David A. Wagner

EECS Department, University of California, Berkeley

Technical Report No. UCB/CSD-99-1056

, 1999

http://www2.eecs.berkeley.edu/Pubs/TechRpts/1999/CSD-99-1056.pdf

Security is a serious concern on today's computer networks. Many applications are not very good at resisting attack, and our operating systems are not very good at preventing the spread of any intrusions that may result. In this thesis, we propose to manage the risk of a security breach by confining these untrusted (and untrustworthy) applications in a carefully sanitized space. We design a secure environment for confinement of untrusted applications by restricting the program's access to the operating system. In our prototype implementation, we intercept and filter dangerous system calls via the Solaris process tracing facility. This enables us to build a simple, clean, user-mode mechanism for confining untrusted applications. Our implementation has negligible performance impact, and can protect pre-existing legacy code.


BibTeX citation:

@techreport{Wagner:CSD-99-1056,
    Author= {Wagner, David A.},
    Title= {Janus: an Approach for Confinement of Untrusted Applications},
    Year= {1999},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/1999/5271.html},
    Number= {UCB/CSD-99-1056},
    Abstract= {Security is a serious concern on today's computer networks. Many applications are not very good at resisting attack, and our operating systems are not very good at preventing the spread of any intrusions that may result. In this thesis, we propose to manage the risk of a security breach by confining these untrusted (and untrustworthy) applications in a carefully sanitized space. We design a secure environment for confinement of untrusted applications by restricting the program's access to the operating system. In our prototype implementation, we intercept and filter dangerous system calls via the Solaris process tracing facility. This enables us to build a simple, clean, user-mode mechanism for confining untrusted applications. Our implementation has negligible performance impact, and can protect pre-existing legacy code.},
}

EndNote citation:

%0 Report
%A Wagner, David A. 
%T Janus: an Approach for Confinement of Untrusted Applications
%I EECS Department, University of California, Berkeley
%D 1999
%@ UCB/CSD-99-1056
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/1999/5271.html
%F Wagner:CSD-99-1056