Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
History-based access control for mobile code
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
New security architectural directions for Java
COMPCON '97 Proceedings of the 42nd IEEE International Computer Conference
Enforceable Security Policies
Behavior-based Confinement of Untrusted Applications
Behavior-based Confinement of Untrusted Applications
Implementing Execution Controls in Unix
LISA '93 Proceedings of the 7th USENIX conference on System administration
Expanding and extending the security features of java
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Confining root programs with domain and type enforcement (DTE)
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Building systems that flexibly control downloaded executable context
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Extending the operating system at the user level: the Ufo global file system
ATEC '97 Proceedings of the annual conference on USENIX Annual Technical Conference
SBOX: put CGI scripts in a box
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
Improving the granularity of access control for Windows 2000
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
A Flexible Containment Mechanism for Executing Untrusted Code
Proceedings of the 11th USENIX Security Symposium
Deanonymizing Users of the SafeWeb Anonymizing Service
Proceedings of the 11th USENIX Security Symposium
Design and Implementation of Virtual Private Services
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Speculative Security Checks in Sandboxing Systems
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Sub-operating systems: a new approach to application security
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Managing Trustworthiness in Component-based Embedded Systems
Electronic Notes in Theoretical Computer Science (ENTCS)
Some thoughts on security after ten years of qmail 1.0
Proceedings of the 2007 ACM workshop on Computer security architecture
Improving multi-tier security using redundant authentication
Proceedings of the 2007 ACM workshop on Computer security architecture
Secure isolation of untrusted legacy applications
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Expanding Malware Defense by Securing Software Installations
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Alcatraz: An Isolated Environment for Experimenting with Untrusted Software
ACM Transactions on Information and System Security (TISSEC)
Reusability of Functionality-Based Application Confinement Policy Abstractions
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
NetAuth: supporting user-based network services
SS'08 Proceedings of the 17th conference on Security symposium
Filtering False Positives Based on Server-Side Behaviors
IEICE - Transactions on Information and Systems
SoftwarePot: an encapsulated transferable file system for secure software circulation
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Flexible and efficient sandboxing based on fine-grained protection domains
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
On run-time enforcement of policies
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
A sandbox with a dynamic policy based on execution contexts of applications
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
A novel approach for untrusted code execution
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Operating system virtualization: practice and experience
Proceedings of the 3rd Annual Haifa Experimental Systems Conference
xBook: redesigning privacy control in social networking platforms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Apiary: easy-to-use desktop application fault containment on commodity operating systems
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Retaining sandbox containment despite bugs in privileged memory-safe code
Proceedings of the 17th ACM conference on Computer and communications security
Fine-grained user-space security through virtualization
Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs
Proceedings of the Fourth European Workshop on System Security
A mechanism for secure, fine-grained dynamic provisioning of applications on small devices
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
InkTag: secure applications on an untrusted operating system
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
A portable user-level approach for system-wide integrity protection
Proceedings of the 29th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Designing a suitable confinement mechanism to confine untrusted applications is challenging as such a mechanism needs to satisfy conflicting requirements. The main trade-off is between ease of use and flexibility. In this paper, we present the design, implementation and evaluation of MAPbox, a confinement mechanism that retains the ease of use of application-class-specific sandboxes such as the Java applet sandbox and the Janus document viewer sandbox while providing significantly more flexibility. The key idea is to group application behaviors into classes based on their expected functionality and the resources required to achieve that functionality. Classification of application behavior provides a set of labels (e.g., compiler, reader, netclient) that can be used to concisely communicate the expected functionality of programs between the provider and the users. This is similar to MIME-types which are widely used to concisely describe the expected format of data files. An end-user lists the set of application behaviors she is willing to allow in a file. With each label, she associates a sandbox that limits access to the set of resources needed to achieve the corresponding behavior. When an untrusted application is to be run, this file is consulted. If the label (or the MAP-type) associated with the application is not found in this file, it is not allowed to run. Else, the MAP-type is used to automatically locate and instantiate the appropriate sandbox. We believe that this may be an acceptable level of user interaction since a similar technique (i.e., MIME-types) has been fairly successful for handling documents with different formats. In this paper, we present a set of application behavior classes that we have identified based on a study of a diverse suite of applications that includes CGI scripts, programs downloaded from well-known web repositories and applications from the Solaris 5.6 distribution. We describe the implementation and usage of MAPbox. We evaluate MAPbox from two different perspectives: its effectiveness (how well it is able to confine a suite of untrusted applications) and effciency (what is the overhead introduced). Finally, we describe our experience with MAPbox and discuss potential limitations of this approach.