, A. and M. Raje, "MAPbox: Using Parameterized Behavior Classes to Confine Applications," Proceedings of the 9th USENIX Security Symposium, Aug., 2000
2. Archer, M., E. Leonard, and M. Pradella, "Towards a Methodology and Tool for the Analysis of Security-Enhanced Linux," Technical Report NRL/MR/5540-02-8629, NRL, 2002
3. Baratloo, A., N. Singh, and T. Tsai, "Transparent Run-Time Defense Against Stack Smashing Attacks," Proceedings of the 2000 USENIX Annual Technical Conference, June 2000
4. Barham, P., B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauery, I. Pratt, and A. Warfield, "Xen and the Art of Virtualization," Proceedings of the 19th ACM Symposium on Operating Systems Principles, Bolton Landing, NY, Oct., 2003
5. Berman, A., V. Bourassa, and E. Selberg, "TRON: Process-specific File Protection for the UNIX Operating System," Proceedings of the 1995 USENIX Winter Technical Conference, Jan., 1995
6. CNN Technology, "Expert: Botnets No. 1 Emerging Internet Threat," Jan, 2006, http://edition.cnn. com/2006/TECH/internet/01/31/furst/index.html
7. Cowan, C., S. Beattie, G. Kroah-Hartman, C. Pu, P. Wagle, and V. Gligor, "SubDomain: Parsimonious Server Security," Proceedings of the 14th USENIX Systems Administration Conference, New Orleans, LA, Dec., 2000
8. Cowan, C., C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," Proceedings of the 7th USENIX Security Conference, San Antonio, Texas, Jan., 1998
9. FreeBSD Project, Developer ?s Handbook, http:// www.freebsd.org/doc/en-US.ISO8859-1/books/ developers-handbook/secure-chroot.html
10. Garfinkel, T., "Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools," Proceedings of the 2003 Network and Distributed Systems Security Symposium, Feb., 2003
11. Garfinkel, T., B. Pfaff, and M. Rosenblum, "Ostia: A Delegating architecture for Secure System Call Interposition," Proceedings of the 2004 Network and Distributed Systems Security Symposium, Feb., 2004
12. GOBBLES Security, Local/Remote mpg123 Exploit, http://www.opennet.ru/base/exploits/10425 65884-668.txt.html
13. GreyMagic Security Research, Reading Local Files in Netscape 6 and Mozilla, http://sec. greymagic.com/adv/gm001-ns/
14. Kamp P.-H., and R. N. M. Watson, "Jails: Confining the Omnipotent Root," Proceedings of the 2nd International SANE Conference, MECC, Maastricht, The Netherlands, May, 2000
15. Ko, C., T. Fraser, L. Badger, and D. Kilpatrick, " D e t e c t i n g and Countering System Intrusions Using Software Wrappers," Proceedings of the 9th Usenix Security Symposium, Aug., 2000
16. LaMacchia, B., Personal Communication, Jan, 2004
17. Liang, Z., V. Venkatakrishnan, and R. Sekar, " I s o l a t e d Program Execution: An Application Transparent Approach for Executing Untrusted Programs," Procedings of the 19th Annual Computer Security Applications Conference, Dec., 2003
18. Linux VServer Project, http://www.linux-vserver. org/
19. Loscocco, P. and S. Smalley, "Integrating Flexible Support for Security Policies into the Linux Operating System," Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, June, 2001
20. Osman, S., D. Subhraveti, G. Su, and J. Nieh, "The Design and Implementation of Zap: A System for Migrating Computing Environments," Proceedings of the 5th Symposium on Operating Systems Design and Implementation, Boston, MA, Dec., 2002
21. Poskanzer, J., http://www.acme.com/software/ http-load/
22. Potter, S. and J. Nieh, "Reducing Downtime Due to System Maintenance and Upgrades," Proceedings of the 19th Large Installation System Administration Conference, San Diego, CA, Dec., 2005
23. Price, D. and A. Tucker, "Solaris Zones: Operating System Support for Consolidating Commercial Workloads," Proceedings of the 18th Large Installation System Administration Conference, Nov., 2004
24. Provos, N., "Improving Host Security with System Call Policies," Proceedings of the 12th USENIX Security Symposium, Washington, DC, Aug., 2003
25. Rescorla, E., "Security Holes.. Who Cares?" Proceedings of the 12th USENIX Security Conference, Washington, D.C., Aug., 2003
26. Saltzer, J. H., and M. D. Schroeder, "The Protection of Information in Computer Systems," Proceedings of the 4th ACM Symposium on Operating System Principles, Oct., 1973
27. SoX ? Sound eXchange, http://sox.sourceforge.net/
28. Spencer, R., S. Smalley, P. Loscocco, M. Hibler, D. Andersen, and J. Lepreau, "The Flask Security Architecture: System Support for Diverse Security Policies," Proceedings of the 8th USENIX Security Symposium, Aug., 1999
29. VMware, Inc., http://www.vmware.com
30. Wagner, D., Janus: An Approach for Confinement of Intrusted Applications, Master?s thesis, University of California, Berkeley, 1999
31. Watson, R. N. M., "Exploiting Concurrency Vulnerabilities in System Call Wrappers," Proceedings of the First USENIX Workshop on Offensive Technologies, Boston, MA, Aug., 2007
32. Whitaker, A., M. Shaw, and S. D. Gribble, "Scale and Performance in the Denali Isolation Kernel," Proceedings of the 5th Symposium on Operating Systems Design and Implementation, Boston, MA, Dec., 2002
33. Zadok, E. and J. Nieh, "FiST: A Language for Stackable File Systems," Proceedings of the 2000 Annual USENIX Technical Conference, June, 2000