Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
NDSS
2003
IEEE
2003
IEEE
Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools
System call interposition is a powerful method for regulating and monitoring application behavior. In recent years, a wide variety of security tools have been developed that use this technique. This approach brings with it a host of pitfalls for the unwary implementer that if overlooked can allow his tool to be easily circumvented. To shed light on these problems, we present the lessons we learned in the course of several design and implementation cycles with our own system call interposition-based sandboxing tool. We first present some of the problems and pitfalls we encountered, including incorrectly replicating OS semantics, overlooking indirect paths to resources, race conditions, incorrectly subsetting a complex interface, and side effects of denying system calls. We then present some practical solutions to these problems, and provide general principles for avoiding the difficulties we encountered.
Real-time TrafficComputer Networks | Interposition-based Sandboxing Tool | NDSS 2003 | Powerful Method | Unwary Implementer |
| Added | 05 Jul 2010 |
| Updated | 05 Jul 2010 |
| Type | Conference |
| Year | 2003 |
| Where | NDSS |
| Authors | Tal Garfinkel |
Comments (0)
Researcher Info
|
