Sciweavers

EUROSYS
2008
ACM

Application-level isolation and recovery with solitude

14 years 9 months ago
Application-level isolation and recovery with solitude
When computer systems are compromised by an attack, it is difficult to determine the precise extent of the damage caused by the attack because the state changes made by an attacker and those made by regular users can be closely intertwined. This problem occurs due to implicit sharing in operating systems, and it can be especially severe for persistent state. In particular, the file system provides a single namespace that when compromised can have cascading effects on the entire system, making intrusion analysis and recovery a time-consuming and error-prone process. In this paper, we present Solitude, an application-level isolation and recovery system that is designed to both limit the effects of attacks and simplify the post-intrusion recovery process. Solitude uses a copy-on-write filesystem to provide a transparent, restricted privilege isolation environment for running untrusted applications, and it uses an explicit file sharing mechanism across the isolation environments that ...
Shvetank Jain, Fareha Shafique, Vladan Djeric, Ash
Added 10 Mar 2010
Updated 10 Mar 2010
Type Conference
Year 2008
Where EUROSYS
Authors Shvetank Jain, Fareha Shafique, Vladan Djeric, Ashvin Goel
Comments (0)