Title :
Speculative security checks in sandboxing systems
Author :
Oyama, Yoshihiro ; Onoue, Koichi ; Yonezawa, Akinori
Author_Institution :
Tokyo Univ., Japan
Abstract :
Sandboxing systems are extremely useful for secure execution of untrusted applications. Many of the sandboxing systems proposed so far provide security by intercepting system calls invoked by an application and controlling their execution. However, a problem in existing sandboxing systems is the amount of overhead required for security checks performed after system call interceptions. In this paper, we propose a sandboxing system that executes speculative security checks. The proposed system predicts the behavior of a sandboxed application and executes speculative security checks in parallel with the application, thus reducing the overhead. Behavior is predicted based on system call profiles in past executions of the application. We implemented the system on Linux and made a preliminary evaluation.
Keywords :
Linux; parallel programming; security of data; Linux; sandboxing system; speculative security check; Control systems; Internet; Intrusion detection; Invasive software; Kernel; Linux; Operating systems; Resource virtualization; Resumes; Security;
Conference_Titel :
Parallel and Distributed Processing Symposium, 2005. Proceedings. 19th IEEE International
Print_ISBN :
0-7695-2312-9
DOI :
10.1109/IPDPS.2005.408
