secmodel sandbox : An application sandbox for NetBSD (draft)
نویسنده
چکیده
We introduce a new security model for NetBSD – secmodel sandbox – that allows per-process policies for restricting privileges. Privileges correspond to kauth authorization requests, such as a request to create a socket or read a file, and policies specify the sandbox’s decision: deny, defer, or allow. Processes may apply multiple sandbox policies to themselves, in which case the policies stack, and child processes inherit their parent’s sandbox. Sandbox policies are expressed in Lua, and the evaluation of policies uses NetBSD 7’s experimental inkernel Lua interpreter. As such, policies may express static authorization decisions, or may register Lua functions that secmodel sandbox invokes for a decision.
منابع مشابه
A Self-healing Component Sandbox for Untrustworthy Third Party Code Execution
This paper presents an architecture and implementation of a selfhealing sandbox for the execution of third party code dynamically loaded which may potentially put in risk application stability. By executing code in a fault contained sandbox, no faults are propagated to the trusted part of the application. The sandbox is monitored by a control loop that is able to predict and avoid known types o...
متن کاملPyBox - A Python Sandbox
The application of dynamic malware analysis in order to automate the monitoring of malware behavior has become increasingly important. For this purpose, so-called sandboxes are used. They provide the functionality to execute malware in a secure, controlled environment and observe its activities during runtime. While a variety of sandbox software, such as the GFI Sandbox (formerly CWSandbox) or ...
متن کاملDynSec: On-the-fly Code Rewriting and Repair
Security patches protect an application from discovered vulnerabilities and should be applied as fast as possible. On the other hand, patching the application reduces the availability of the service due to the necessary restart. System administrators need to balance system availability with a potential compromise of system integrity. A dynamic software update mechanism applies security updates ...
متن کاملEnter Sandbox: Android Sandbox Comparison
Expecting the shipment of 1 billion Android devices in 2017, cyber criminals have naturally extended their vicious activities towards Google’s mobile operating system. With an estimated number of 700 new Android applications released every day, keeping control over malware is an increasingly challenging task. In recent years, a vast number of static and dynamic code analysis platforms for analy...
متن کاملSANDBOX: Accessing Scientific Data through Experimentation
In this paper we describe a new interface to scientific databases, the SANDBOX: Scientists Accessing Necessary Data Based On eXperimentation. The SANDBOX is a virtual reality tool allowing an investigator to visualize the contents of a scientific database while retrieving data. As the data in these databases was typically collected through experimentation, an investigator can use the SANDBOX to...
متن کامل