Abstract
Sandboxing is one of the most promising technologies for safely executing potentially malicious applications, and it is becoming an indispensable functionality of modern computer systems. Nevertheless, traditional operating systems provide no special support for sandboxing; a sandbox system is either built in the user level, or directly encoded in the kernel level. In the user-level implementation, sandbox systems are implemented by using support for debuggers, and the resulting systems are unacceptably slow. In the kernel-level implementation, users are obliged to use a specific sandbox system. However, users should be able to choose an appropriate sandbox system depending on target applications, because sandbox systems are usually designed for specific classes of applications. This paper presents a generic framework on top of which various sandbox systems can be implemented easily and efficiently. The presented framework has three advantages. First, users can selectively use the appropriate sandbox systems depending on the target applications. Second, the resulting sandbox systems are efficient enough and the performance is comparable to that of kernel-implemented sandbox systems. Finally, a wide range of sandbox systems can be implemented in the user level, thereby facilitating the introduction of new sandboxing systems in the user level. The presented framework is based on the mechanism of fine-grained protection domains that have been previously proposed by the authors.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Massimo Bernaschi, Emanuele Gabrielli, and LuigiV. Mancini. Remus:A security-enhanced operating system. ACMTransactions on Information and System Security (TISSEC), 5(1):36–61, 2002.
Crispin Cowan, Steve Beattie, Greg Kroah-Hartman, Calton Pu, Perry Wagle, and Virgil Gligor. SubDomain: Parsimonious server security. In Proc. of the 14th Systems Administration Conference, pages 355–367, December 2000.
Poul-Henning Kamp and Robert N. M. Watson. Jails: Confining the omnipotent root. In Proc. of the2nd International System Administration and Networking Conference (SANE), 2000.
Lee Badger, Daniel F. Sterne, David L. Sherman, Kenneth M. Walker, and Sheila A. Haghighat. A domain and type enforcement UNIX prototype. In Proc. of the 5th USENIX UNIX Security Symposium, June 1995.
Andrew Berman, Virgil Bourassa, and Erik Selberg. TRON: Process-specific file protection for the UNIX operating system. In Proc. of the USENIX Winter 1995 Technical Conference, pages 165–175, January 1995.
Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer. A secure enviroment for untrusted helper applications. In Proc. of the 6th USENIX Security Symposium, July 1996.
Anurag Acharya and Mandar Raje. MAPbox: Using parameterized behavior classes to confine untrusted applications. In Proc. of the 9th USENIX Security Symposium, August 2000.
Lincoln D. Stein. SBOX: Put CGI scripts in a box. In Proc. of the 1999 USENIX Annual Technical Conference, June 1999.
Albert Alexandrov, Paul Kmiec, and Klaus Schauser. Consh: Confined execution environment for internet computations. Available at http://www.cs.ucsb.edu/ berto/papers/99-usenixconsh. ps, 1998.
K. Jain and R. Sekar. User-level infrastructure for system call interposition: A platform for intrusion detection and confinement. In Proc. of the ISOC Network and Distributed Security Symposium (NSDD’ 00), pages 19–34, 2000.
Masahiko Takahashi, Kenji Kono, and Takashi Masuda. Efficient kernel support of finegrained protection domains for mobile code. In Proc. of the 19th IEEE International Conference on Distributed Computing Systems (ICDCS’ 99), pages 64–73, May 1999.
Takahiro Shinagawa, Kenji Kono, and Takashi Masuda. Exploiting segmentation mechanism for protecting against malicious mobile code. Technical Report 00-02, Department of Information Science, Faculty of Science, University of Tokyo, May 2000. An extended version of [15].
Takahiro Shinagawa, Kenji Kono, Masahiko Takahashi, and Takashi Masuda. Kernel support of fine-grained protection domains for extention components. Journal of Information Processing Society of Japan, 40(6):2596–2606, June 1999. in japanese.
David S. Peterson, Matt Bishop, and Raju Pandey. A flexible containment mechanism for executing untrusted code. In Proc. of the 11th USENIX Security Symposium, pages 207–225, August 2002.
Menlo Park and SPARC International. The SPARC Architecture Manual Version 8. Prentice Hall, 1992. ISBN 0-13-825001-4.
Richard L. Sites and Richard T. Witek. Alpha AXP Architecture Reference Manual. Digital Press, 1995. ISBN 1-55558-145-5.
Kenneth M. Walker, Daniel F. Sterne, M. Lee Badger, Michael J. Petkac, David L. Shermann, and Karen A. Oostendorp. Confining root programs with domain and type enforcement (DTE). In Proc. of the 6th USENIX Security Symposium, July 1996.
Timothy Fraser, Lee Badger, and Mark Feldman. Hardening COTS software with generic software wrappers. In Proc. of the IEEE Symposium on Security and Privacy, pages 2–16, 1999.
Terrence Mitchem, Raymond Lu, and Richard O'Brien. Using kernel hypervisors to secure applications. In Proc. of the 13th Annual Computer Security Applications Conference (ACSAC’ 97), pages 175–182, December 1997.
Chris Wright, Crispin Cowan, James Morris, Stephen Smalley, and Greg Kroah-Hartman. Linux security modules: General security support for the linux kernel. In Proc. of the 11th USENIX Security Symposium, August 2002.
Java Team, James Gosling, Bill Joy, and Guy Steele. The Java[tm] Language Specification. AddisonWesley Longman, 1996. ISBN 0-201-6345-1.
Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. Efficient softwarebased fault isolation. In Proc. of the 14th ACM Symposium on Operating Systems Principles (SOSP’ 93), pages 203–216, December 1993.
George C. Necula and Peter Lee. Safe kernel extensions without runtime checking. In Proc. of the 2nd Symposium on Operating Systems Design and Implementation (OSDI’ 96), pages 229–243, October 1996.
Tzi-cker Chiueh, Ganesh Venkitachalam, and Prashant Pradhan. Integrating segmentation and paging protection for safe, efficient and transparent software extensions. In Proc. of the 17th ACM Symposium on Operating Systems Principles (SOSP’ 99), pages 140–153, December 1999.
Arindam Banerji, John Michael Tracey, and David L. Cohn. Protected Shared Libraries-A New Approach to Modularity and Sharing. In Proc. of the 1997 USENIX Annual Technical Conference, pages 59–75, October 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shinagawa, T., Kono, K., Masuda, T. (2003). Flexible and Efficient Sandboxing Based on Fine-Grained Protection Domains. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds) Software Security — Theories and Systems. ISSS 2002. Lecture Notes in Computer Science, vol 2609. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36532-X_11
Download citation
DOI: https://doi.org/10.1007/3-540-36532-X_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00708-1
Online ISBN: 978-3-540-36532-7
eBook Packages: Springer Book Archive