Sciweavers

ACSAC
2007
IEEE

Quarantining Untrusted Entities: Dynamic Sandboxing Using LEAP

14 years 7 months ago
Quarantining Untrusted Entities: Dynamic Sandboxing Using LEAP
Jails, Sandboxes and other isolation mechanisms limit the damage from untrusted programs by reducing a process’s privileges to the minimum. Sandboxing is designed to thwart such threats as (1) a program created by an attacker or (2) an input crafted to exploit a security vulnerability in a program. Examples of the later include input containing interpreted code or machine language to be injected via a buffer overflow. Traditionally, sandboxes are created by an invoking process. This is effective for (1) but only partially so for (2). For example, when a file is downloaded by a browser or processed as a mail attachment, the invoking process can sandbox it. However, sandboxing protections can be circumvented when the file is copied outside the sandbox. The problem is that traditional sandboxes do not provide complete mediation. We introduce dynamic sandboxes, and show how even when data is saved and/or copied, sandboxing protections are not lost. In addition, and in contrast to tra...
Manigandan Radhakrishnan, Jon A. Solworth
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where ACSAC
Authors Manigandan Radhakrishnan, Jon A. Solworth
Comments (0)