Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Hints for computer system design
SOSP '83 Proceedings of the ninth ACM symposium on Operating systems principles
Practical Domain and Type Enforcement for UNIX
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Java Security: From HotJava to Netscape and Beyond
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
TRON: process-specific file protection for the UNIX operating system
TCON'95 Proceedings of the USENIX 1995 Technical Conference Proceedings
Safe use of X window system protocol across a firewall
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Composable ad-hoc mobile services for universal interaction
MobiCom '97 Proceedings of the 3rd annual ACM/IEEE international conference on Mobile computing and networking
A role-based access control model for protection domain derivation and management
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
History-based access control for mobile code
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
A security architecture for computational grids
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
UFO: a personal global file system based on user-level extensions to the operating system
ACM Transactions on Computer Systems (TOCS)
Javelin++: scalability issues in global computing
JAVA '99 Proceedings of the ACM 1999 conference on Java Grande
Protection wrappers: a simple and portable sandbox for untrusted applications
Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications
Improving the granularity of access control in Windows NT
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
History-based access control for mobile code
Secure Internet programming
The persistent relevance of the local operating system to global applications
EW 7 Proceedings of the 7th workshop on ACM SIGOPS European workshop: Systems support for worldwide applications
Remus: a security-enhanced operating system
ACM Transactions on Information and System Security (TISSEC)
Improving the granularity of access control for Windows 2000
ACM Transactions on Information and System Security (TISSEC)
Enabling trusted software integrity
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
The JavaSeal Mobile Agent Kernel
Autonomous Agents and Multi-Agent Systems
Intrusion Detection via System Call Traces
IEEE Software
A Flexible Security System for Using Internet Content
IEEE Software
Supporting Secure Ad-hoc User Collaboration in Grid Environments
GRID '02 Proceedings of the Third International Workshop on Grid Computing
SuperWeb: Towards a Global Web-Based Parallel Computing Infrastructure
IPPS '97 Proceedings of the 11th International Symposium on Parallel Processing
Fine-Grain Access Control for Securing Shared Resources in Computational Grids
IPDPS '02 Proceedings of the 16th International Parallel and Distributed Processing Symposium
Interfacing Trusted Applications with Intrusion Detection Systems
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Providing Secure Environments for Untrusted Network Applications
WET-ICE '97 Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
VECPAR '00 Selected Papers and Invited Talks from the 4th International Conference on Vector and Parallel Processing
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
A Flexible Containment Mechanism for Executing Untrusted Code
Proceedings of the 11th USENIX Security Symposium
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Supporting E-commerce in Wireless Networks
IMWS '01 Revised Papers from the NSF Workshop on Developing an Infrastructure for Mobile and Wireless Systems
Retargetable and reconfigurable software dynamic translation
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
Secure Composition of Insecure Components
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
SECURITY OF DOWNLOADABLE EXECUTABLE CONTENT
SNDSS '97 Proceedings of the 1997 Symposium on Network and Distributed System Security
Scale and performance in the Denali isolation kernel
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
Secure composition of untrusted code: box π, wrappers, and causality types
Journal of Computer Security - CSFW13
A Network Worm Vaccine Architecture
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Grid-computing portals and security issues
Journal of Parallel and Distributed Computing - Scalable web services and architecture
From Sandbox to Playground: Dynamic Virtual Environments in the Grid
GRID '04 Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing
LISA '98 Proceedings of the 12th USENIX conference on System administration
A Retrospective on Twelve Years of LISA Proceedings
LISA '99 Proceedings of the 13th USENIX conference on System administration
ACM Transactions on Computer Systems (TOCS)
A Self-Organizing Flock of Condors
Proceedings of the 2003 ACM/IEEE conference on Supercomputing
Timing the Application of Security Patches for Optimal Uptime
LISA '02 Proceedings of the 16th USENIX conference on System administration
Speculative Security Checks in Sandboxing Systems
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Scale and performance in the Denali isolation kernel
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
The taser intrusion recovery system
Proceedings of the twentieth ACM symposium on Operating systems principles
SVGrid: a secure virtual environment for untrusted grid applications
MGC '05 Proceedings of the 3rd international workshop on Middleware for grid computing
Identity Boxing: A New Technique for Consistent Global Identity
SC '05 Proceedings of the 2005 ACM/IEEE conference on Supercomputing
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
ASM: application security monitor
ACM SIGARCH Computer Architecture News - Special issue on the 2005 workshop on binary instrumentation and application
Denali: a scalable isolation kernel
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
A self-organizing flock of Condors
Journal of Parallel and Distributed Computing
System Call Monitoring Using Authenticated System Calls
IEEE Transactions on Dependable and Secure Computing
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
NetHost-sensor: Monitoring a target host's application via system calls
