You are here
A Secure Environment for Untrusted Helper Applications
Ian Goldberg, David Wagner, Randi Thomas, and Eric Brewer, University of California, Berkeley
Many popular programs, such as Netscape, use untrusted helper applications to process data from the network. Unfortunately, the unauthenticated net- work data they interpret could well have been created by an adversary, and the helper applications are usually too complex to be bug-free. This raises signicant security concerns. Therefore, it is desirable to create a secure environment to contain untrusted helper applications. We propose to reduce the risk of a security breach by restricting the program's access to the operating system. In particular, we intercept and lter dangerous system calls via the Solaris process tracing facility. This enabled us to build a simple, clean, user-mode implementation of a secure environment for untrusted helper applications. Our implementation has negligible performance impact, and can protect pre-existing applications.