Preview

Description

Security is a serious concern on today's computer networks. Many applications are not very good at resisting attack, and our operating systems are not very good at preventing the spread of any intrusions that may result. In this thesis, we propose to manage the risk of a security breach by confining these untrusted (and untrustworthy) applications in a carefully sanitized space. We design a secure environment for confinement of untrusted applications by restricting the program's access to the operating system. In our prototype implementation, we intercept and filter dangerous system calls via the Solaris process tracing facility. This enables us to build a simple, clean, user-mode mechanism for confining untrusted applications. Our implementation has negligible performance impact, and can protect pre-existing legacy code.

Details

Files

Actions

Statistics

from
to
Export
Download Full History