Quarantining Untrusted Entities: Dynamic Sandboxing Using LEAP

Radhakrishnan, M.; Solworth, Jon A.

doi:10.1109/acsac.2007.46

Cited by 6 publications

(2 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sandboxes such as [27] and [29] generate a model to represent the sequence of system calls a program makes, and then if the program deviates from the model it prevents the action. Sandboxes such as [16], [28], and [43] extend this approach to not only look at the system calls a program makes, but to look at the effect they produce, such as the actions they take on files and registry keys; similarly, [38] extends this approach to dynamically sandbox programs based on the data, and source of the data, they access. Other research efforts go as far as running device drivers in a virtualized environment to improve system security and reliability [49].…”

Section: Related Workmentioning

confidence: 99%

Magnesium Object Manager Sandbox, A More Effective Sandbox Method for Windows 7

Gilligan¹

2012

View full text Add to dashboard Cite

Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number.

show abstract

Section: Related Workmentioning

confidence: 99%

Magnesium Object Manager Sandbox, A More Effective Sandbox Method for Windows 7

Gilligan¹

2012

View full text Add to dashboard Cite

show abstract

“…Sandboxing can be used to improve security of file access [10], analyze malicious codes [11], make sure the data written with no sensitive information [12], etc. Many studies have improved the traditional sandbox toward dissimilar emphases: sandbox executing speculative security checks [13], sandbox with a dynamic policy [14], dynamic sandbox quarantining untrusted entities [15], etc.…”

Section: B Sandboxmentioning

confidence: 99%

Detection and Classification of Non-self Based on System Call Related to Security

Li¹,

Li²,

Li³

2009

JCP

View full text Add to dashboard Cite

Based on the immune mechanism, we present a computer system security model used to detect and classify non-self, which overcomes some drawbacks of traditional computer immune system based on system call: the large number of system calls intercepted, the loss of useful information owing to paying no attention to the arguments of system calls, distinction between self and non-self just by rule matching, etc. We introduce the process of non-self detection and classification based on rule and Sandbox further distinguishing the process of unknown type, based on the definition of system call related to security and event related to security. We resolve the problem of traditional sandbox system: the unreliability and insecurity of process and the display of process behavior incompletely caused by denying the execution of a system call. Experimental results verify the effectiveness of distinguishing non-self and its class based on system call related to security, and show that our model can detect non-self in Sandbox which is unknown type by rule matching without imposing heavy performance impact upon operating system.

show abstract