Sciweavers

USENIX
2001

Sandboxing Applications

14 years 28 days ago
Sandboxing Applications
Users frequently have to choose between functionality and security. When running popular Web browsers or email clients, they frequently find themselves turning off features such as JavaScript, only to switch them back on in order to view a certain site or read a particular message. Users of Unix (or similar) systems can construct a sandbox where such programs execute in a restricted environment. Creating such a sandbox is not trivial; one has to determine what files or services to place within the sandbox to facilitate the execution of the application. In this paper we describe a portable system that tracks the file requests made by applications creating an access log. The same system can then use the access log as a template to regulate file access requests made by sandboxed applications. We present an example of how this system was used to place Netscape Navigator in a sandbox.
Vassilis Prevelakis, Diomidis Spinellis
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2001
Where USENIX
Authors Vassilis Prevelakis, Diomidis Spinellis
Comments (0)