Name
Abstract | ||
|---|---|---|
Application sandboxes provide restricted execution en- vironments that limit an application's access to sensitive OS resources. These systems are an increasingly popular method for limiting the impact of a compromise. While a variety of mechanisms for building these systems have been proposed, the most thoroughly implemented and studied are based on system call interposition. Current interposition- based architectures offer a wide variety of properties that make them an attractive approach for building sandbox- ing systems. Unfortunately, these architectures also possess several critical properties that make their implementation error prone and limit their functionality. We present a study of Ostia, a sandboxing system we have developed that relies on a "delegating" architecture which overcomes many of the limitations of today's sand- boxing systems. We compare this delegating architecture to the "filtering" architecture commonly used for sandboxes today. We present the salient features of each architecture and examine the design choices that significantly impact se- curity, compatibility, flexibility, deployability, and perfor- mance in this class of system. |
Year | Venue | Field |
|---|---|---|
2004 | NDSS | Sandbox (computer security),Architecture,Computer science,Computer security,Filter (signal processing),System call,Compromise,Delegation,Limiting,Salient |
DocType | Citations | PageRank |
Conference | 83 | 4.77 |
References | Authors | |
19 | 3 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Tal Garfinkel | 1 | 2008 | 171.66 |
| Ben Pfaff | 2 | 2396 | 240.10 |
| Mendel Rosenblum | 3 | 4129 | 572.54 |