Sciweavers

NDSS
2003
IEEE

Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools

14 years 4 months ago
Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools
System call interposition is a powerful method for regulating and monitoring application behavior. In recent years, a wide variety of security tools have been developed that use this technique. This approach brings with it a host of pitfalls for the unwary implementer that if overlooked can allow his tool to be easily circumvented. To shed light on these problems, we present the lessons we learned in the course of several design and implementation cycles with our own system call interposition-based sandboxing tool. We first present some of the problems and pitfalls we encountered, including incorrectly replicating OS semantics, overlooking indirect paths to resources, race conditions, incorrectly subsetting a complex interface, and side effects of denying system calls. We then present some practical solutions to these problems, and provide general principles for avoiding the difficulties we encountered.
Tal Garfinkel
Added 05 Jul 2010
Updated 05 Jul 2010
Type Conference
Year 2003
Where NDSS
Authors Tal Garfinkel
Comments (0)