A Sandbox with a Dynamic Policy Based on Execution Contexts of Applications

Shioya, Tomohiro; Oyama, Yoshihiro; Iwasaki, Hideya

doi:10.1007/978-3-540-76929-3_28

Cited by 4 publications

(1 citation statement)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sandboxing can be used to improve security of file access [10], analyze malicious codes [11], make sure the data written with no sensitive information [12], etc. Many studies have improved the traditional sandbox toward dissimilar emphases: sandbox executing speculative security checks [13], sandbox with a dynamic policy [14], dynamic sandbox quarantining untrusted entities [15], etc.…”

Section: B Sandboxmentioning

confidence: 99%

Detection and Classification of Non-self Based on System Call Related to Security

Li¹,

Li²,

Li³

2009

JCP

View full text Add to dashboard Cite

Based on the immune mechanism, we present a computer system security model used to detect and classify non-self, which overcomes some drawbacks of traditional computer immune system based on system call: the large number of system calls intercepted, the loss of useful information owing to paying no attention to the arguments of system calls, distinction between self and non-self just by rule matching, etc. We introduce the process of non-self detection and classification based on rule and Sandbox further distinguishing the process of unknown type, based on the definition of system call related to security and event related to security. We resolve the problem of traditional sandbox system: the unreliability and insecurity of process and the display of process behavior incompletely caused by denying the execution of a system call. Experimental results verify the effectiveness of distinguishing non-self and its class based on system call related to security, and show that our model can detect non-self in Sandbox which is unknown type by rule matching without imposing heavy performance impact upon operating system.

show abstract