Flexible and Efficient Sandboxing Based on Fine-Grained Protection Domains

Sandboxing is one of the most promising technologies for safely executing potentially malicious applications, and it is becoming an indispensable functionality of modern computer systems. Nevertheless, traditional operating systems provide no special support for sandboxing; a sandbox system is either built in the user level, or directly encoded in the kernel level. In the user-level implementation, sandbox systems are implemented by using support for debuggers, and the resulting systems are unacceptably slow. In the kernel-level implementation, users are obliged to use a specific sandbox system. However, users should be able to choose an appropriate sandbox system depending on target applications, because sandbox systems are usually designed for specific classes of applications. This paper presents a generic framework on top of which various sandbox systems can be implemented easily and efficiently. The presented framework has three advantages. First, users can selectively use the appropriate sandbox systems depending on the target applications. Second, the resulting sandbox systems are efficient enough and the performance is comparable to that of kernelimplemented sandbox systems. Finally, a wide range of sandbox systems can be implemented in the user level, thereby facilitating the introduction of new sandboxing systems in the user level. The presented framework is based on the mechanism of fine-grained protection domains that have been previously proposed by the authors.