Speculative Security Checks in Sandboxing Systems

Denver, Colorado April 04-April 08

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/IPDPS.2005.408

19th IEEE International Parallel and ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Yoshihiro Oyama Articles by Koichi Onoue Articles by Akinori Yonezawa

	ASCII Text	x
	Yoshihiro Oyama, Koichi Onoue, Akinori Yonezawa, "Speculative Security Checks in Sandboxing Systems," Parallel and Distributed Processing Symposium, International, vol. 18, pp. 293b, 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17, 2005.

	BibTex	x
	@article{ 10.1109/IPDPS.2005.408, author = {Yoshihiro Oyama and Koichi Onoue and Akinori Yonezawa}, title = {Speculative Security Checks in Sandboxing Systems}, journal ={Parallel and Distributed Processing Symposium, International}, volume = {18}, year = {2005}, issn = {1530-2075}, pages = {293b}, doi = {http://doi.ieeecomputersociety.org/10.1109/IPDPS.2005.408}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Parallel and Distributed Processing Symposium, International TI - Speculative Security Checks in Sandboxing Systems SN - 1530-2075 SP EP A1 - Yoshihiro Oyama, A1 - Koichi Onoue, A1 - Akinori Yonezawa, PY - 2005 KW - null VL - 18 JA - Parallel and Distributed Processing Symposium, International ER -

Yoshihiro Oyama, The University of Tokyo

Koichi Onoue, The University of Tokyo

Akinori Yonezawa, The University of Tokyo

Sandboxing systems are extremely useful for secure execution of untrusted applications. Many of the sandboxing systems proposed so far provide security by intercepting system calls invoked by an application and controlling their execution. However, a problem in existing sandboxing systems is the amount of overhead required for security checks performed after system call interceptions. In this paper, we propose a sandboxing system that executes speculative security checks. The proposed system predicts the behavior of a sandboxed application and executes speculative security checks in parallel with the application, thus reducing the overhead. Behavior is predicted based on system call profiles in past executions of the application. We implemented the system on Linux and made a preliminary evaluation.

Citation:

Yoshihiro Oyama, Koichi Onoue, Akinori Yonezawa, "Speculative Security Checks in Sandboxing Systems," ipdps, vol. 18, pp.293b, 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17, 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.