Sandboxing systems are extremely useful for secure execution of untrusted applications. Many of the sandboxing systems proposed so far provide security by intercepting system call...
Users frequently have to choose between functionality and security. When running popular Web browsers or email clients, they frequently find themselves turning off features such a...
Capsicum is a lightweight operating system capability and sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, rather than replaces, UNIX APIs, providing new ke...
Robert N. M. Watson, Jonathan Anderson, Ben Laurie...
Comparing the system call sequence of a network application against a sandboxing policy is a popular approach to detecting control-hijacking attack, in which the attacker exploits...
The systrace system-call interposition mechanism has become a popular method for containing untrusted code through program-specific policies enforced by user-level daemons. We desc...