A Flexible Containment Mechanism for Executing Untrusted Code

Citation

• D. Peterson, M. Bishop, and R. Pandey, “A Flexible Containment Mechanism for Executing Untrusted Code,” Proceedings of the 11th USENIX Security Symposium pp. 207–225 (Aug. 2002).

Paper

• PDF
• PS

Bibliographic Information

• BibTeX
• EndNote

Abstract

A widely used technique for securing computer systems is to execute programs inside protection domains that enforce established security policies. These containers, often referred to as sandboxes, come in a variety of forms. Although current sandboxing techniques have individual strengths, they also have limitations that reduce the scope of their applicability. In this paper, we give a detailed analysis of the options available to designers of sandboxing mechanisms. As we discuss the tradeoffs of various design choices, we present a sandboxing facility that combines the strengths of a wide variety of design alternatives. Our design provides a set of simple yet powerful primitives that serve as a flexible, general-purpose framework for confining untrusted programs. As we present our work, we compare and contrast it with the work of others and give preliminary results.

Copyright Notice

The definitive version was published in the Proceedings of the 11th USENIX Security Symposium, Aug. 2002.