DocumentCode
3026643
Title
Speculative security checks in sandboxing systems
Author
Oyama, Yoshihiro ; Onoue, Koichi ; Yonezawa, Akinori
Author_Institution
Tokyo Univ., Japan
fYear
2005
fDate
4-8 April 2005
Abstract
Sandboxing systems are extremely useful for secure execution of untrusted applications. Many of the sandboxing systems proposed so far provide security by intercepting system calls invoked by an application and controlling their execution. However, a problem in existing sandboxing systems is the amount of overhead required for security checks performed after system call interceptions. In this paper, we propose a sandboxing system that executes speculative security checks. The proposed system predicts the behavior of a sandboxed application and executes speculative security checks in parallel with the application, thus reducing the overhead. Behavior is predicted based on system call profiles in past executions of the application. We implemented the system on Linux and made a preliminary evaluation.
Keywords
Linux; parallel programming; security of data; Linux; sandboxing system; speculative security check; Control systems; Internet; Intrusion detection; Invasive software; Kernel; Linux; Operating systems; Resource virtualization; Resumes; Security;
fLanguage
English
Publisher
ieee
Conference_Titel
Parallel and Distributed Processing Symposium, 2005. Proceedings. 19th IEEE International
Print_ISBN
0-7695-2312-9
Type
conf
DOI
10.1109/IPDPS.2005.408
Filename
1420266
Link To Document