Ostia: A Delegating Architecture for Secure System Call Interposition
نویسندگان
چکیده
Application sandboxes provide restricted execution environments that limit an application’s access to sensitive OS resources. These systems are an increasingly popular method for limiting the impact of a compromise. While a variety of mechanisms for building these systems have been proposed, the most thoroughly implemented and studied are based on system call interposition. Current interpositionbased architectures offer a wide variety of properties that make them an attractive approach for building sandboxing systems. Unfortunately, these architectures also possess several critical properties that make their implementation error prone and limit their functionality. We present a study of Ostia, a sandboxing system we have developed that relies on a “delegating” architecture which overcomes many of the limitations of today’s sandboxing systems. We compare this delegating architecture to the “filtering” architecture commonly used for sandboxes today. We present the salient features of each architecture and examine the design choices that significantly impact security, compatibility, flexibility, deployability, and performance in this class of system.
منابع مشابه
Slic : Secure Loadable Interposition
This paper presents a method for extending operating system functionality in a way that is secure, eecient, simple, requires no kernel source changes, and is compatible with existing application binaries. Our approach is to enable extensions of the system call interface by loading a device driver into the kernel that redirects system calls to extension code running either in the kernel or in a ...
متن کاملSecurity Enforcement in the DOK Federated Database System
The Distributed Object Kernel (DOK) is a federated database system currently under development at the Royal Melbourne Institute of Technology. One of the issues currently under study is the development of a federated access control, as well a secure logical architecture allowing the DOK system to enforce federated security policies in the context of autonomous, distributed and heterogeneous dat...
متن کاملPaladin: Helping Programs Help Themselves with System Call Interposition
Today’s programs run in hostile environments. An adversary attacking a running process may radically alter the program’s course of execution. Such attacks will be of little value to the adversary unless he can cause the program to affect the outside world by executing a system call. A fruitful line of research on system call interposition has investigated using security checks on system calls t...
متن کاملA Product Machine Model for Anomaly Detection of Interposition Attacks on Cyber-Physical Systems
In this paper we propose an anomaly intrusion detection model based on shuffle operation and product machines targeting persistent interposition attacks on control systems. These attacks actually are undetectable by the most advanced system call monitors as they issue no system calls and are stealthy enough to transfer control to hijacked library functions without letting their saved instructio...
متن کاملUser-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement
Several new approaches for detecting malicious attacks on computer systems and/or confining untrusted or malicious applications have emerged over the past several years. These techniques often rely on the fact that when a system is attacked from a remote location over a network, damage can ultimately be inflicted only via system calls made by processes running on the target system. This factor ...
متن کامل