Paper Info
Title
StemJail: Dynamic Role Compartmentalization.
Abstract
While users tend to indiscriminately use the same device to address every need, exfiltration of information becomes the end game of attackers. Average users need realistic and practical solutions to enable them to mitigate the consequences of a security breach in terms of data leakage. We present StemJail, an open-source security solution to isolate groups of processes pertaining to the same activity into an environment exposing only the relevant subset of user data. At the heart of our solution lies dynamic activity discovery, allowing seamless integration of StemJail into the user workflow. Our userland access control framework only relies on the ability of user to organize data in directories. Thus, it is easily configurable and requires very little user interaction once set up. Moreover, StemJail is designed to run without intrusive changes to the system and to be configured and used by any unprivileged user thanks to the Linux user namespaces.
Year
DOI
Venue
2016
10.1145/2897845.2897912
AsiaCCS
Keywords
Field
DocType
compartmentalization, dynamic policy, role, user activity, sandbox, Linux, namespaces
Sandbox (computer security),Computer security,Computer science,Access control,Workflow
Conference
Citations 
PageRank 
References 
0
0.34
10
Authors
3
Name
Order
Citations
PageRank
Mickaël Salaün140.76
Marion Daubignard2543.79
Hervé Debar31238120.68