Speculative Security Checks in Sandboxing Systems
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
A feather-weight virtual machine for windows applications
Proceedings of the 2nd international conference on Virtual execution environments
Secure isolation of untrusted legacy applications
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Expanding Malware Defense by Securing Software Installations
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Alcatraz: An Isolated Environment for Experimenting with Untrusted Software
ACM Transactions on Information and System Security (TISSEC)
Prism: providing flexible and fast filesystem cloning service for virtual servers
Proceedings of the 9th ACM/IFIP/USENIX International Conference on Middleware
xShare: supporting impromptu sharing of mobile phones
Proceedings of the 7th international conference on Mobile systems, applications, and services
How Good Are Malware Detectors at Remediating Infected Systems?
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Application containers without virtual machines
Proceedings of the 1st ACM workshop on Virtual machine security
A secure virtual execution environment for untrusted code
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
A novel approach for untrusted code execution
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Apiary: easy-to-use desktop application fault containment on commodity operating systems
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Virtual environment security modeling
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
AdJail: practical enforcement of confidentiality and integrity policies on web advertisements
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Automatic generation of remediation procedures for malware infections
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
AdSentry: comprehensive and flexible confinement of JavaScript-based advertisements
Proceedings of the 27th Annual Computer Security Applications Conference
Towards remote policy enforcement for runtime protection of mobile code using trusted computing
IWSEC'06 Proceedings of the 1st international conference on Security
Hi-index | 0.00 |
In this paper, we present a new approach for safe execution of untrusted programs by isolating their effects fromthe rest of the system. Isolation is achieved by interceptingfile operations made by untrusted processes, and redirecting any change operations to a "modification cachel" thatis invisible to other processes in the system. File read operations performed by the untrusted process are also correspondingly modified, so that the process has a consistentview of system state that incorporates the contents of the filesystem as well as the modification cache. On termination ofthe untrusted process, its user is presented with a concisesummary of the files modified by the process. Additionally,the user can inspect these files using various software utilities (e.g., helper applications to view multimedia files) todetermine if the modifications are acceptable. The user thenhas the option to commit these modifications, or simply discard them. Essentially, our approach provides "play" and"rewind" buttons for running untrusted software. Key benefits of our approach are that it requires no changes to theuntrusted programs (to be isolated) or the underlying operating system; it cannot be subverted by malicious programs;and it achieves these benefits with acceptable runtime overheads. We describe a prototype implementation of this system for Linux called Alcatraz and discuss its performanceand effectiveness.