Abstract—Evaluating untrusted computer programs online by executing and testing them real-time has a challenging task of protecting the system integrity and the data confidentiality of the computer host. For the web based services on one of the most popular computer platforms, Linux, we propose three security protection tiers of different complexity and resource cost to incorporate the potentially unsafe application service via a web server. By utilizing a single regular Linux account of a corporate computer, or dual accounts as a combination, or multi-accounts of a dedicated computer, these three protection tiers can offer a trade-off between the simplicity in design and maintenance at the expense of a somewhat reduced security strength, and the more costly implementation and maintenance with a relatively better security strength. The need for such different tiers is especially true for our implemented in-house applications that aim to evaluate programming work automatically by executing the pertinent but untrusted client programs.

Index Terms—Execution protection strategies, execute unsafe programs, program code evaluation, convenience protection trade-off

Cite: Zhuhan Jiang, Jiansheng Huang, and Rezina Akhter, “Protection Tiers and Their Applications for Evaluating Untrusted Code on A Linux-Based Web Server," Journal of Communications, vol. 10, no. 11, pp. 918-925, 2015. Doi: 10.12720/jcm.10.11.918-925