RECURSIVE SANDBOXES: EXTENDING SYSTRACE TO EMPOWER APPLICATIONS

作者: Aleksey Kurchuk , Angelos D. Keromytis

DOI: 10.1007/1-4020-8143-X_31

关键词:

摘要: The systrace system-call interposition mechanism has become a popular method for containing untrusted code through program-specific policies enforced by user-level daemons. We describe our extensions to that allow sand-boxed processes further limit their children issuing dynamically constructed policies. discuss the daemon and OpenBSD kernel, as well simple API constructing present two separate implementations of scheme, compare perfor mance with base system. show how can be used such asftpd, sendmail, sshd.

参考文章(22)
Edward W. Felten, Gary McGraw, Java security: hostile applets, holes&antidotes John Wiley & Sons, Inc.. ,(1997)
M. Raje, A. Acharya, MAPbox: Using Parameterized Behavior Classes to Confine Applications University of California at Santa Barbara. ,(1999)
Virgil Bourassa, Andrew Berman, Erik Selberg, TRON: process-specific file protection for the UNIX operating system usenix annual technical conference. pp. 14- 14 ,(1995)
Niels Provos, Improving host security with system call policies usenix security symposium. pp. 18- 18 ,(2003)
Daniel F. Sterne, David L. Sherman, Kenneth M. Walker, M. Lee Badger, Michael J. Petkac, Karen A. Oostendorp, Confining root programs with domain and type enforcement (DTE) usenix security symposium. pp. 3- 3 ,(1996)
J. Tardo, L. Valente, Mobile agent security and Telescript COMPCON '96. Technologies for the Information Superhighway Digest of Papers. pp. 58- 63 ,(1996) , 10.1109/CMPCON.1996.501749
Helen Custer, David A. Solomon, Inside Windows NT ,(1992)
R.M. Balzer, N.M. Goldman, Mediating connectors: a non-bypassable process wrapping technology darpa information survivability conference and exposition. ,vol. 2, pp. 361- 368 ,(2000) , 10.1109/DISCEX.2000.821533
A. Keromytis, M. Blaze, J. Feigenbaum, J. Ioannidis, The KeyNote Trust-Management System Version 2 RFC. ,vol. 2704, pp. 1- 37 ,(1999)