Information Security Tech. Report
Automatic high-performance reconstruction and recovery
Computer Networks: The International Journal of Computer and Telecommunications Networking
Extending ACID semantics to the file system
ACM Transactions on Storage (TOS)
Design and implementation of a secure wide-area object middleware
Computer Networks: The International Journal of Computer and Telecommunications Networking
Guarding security sensitive content using confined mobile agents
Proceedings of the 2007 ACM symposium on Applied computing
VXA: a virtual architecture for durable compressed archives
FAST'05 Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies - Volume 4
Make least privilege a right (not a privilege)
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Measurement and analysis of spywave in a university environment
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Explicit control a batch-aware distributed file system
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
MAPbox: using parameterized behavior classes to confine untrusted applications
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Secure coprocessor integration with kerberos V5
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Security analysis of the palm operating system and its weaknesses against malicious code threats
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Enforcing well-formed and partially-formed transactions for Unix
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Scriptroute: a public internet measurement facility
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
User-level resource-constrained sandboxing
WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
WindowBox: a simple security model for the connected desktop
WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
Operating system protection for fine-grained programs
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Expanding and extending the security features of java
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Security analysis of the palm operating system and its weaknesses against malicious code threats
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
On preventing intrusions by process behavior monitoring
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Learning program behavior profiles for intrusion detection
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
SLIC: an extensibility system for commodity operating systems
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Enhancements to the linux kernel for blocking buffer overflow based attack
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
Extending the operating system at the user level: the Ufo global file system
ATEC '97 Proceedings of the annual conference on USENIX Annual Technical Conference
BrowserShield: Vulnerability-driven filtering of dynamic HTML
ACM Transactions on the Web (TWEB)
Rapid file system development using ptrace
Proceedings of the 2007 workshop on Experimental computer science
Rapid file system development using ptrace
ecs'07 Experimental computer science on Experimental computer science
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Some thoughts on security after ten years of qmail 1.0
Proceedings of the 2007 ACM workshop on Computer security architecture
Protecting users from "themselves"
Proceedings of the 2007 ACM workshop on Computer security architecture
Improving multi-tier security using redundant authentication
Proceedings of the 2007 ACM workshop on Computer security architecture
GWiQ-P: an efficient decentralized grid-wide quota enforcement protocol
ACM SIGOPS Operating Systems Review
Switchblade: enforcing dynamic personalized system call models
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Control of system calls from outside of virtual machines
Proceedings of the 2008 ACM symposium on Applied computing
HERMES: A Software Architecture for Visibility and Control in Wireless Sensor Network Deployments
IPSN '08 Proceedings of the 7th international conference on Information processing in sensor networks
Vx32: lightweight user-level sandboxing on the x86
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Extensible Web Browser Security
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Scheduling for Reliable Execution in Autonomic Systems
ATC '08 Proceedings of the 5th international conference on Autonomic and Trusted Computing
Dynamic Binary Instrumentation-Based Framework for Malware Defense
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Expanding Malware Defense by Securing Software Installations
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Alcatraz: An Isolated Environment for Experimenting with Untrusted Software
ACM Transactions on Information and System Security (TISSEC)
SOMA: mutual approval for included content in web pages
Proceedings of the 15th ACM conference on Computer and communications security
Reusability of Functionality-Based Application Confinement Policy Abstractions
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
NetAuth: supporting user-based network services
SS'08 Proceedings of the 17th conference on Security symposium
BitVisor: a thin hypervisor for enforcing i/o device security
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Filtering False Positives Based on Server-Side Behaviors
IEICE - Transactions on Information and Systems
Towards a Security Model to Bridge Internet Desktop Grids and Service Grids
Euro-Par 2008 Workshops - Parallel Processing
Scheduling policy design for autonomic systems
International Journal of Autonomous and Adaptive Communications Systems
Robustly secure computer systems: a new security paradigm of system discontinuity
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Native Client: a sandbox for portable, untrusted x86 native code
Communications of the ACM - Amir Pnueli: Ahead of His Time
Application containers without virtual machines
Proceedings of the 1st ACM workshop on Virtual machine security
A Framework for Behavior-Based Malware Analysis in the Cloud
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
SoftwarePot: an encapsulated transferable file system for secure software circulation
