Sciweavers

ACSAC
2006
IEEE

Data Sandboxing: A Technique for Enforcing Confidentiality Policies

14 years 4 months ago
Data Sandboxing: A Technique for Enforcing Confidentiality Policies
When an application reads private / sensitive information and subsequently communicates on an output channel such as a public file or a network connection, how can we ensure that the data written is free of private information? In this paper, we address this question in a practical setting through the use of a technique that we call "data sandboxing" . Essentially, data sandboxing is implemented using the popular technique of system call interposition to mediate output channels used by a program. To distinguish between private and public data, the program is partitioned into two: one that contains all the instructions that handle sensitive data and the other containing the rest of the instructions. This partitioning is performed based on techniques from program slicing. When run together, these two programs collectively replace the original program. To address confidentiality, these programs are sandboxed with different system call interposition based policies. We discuss th...
Tejas Khatiwala, Raj Swaminathan, V. N. Venkatakri
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where ACSAC
Authors Tejas Khatiwala, Raj Swaminathan, V. N. Venkatakrishnan
Comments (0)