Recursive Sandboxes: Extending Systrace to Empower Applications

Kurchuk, Aleksey; Keromytis, Angelos D.

doi:10.1007/1-4020-8143-x_31

Cited by 6 publications

(1 citation statement)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recursive sandboxes provides privilege attenuation in the child processes based on calls that the parent makes [27], thus enabling a process to voluntarily give up privileges.…”

Section: Related Workmentioning

confidence: 99%

Quarantining Untrusted Entities: Dynamic Sandboxing Using LEAP

Radhakrishnan

Solworth

2007

Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)

View full text Add to dashboard Cite

Jails, Sandboxes and other isolation mechanisms limit the damage from untrusted programs by reducing a process's privileges to the minimum. Sandboxing is designed to thwart such threats as (1) a program created by an attacker or (2) an input crafted to exploit a security vulnerability in a program. Examples of the later include input containing interpreted code or machine language to be injected via a buffer overflow.Traditionally, sandboxes are created by an invoking process. This is effective for (1) but only partially so for (2). For example, when a file is downloaded by a browser or processed as a mail attachment, the invoking process can sandbox it. However, sandboxing protections can be circumvented when the file is copied outside the sandbox. The problem is that traditional sandboxes do not provide complete mediation.We introduce dynamic sandboxes, and show how even when data is saved and/or copied, sandboxing protections are not lost. In addition, and in contrast to traditional sandbox implementations, dynamic sandboxes are implemented using general purpose access controls. Not only does this provide a more flexible sandbox mechanism, and enable complete mediation, but these same primitives can be used to build other (non-sandbox) authorization policies.

show abstract

“…Recursive sandboxes provides privilege attenuation in the child processes based on calls that the parent makes [27], thus enabling a process to voluntarily give up privileges.…”

Section: Related Workmentioning

confidence: 99%

Quarantining Untrusted Entities: Dynamic Sandboxing Using LEAP

Radhakrishnan

Solworth

2007

Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)

View full text Add to dashboard Cite

show abstract

Towards Stealthy Malware Detection

Stolfo

Wang

Advances in Information Security

View full text Add to dashboard Cite

Malcode can be easily hidden in document files and go undetected by standard technology. We demonstrate this opportunity of stealthy malcode insertion in several experiments using a standard COTS Anti-Virus (AV) scanner. Furthermore, in the case of zero-day malicious exploit code, signature-based AV scanners would fail to detect such malcode even if the scanner knew where to look. We propose the use of statistical binary content analysis of files in order to detect suspicious anomalous file segments that may suggest insertion of malcode. Experiments are performed to determine whether the approach of n-gram analysis may provide useful evidence of a tainted file that would subsequently be subjected to further scrutiny. We further perform tests to determine whether known malcode can be easily distinguished from otherwise "normal" Windows executables, and whether self-encrypted files may be easy to spot. Our goal is to develop an efficient means by static content analysis of detecting suspect infected files. This approach may have value for scanning a large store of collected information, such as a database of shared documents. The preliminary experiments suggest the problem is quite hard requiring new research to detect stealthy malcode.

show abstract

A Sandbox with a Dynamic Policy Based on Execution Contexts of Applications

Shioya¹,

Oyama²,

Iwasaki³

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Recursive Sandboxes: Extending Systrace to Empower Applications

Cited by 6 publications

References 10 publications

Quarantining Untrusted Entities: Dynamic Sandboxing Using LEAP

Quarantining Untrusted Entities: Dynamic Sandboxing Using LEAP

Towards Stealthy Malware Detection

A Sandbox with a Dynamic Policy Based on Execution Contexts of Applications

Contact Info

Product

Resources

About