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Flexible and efficient sandboxing based on fine-grained protection domains
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
A sandbox with a dynamic policy based on execution contexts of applications
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Efficient model checking of applications with input/output
EUROCAST'07 Proceedings of the 11th international conference on Computer aided systems theory
A multi-core security architecture based on EFI
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
A novel approach for untrusted code execution
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Operating system virtualization: practice and experience
Proceedings of the 3rd Annual Haifa Experimental Systems Conference
Automatic detection of unsafe component loadings
Proceedings of the 19th international symposium on Software testing and analysis
Adaptive spatiotemporal node selection in dynamic networks
Proceedings of the 19th international conference on Parallel architectures and compilation techniques
Leveraging legacy code to deploy desktop applications on the web
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
User interface models for the cloud
UIST '10 Adjunct proceedings of the 23nd annual ACM symposium on User interface software and technology
Robusta: taming the native beast of the JVM
Proceedings of the 17th ACM conference on Computer and communications security
Retaining sandbox containment despite bugs in privileged memory-safe code
Proceedings of the 17th ACM conference on Computer and communications security
Virtual environment security modeling
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
The use of artificial intelligence based techniques for intrusion detection: a review
Artificial Intelligence Review
Interceptor: middleware-level application segregation and scheduling for P2P systems
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
VEX: vetting browser extensions for security vulnerabilities
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Log-based architectures: using multicore to help software behave correctly
ACM SIGOPS Operating Systems Review
Fine-grained user-space security through virtualization
Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Nexus authorization logic (NAL): Design rationale and applications
ACM Transactions on Information and System Security (TISSEC)
Designing and Implementing the OP and OP2 Web Browsers
ACM Transactions on the Web (TWEB)
Some ideas on virtualized system security, and monitors
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs
Proceedings of the Fourth European Workshop on System Security
More than skin deep: measuring effects of the underlying model on access-control system usability
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
Combining Discretionary Policy with Mandatory Information Flow in Operating Systems
ACM Transactions on Information and System Security (TISSEC)
Combining control-flow integrity and static analysis for efficient and validated data sandboxing
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the 18th ACM conference on Computer and communications security
AdSentry: comprehensive and flexible confinement of JavaScript-based advertisements
Proceedings of the 27th Annual Computer Security Applications Conference
Extending .NET security to unmanaged code
ISC'06 Proceedings of the 9th international conference on Information Security
Towards job accounting in existing resource schedulers: weaknesses and improvements
HPCC'06 Proceedings of the Second international conference on High Performance Computing and Communications
Using static program analysis to aid intrusion detection
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
How to securely outsource cryptographic computations
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
A feather-weight application isolation model
INTRUST'09 Proceedings of the First international conference on Trusted Systems
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Using dynamic configuration to manage a scalable multimedia distribution system
Computer Communications
DIONE: a flexible disk monitoring and analysis framework
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
International Journal of Information Security and Privacy
Iago attacks: why the system call API is a bad untrusted RPC interface
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Process firewalls: protecting processes during resource access
Proceedings of the 8th ACM European Conference on Computer Systems
Preventing accidental data disclosure in modern operating systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Content-based isolation: rethinking isolation policy design on client systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
A versatile code execution isolation framework with security first
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
A portable user-level approach for system-wide integrity protection
Proceedings of the 29th Annual Computer Security Applications Conference
Securing legacy firefox extensions with SENTINEL
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Bringing java's wild native world under control
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
Many popular programs, such as Netscape, use untrusted helper applications to process data from the network. Unfortunately, the unauthenticated network data they interpret could well have been created by an adversary, and the helper applications are usually too complex to be bug-free. This raises significant security concerns. Therefore, it is desirable to create a secure environment to contain untrusted helper applications. We propose to reduce the risk of a security breach by restricting the program's access to the operating system. In particular, we intercept and filter dangerous system calls via the Solaris process tracing facility. This enabled us to build a simple, clean, user-mode implementation of a secure environment for untrusted helper applications. Our implementation has negligible performance impact, and can protect pre-existing applications.