Skip to main content
Conference Proceedings

A sandbox with a dynamic policy based on execution contexts of applications

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2007) 4846 LNCS 297-311
DOI: 10.1007/978-3-540-76929-3_28
4Citations
Citations of this article
2Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We propose a sandbox system that dynamically changes its behavior according to the application's execution context. Our system allows users to give different policies, each of which specifies permitted system calls, depending on the user functions in which the target application is executing. The target application can be given less privilege than would be possible with other single-policy sandbox systems. We implemented the sandbox by using LKM (Loadable Kernel Module) of Linux that intercepts the system call issued by the application process. We experimentally demonstrated the effectiveness of the sandbox. © Springer-Verlag Berlin Heidelberg 2007.

Cite

CITATION STYLE

APA

Shioya, T., Oyama, Y., & Iwasaki, H. (2007). A sandbox with a dynamic policy based on execution contexts of applications. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4846 LNCS, pp. 297–311). Springer Verlag. https://doi.org/10.1007/978-3-540-76929-3_28

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free