A sandbox with a dynamic policy based on execution contexts of applications

Authors:
Tomohiro Shioya;Yoshihiro Oyama;Hideya Iwasaki
Affiliations:
The University of Electro-Communications;The University of Electro-Communications;The University of Electro-Communications
Venue:
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Year:
2007

Citing 11
Cited 0

Extensible security architectures for Java

Proceedings of the sixteenth ACM symposium on Operating systems principles
Mimicry attacks on host-based intrusion detection systems

Proceedings of the 9th ACM conference on Computer and communications security
A Flexible Containment Mechanism for Executing Untrusted Code

Proceedings of the 11th USENIX Security Symposium
Anomaly Detection Using Call Stack Information

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Self-Nonself Discrimination in a Computer

SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
SubDomain: Parsimonious Server Security

LISA '00 Proceedings of the 14th USENIX conference on System administration
MAPbox: using parameterized behavior classes to confine untrusted applications

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Improving host security with system call policies

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Automating mimicry attacks using static binary analysis

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
A secure environment for untrusted helper applications confining the Wily Hacker

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a sandbox system that dynamically changes its behavior according to the application's execution context. Our system allows users to give different policies, each of which specifies permitted system calls, depending on the user functions in which the target application is executing. The target application can be given less privilege than would be possible with other single-policy sandbox systems. We implemented the sandbox by using LKM (Loadable Kernel Module) of Linux that intercepts the system call issued by the application process. We experimentally demonstrated the effectiveness of the sandbox.