Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2007
IEEE
2007
IEEE
Quarantining Untrusted Entities: Dynamic Sandboxing Using LEAP
Jails, Sandboxes and other isolation mechanisms limit the damage from untrusted programs by reducing a process’s privileges to the minimum. Sandboxing is designed to thwart such threats as (1) a program created by an attacker or (2) an input crafted to exploit a security vulnerability in a program. Examples of the later include input containing interpreted code or machine language to be injected via a buffer overflow. Traditionally, sandboxes are created by an invoking process. This is effective for (1) but only partially so for (2). For example, when a file is downloaded by a browser or processed as a mail attachment, the invoking process can sandbox it. However, sandboxing protections can be circumvented when the file is copied outside the sandbox. The problem is that traditional sandboxes do not provide complete mediation. We introduce dynamic sandboxes, and show how even when data is saved and/or copied, sandboxing protections are not lost. In addition, and in contrast to tra...
Real-time Traffic| Added | 02 Jun 2010 |
| Updated | 02 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | ACSAC |
| Authors | Manigandan Radhakrishnan, Jon A. Solworth |
Comments (0)
Researcher Info
|
