Fine-Grain Access Control for Securing Shared Resources in Computational Grids
IPDPS '02 Proceedings of the 16th International Parallel and Distributed Processing Symposium
BlueBoX: A policy-driven, host-based intrusion detection system
ACM Transactions on Information and System Security (TISSEC)
Grid-computing portals and security issues
Journal of Parallel and Distributed Computing - Scalable web services and architecture
Gray-box extraction of execution graphs for anomaly detection
Proceedings of the 11th ACM conference on Computer and communications security
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Reusability of Functionality-Based Application Confinement Policy Abstractions
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Privacy analysis and enhancements for data sharing in *nix systems
International Journal of Information and Computer Security
Hardware-enforced fine-grained isolation of untrusted code
Proceedings of the first ACM workshop on Secure execution of untrusted code
On run-time enforcement of policies
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Message filters for hardening the Linux kernel
Software—Practice & Experience
ACM Transactions on Information and System Security (TISSEC)
Towards job accounting in existing resource schedulers: weaknesses and improvements
HPCC'06 Proceedings of the Second international conference on High Performance Computing and Communications
How to securely outsource cryptographic computations
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
A taint marking approach to confidentiality violation detection
AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
FireDroid: hardening security in almost-stock Android
Proceedings of the 29th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Security is a serious concern on today''s computer networks. Many applications are not very good at resisting attack, and our operating systems are not very good at preventing the spread of any intrusions that may result. In this thesis, we propose to manage the risk of a security breach by confining these untrusted (and untrustworthy) applications in a carefully sanitized space. We design a secure environment for confinement of untrusted applications by restricting the program''s access to the operating system. In our prototype implementation, we intercept and filter dangerous system calls via the Solaris process tracing facility. This enables us to build a simple, clean, user-mode mechanism for confining untrusted applications. Our implementation has negligible performance impact, and can protect pre-existing legacy code.