We propose a sandbox system that dynamically changes its behavior according to the application's execution context. Our system allows users to give different policies, each of which specifies permitted system calls, depending on the user functions in which the target application is executing. The target application can be given less privilege than would be possible with other single-policy sandbox systems. We implemented the sandbox by using LKM (Loadable Kernel Module) of Linux that intercepts the system call issued by the application process. We experimentally demonstrated the effectiveness of the sandbox. © Springer-Verlag Berlin Heidelberg 2007.
CITATION STYLE
Shioya, T., Oyama, Y., & Iwasaki, H. (2007). A sandbox with a dynamic policy based on execution contexts of applications. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4846 LNCS, pp. 297–311). Springer Verlag. https://doi.org/10.1007/978-3-540-76929-3_28
Mendeley helps you to discover research relevant for your work.