论文信息 - Sandboxing Applications

Sandboxing Applications

Users frequently have to choose between functionality and security. When running popular Web browsers or email clients, they frequently find themselves turning off features such as JavaScript, only to switch them back on in order to view a certain site or read a particular message. Users of Unix (or similar) systems can construct a sandbox where such programs execute in a restricted environment. Creating such a sandbox is not trivial; one has to determine what files or services to place within the sandbox to facilitate the execution of the application. In this paper we describe a portable system that tracks the file requests made by applications creating an access log. The same system can then use the access log as a template to regulate file access requests made by sandboxed applications. We present an example of how this system was used to place Netscape Navigator in a sandbox.

Diomidis Spinellis | Vassilis Prevelakis

[1] Vipin Chaudhary,et al. History-based access control for mobile code , 1998, CCS '98.

[2] Chris J. Scheiman,et al. Extending the operating system at the user level: the Ufo global file system , 1997 .

[3] Paul A. Karger,et al. Limiting the Damage Potential of Discretionary Trojan Horses , 1987, 1987 IEEE Symposium on Security and Privacy.

[4] Elisa Bertino,et al. A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[5] Karl N. Levitt,et al. Automated detection of vulnerabilities in privileged programs by execution monitoring , 1994, Tenth Annual Computer Security Applications Conference.

[6] Atul Prakash,et al. Building systems that flexibly control downloaded executable context , 1996 .

[7] David A. Wagner,et al. A Secure Environment for Untrusted Helper Applications , 1996, USENIX Security Symposium.

[8] Vipin Chaudhary,et al. History-based access control for mobile code , 1998, CCS '98.

[9] Angelos D. Keromytis,et al. A secure active network environment architecture: realization in SwitchWare , 1998, IEEE Netw..

[10] Angelos D. Keromytis,et al. Implementing a distributed firewall , 2000, CCS.

[11] Ian Goldberg,et al. A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[12] David Mazières,et al. Secure applications need flexible operating systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).